Login Hook

Does anyone have any experience creating Apple MAC OS X 10.5.6 Login Hook scripts?
I need to create one that maps a users network folder (stored on an Apple Xserve) to the desktop when they log onto a MAC. The Login Hook needs to work for roaming user accounts so that the network folder loads no matter what MAC the user logs onto...

..."unzip com.prefs.zip […]
the original owner is "user:staf" but change to "root:admin""...
Login window hooks run as "root" so when unzipping, the newly expanded files, which by default take the owner of the user performing the unzip, will be owned by "root". Perhaps try 'unzip -X' as one possible option if the original zip was created from files with the intended "user" and "group".
Another possibility is to run '/usr/bin/sudo -u username /usr/bin/unzip'... so that "unzip" is run as the user (and don't forget the $1 option to run as whatever user is logging in, although that fails in some network settings, or at least it did in earlier versions).
Depending on the situation, using a launch agent to run the script might be more appropriate...

Similar Messages

Debugging a non-working login hook

I'm setting up labs in a school, some have 2008 iMacs, 2007 iMacs, 2007 Macbooks and powerbook g4's. I have a new 2008 iMac as my master image and I've set-up a LoginHook in com.apple.loginwindow.plist that runs a script that works just great. It does what I expect it too. I need this LoginHook to work on all the platforms. So far, when I migrate accounts from the iMac 2008 to a Macbook or Powerbook, that LoginHook no longer works. Period.
The com.apple.loginhook.plist copies over, the filesize, permissions and ownerships are the same, the script copies over, permissions and ownerships are the same. I can manually sudo the script and it works. I've added echo statements to an output file in the script, but no output is created.
And I see in the system.log file, in the system where this works, entries for my echo statements like:
Aug 4 10:54:32 "hostname" com.apple.loginwindow[389]: this user is student
which lets me see the script is running.
I don't see mny messages like this on the system that doesn't work.
I've also tried migrating accounts from a machines of the same type (ex: macbook > macbook), but the LoginHook doesn't work.
What is in charge of launching the com.apple.loginwindow.plist? launchd?
Any ideas on why the LoginHook would just conk out like this?

did you make your login hook following these instructions? remember that the loginwindow plist that is used is the one in roots home directory not in /Library/Preferences. That said, I had some problems with login hooks too and never could figure out why mine didn't run so I created a separate launch daemon to run the script i wanted. you can put it in /Library/launchAgents and it will execute whenever anyone logs in. that worked for me.

Yosemite profile manager login hook

Hi. We have recently purchased a Mini running Yosemite server. The server is running profile manager and an open directory server, it is bound to active directory. This is all working, however I would like to roll out a login script for users. I have created this script and it works when run manually, however is there a way to specify this to run via Profile Manager? If the script is located on a server, how can I have a client run this script remotely? I want to push this out automatically so I don't need to go to all the laptops throughout the company. Thanks

If the Login Hook works on your machine, maybe the best way to share the script is using Apple Remote Desktop. But your machines have to be prepared for the remote maintenance.

Portable Home Directories and Login Hooks

We recently switched from Network Home Directories to Portable Home Directories. We used to use login hooks to do all kinds of nifty things to a user's home folder at login, but now it's complicated. I can't figure out at what point in the login+sync process the login hook executes.
If the login hook executes before syncing, then I need to modify the network copy of the home folder, i.e. Network/Servers/servername/.../username. If the login hook executes after syncing, then I need to modify the local copy of the home folder, i.e. /Users/username. Unless I'm mistaken, you can't just use the tilde (~) in the script to denote the path the home folder, so you have to list the path explicitly.
My testing seemed to result in inconsistent behavior. Can anyone give me some guidance?
(Keywords: Loginhook Logouthook Login Script Logout Script Mobility Mobile PHD)

Thank you for the advice, Syth, but I'm already aware of the basics of writing and implementing login and logout hooks. I wrote a lot of them when we were using Network Home Directories. The root of my question has to do with Portable Home Directories and login hooks.
This is a computer lab environment where every user has their own account, network home folder, and "Mobility" preferences set in Workgroup Manager. When a user logs into a lab computer, syncing kicks in and they work from a local copy of their home folder which then syncs to the server at login and logout.
So the core question is: Do login and logout hooks execute before or after login/logout home syncing occurs?
For example, if a user with a brand new network account, i.e. who doesn't even have a network home yet, logs into a computer, what's the order of events? I would hope it would be:
1) server creates network home
2) computer creates local home, i.e. syncs
3) login hook executes
But my testing has been inconsistent. Anyone have any experience or insights to share?

Login hook question

I am trying to use login and logout hooks to mute the speaker after logout and unmute it at login in order to get rid of that startup chime (always wakes up my sleeping roommate). The problem is when I follow the procedures at: http://docs.info.apple.com/article.html?artnum=301446 (i have tried both ways); however it seems as though my scripts are not run, is there something special that I have to do because I am running an Intel version of 10.4.8?
my scripts are as follows:
login.sh:
echo "test" >> /loginScriptHit.txt
osascript -e 'set volume output muted false'
logout.sh:
echo "test" >> /logoutScriptHit.txt
osascript -e 'set volume output muted true'
I know the scripts are not being run because the text files are not being created.
Thanks:
~Xavier

Good to hear you got it working.
If you don't mind me commenting, there are a few borderline security issues with your setup (related to login window hooks running as "root") that might be worth reviewing. In general, for things running as "root", it is good practice to specify the full path to the executable to avoid problems with aliases, functions or ambiguities in the PATH, so eg. using '/usr/bin/osascript' might be better (I'm not sure what to do with the 'echo' since it is a shell "built-in" command, but you could use '/bin/echo' I suppose).
The script, and the output file are both in areas potentially writable without a password. "/Users/Shared" is world writable, and "/" is writable by any admin user, without a password. In both cases, the "sticky bit" will provide some protection, but if the files were to be removed without removing the login hook, someone could potentially substitute their own files - their own script (which would run as "root") or a symbolic link to something important in the case of the output file, which could lead to data loss.
The script itself is writable by the owner (presumably you) without a password so if anyone were to sit down in front of the computer while you weren't looking, they could add their own code (no password required), which would again run as "root".
To exploit any of these issues would require inside knowlege that you have the hooks set up and how (since they are specified in a location that requires "root" access even to read), so it isn't likely that they would ever become a problem, but they might be good to keep in mind as things to avoid. In general, make sure anything that runs as "root" or can influence a process that runs as "root", is kept in a secure area that requires "root" privileges to modify any point on its path, and that any item itself is only modifiable by "root".

Creating a login hook?

I am looking to create a script that runs each time when i log in to my mac.
Although I am stuck at what to write in the script?
I am looking for the script to open 'Safari' (2 tabs if possible) and 'Microsoft Messenger for Mac' at log in.
Any help would be appreciated.
Thanks in advance.

Hello, I can get you 2/3's the way there. Open System Preferences>Accounts then make sure your account is highlighted. Then, above your pic, click on "login Items".
These are the items that will automatically start when you boot. To add Safari and Messenger, click on the "+" in the lower left. Navigate to the Applications folder and choose the apps.
I will have to look at opening two tabs but that will get you started.
Cheers,
Glynn

Newbie trying to setup schoolwide login hook

I don't know if this is the proper setting to ask this question, but here goes...I knew nothing about UNIX until about 2 weeks ago when I was asked by my school district's IT admin to develop a login script to reset each student's dock when they login to a standard setting. He'd finally found a way to use the district's LDAP/eDirectory logins for the Macs through software called Kanaka. I came up with the following script (based on a template off Bombich's site) but it's not working. Does anyone have any hints? Thanks for any possible help! Without this, our admin is threatening to take all Macs off the high school's network...
#!/bin/sh -f
set localAdmin = admin
### Script action ###
# If this is not the admin user...
if ( $1 != $localAdmin ) then
# Replace old Dock with required default Dock
sudo cp -f /Users/Shared/com.apple.dock.plist ~/Library/Preferences/
# Restart the Dock
killall Dock
endif
### Always exit with 0 status
exit 0

All the computers are up to 10.4 (I was surprised!). There are various versions of 10.4 though. The machine I'm developing/debugging on is a G5 dual core with 10.4.5. I don't know if I should try reinstalling the BSD subsystem to make sure the available shells have everything they require--like I said, I'm new at this. I didn't set up the machine I'm working on, but I thought BSD was installed by default, or has to be installed for OS X to work, but I'm not sure. I'm going to try the script at home this weekend on my iMac which has the developer tools, etc., installed to see if that makes any difference.
It appears the script is running because of the short bit of additional time required to login, but nothing in the docks for any of the accounts changes upon successful login.
Also, Bombich's original script had csh at the end of the first intro line to the script instead of just sh for the bash shell. I don't know if this would make any difference in the final outcome.
Again, thanks for all of your help thusfar...I think I even understand almost everything in the script you sent me! Although I can say that high school French seems like it was a lot easier to learn; but then again, that wasn't a timed trial by fire like my intro to UNIX has been!
Damian

Login Hook stops working once I've changed the username

Hello. I need to change the usernames for a number of local accounts on a 10.5.8 mac. The accounts were set up by someone else who is no longer working at this education insitution and hasn't left any documentation. Currently when each user logs on, a script runs that does the following
#!/usr/bin/env bash
# iMac logon script
# get our user
theUser=$1
# get the users home directory
#theUsersHome=$HOME
# Copy the dock plist file for the user
cp /Library/Scripts/GHS/Docks/${theUser}/com.apple.dock.plist /Users/${theUser}/Library/Preferences
# Create a ScreenCaptures folder on the desktop, give it permissions and redirect the screen captures
# Unlock the Desktop folder first in case it is locked
sudo chflags nouchg /Users/${theUser}/Desktop
mkdir /Users/${theUser}/Desktop/ScreenCaptures
sudo chown ${theUser}:staff /Users/${theUser}/Desktop/ScreenCaptures
defaults write com.apple.screencapture location /Users/${theUser}/Desktop/ScreenCaptures
# Create a VideoWork folder on the Desktop and give it permissions
# Unlock the Desktop folder first in case it is locked
sudo chflags nouchg /Users/${theUser}/Desktop
# Remove the old Video Work folder in case it exists
rmdir /Users/${theUser}/Desktop/Video\ Work
mkdir /Users/${theUser}/Desktop/VideoWork
sudo chown ${theUser}:staff /Users/${theUser}/Desktop/VideoWork
# Lock the Desktop, Documents, Movies, Music and Pictures folders
sudo chflags uchg /Users/${theUser}/Desktop
sudo chflags uchg /Users/${theUser}/Documents
sudo chflags uchg /Users/${theUser}/Movies
sudo chflags uchg /Users/${theUser}/Music
sudo chflags uchg /Users/${theUser}/Pictures
However, once I change the users account name, the script doesn't seem to run correctly as the screen captures fail due to not having write permission in the intended destination.
I rename the UserName the ShortName, the HomeDirectory and the folder here /Library/Scripts/GHS/Docks/UserName
The idea is, once I've updated this one mac with all the new accounts, I will then duplicate the image across all the others that we have
I'm very new to this and I'm not sure how much of this works
Thank you very much for any help and I apologise if I've missed out any essential information.

Hi John, not certain I can help here, but...
Add a user from the OS X command line, works with Leopard!
http://osxdaily.com/2007/10/29/how-to-add-a-user-from-the-os-x-command-line-work s-with-leopard/
More...
http://osxdaily.com/2011/05/20/change-short-name-user-mac-os-x/
http://www.macworld.com/article/132693/2008/03/changeshortusername.html

Run a shell script at login?

I would like to run a simple shell script each time a user logs in. Currently, I have it wrapped in an Automator executable that is included in "Login Items", but figured there must be a more elegant way? Thanks.
More info:
The problem I'm trying to solve is that of file permissions when sharing one iTunes and one iPhoto library between multiple users on one computer. The libraries are located in /Users/Shared and the apps were pointed to the relocated libraries by holding down 'Option' on startup. The problem is that work done by each user in the iTunes or iPhoto library inherits the default permission settings of that user, making any new additions to the libraries, read-only to the other users. I'm using `chmod` on login to fix it. Let me know if you know of a better way to address this. Thanks again.

I wrote a simple shell script that executes each time a user logs in (well, actually, each time I log in, coz' it's not really applicable to other users). It syncs my work and home addressbooks and iCal calendars to one another.
I named it "sync". Then I read somewhere that if you wanted to make it double-clickable (to launch it from the Finder), I appended a ".command" filename extension (so it's now named "sync.command"). I also did a chmod 755 to that file so that it had execute privileges. Depending on whether you give each user their own copy of this thing, or keep a single copy in, say, the /Users/Shared directory, you may have to play around with chmod. Whatever, just so long as the user that has just logged in has execute permissions to the file, and to the entire path to the file, you should be good.
Then, in SysPrefs > Accounts > Login Items, I added that "sync.command" file to the list. So, really the only difference is I'm not wrapping mine inside an Automator script like you are.
I had tried adding it to ~/Library/LaunchAgents and make a launchd plist for it, that would kick it off at login. But I didn't get that to work. Don't know why. But just adding the double-clickable executable unix script to the Login Items list did the trick. Whether the plist has to hang out there with it, I don't know. I still have it there, though, in case I ever get motivated to figure out what's wrong with my launchd plist file. So, if just adding it to the Login Items list doesn't do it for you, you could try making a (functional?) launchd plist for it and plopping them both in ~/Library/LaunchAgents, too. That's how I am now, and, like I said, it launches at user login as that user's process (not as a root process like the above referenced article said how login hooks worked -- although, you may want it to run as root since you want this to work with multiple users...in which case, you might want to listen to Cole and not me...).

Can't get login script to work - tried both prefs and tty methods ...

Calling all you script gurus ...
I'm trying to auto-mount a sparse image on login (why? I got my 17" stolen along with the data - i'm using an encrypted image as my document repository now).
I can't get this simple script to run using either method (modifying the LoginWindow plist OR the apple suggested method of adding the section into the /etc/ttys file.
I've tested the script file from the terminal and all works fine.
Any ideas?
Thanks
Paul
MBP 2.1GHz, iBook 12" 1GHz, G3 PowerMac Mac OS X (10.4.6) Stolen Powerbook 17" S# W8505160RJ3 - reward offered

I personally haven't had much success with the '/etc/ttys' method for specifying login hooks either...
On the other hand, the ".plist" method has worked well for me in the past. Just in case you weren't aware, note that the the file for specifying a "login hook" via ".plist" file has changed in "Tiger" compared to "Panther". It was never the "loginwindow.plist", which is used for specifying "Login Items", but rather the "com.apple.loginwindow.plist" file, but unlike "Panther" which used "/Library/Preferences/com.apple.loginwindow.plist" (a security issue for which Apple was rightly criticized), in "Tiger" Apple wisely changed the location to a more secure directory, ie. "/private/var/root/Library/Preferences/com.apple.loginwindow.plist". The current procedures for specifying "login hooks" via ".plist" file can be found in this document:
http://docs.info.apple.com/article.html?artnum=301446
But as far as mounting a disk image is concerned, adding the mounted volume (rather than a script to mount the disk image) to "Login Items" should be sufficient to initiate the mounting process...

Spinning beachball on login/authentication, but only when connected

Since installing a new router (Linksys WRTP54G) and Airport Express (in WDS mode), I get the spinning beachball of death when logging in after sleep, switching users, or authenticating on a wireless iBook G4 (OS X.3.9). I've waited for many minutes, but the beachball doesn't go away. If I turn off Airport, everything works fine. I don't have this problem on my other wireless laptop (Powerbook G4).
Below is an excerpt from the iBook system log in case it's helpful.
Thanks in advance for any help.
Thad
iBook system log excerpt:
Jun 11 09:39:30 localhost /Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access: Couldn't create temp file /Library/Keychains/~asRN8RnnIF6YGvNL: Permission denied
Jun 11 09:40:15 localhost kernel: AirPort: Link DOWN (Client disAssoc 0)
Jun 11 09:40:19 localhost configd[84]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/set-hostna me
Jun 11 09:40:19 localhost configd[84]: posting notification com.apple.system.config.network_change
Jun 11 09:40:19 localhost mach_init[2]: Server 0 in bootstrap d03 uid 0: "/usr/sbin/lookupd": exited as a result of signal 1 [pid 911]
Jun 11 09:40:19 localhost lookupd[936]: lookupd (version 324.13) starting - Sun Jun 11 09:40:19 2006
Jun 11 09:40:20 localhost set-hostname[941]: setting hostname to mac-tpolk07.local
Jun 11 09:40:27 localhost /System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/SecurityAgent: Kerberos authentication result:220; ERR (stderr:Cannot resolve network address for KDC in requested realm (error=-1765328164) )
Jun 11 09:40:28 localhost KeyAccess: local login
Jun 11 09:40:30 localhost /System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/SecurityAgent: Kerberos authentication result:220; ERR (stderr:Cannot resolve network address for KDC in requested realm (error=-1765328164) )
Jun 11 09:40:30 localhost /etc/login.hook[960]: Not using iHook.
Jun 11 09:40:30 localhost KeyAccess: local login
Jun 11 09:40:30 localhost LoginHook: Executing /etc/hooks/LI80.afshomelinks...
Jun 11 09:40:30 localhost LoginHook: Executing /etc/hooks/LI99.email_config...
Jun 11 09:40:33 localhost ConsoleMessage: Starting netOctopus Agent
Jun 11 09:40:35 localhost /System/Library/CoreServices/ARD Agent.app/Contents/MacOS/ARD Agent: ******Launched Agent******
Jun 11 09:40:51 localhost /System/Library/CoreServices/ARD Agent.app/Contents/MacOS/ARD Agent: ******Launched Agent******
Jun 11 09:40:55 localhost /etc/logout.hook[1013]: Not using iHook.
Jun 11 09:40:55 localhost ConsoleMessage: Starting netOctopus Agent
Jun 11 09:40:57 localhost KeyAccess: local login
Jun 11 09:40:59 localhost /System/Library/CoreServices/ARD Agent.app/Contents/MacOS/ARD Agent: ******Launched Agent******
Jun 11 09:41:01 localhost ConsoleMessage: Starting netOctopus Agent
Jun 11 09:41:04 localhost /System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/SecurityAgent: Kerberos authentication result:220; ERR (stderr:Cannot resolve network address for KDC in requested realm (error=-1765328164) )
Jun 11 09:41:05 localhost KeyAccess: local login
Jun 11 09:41:05 localhost KeyAccess: local login
Jun 11 09:41:08 localhost /System/Library/CoreServices/ARD Agent.app/Contents/MacOS/ARD Agent: ******Launched Agent******
Jun 11 09:41:09 localhost ConsoleMessage: Starting netOctopus Agent
Jun 11 09:41:10 localhost kernel: AirPort: Link Active: "Polk Household" - 00145171117d - chan 11
Jun 11 09:41:12 localhost configd[84]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/set-hostna me
Jun 11 09:41:12 localhost configd[84]: posting notification com.apple.system.config.network_change
Jun 11 09:41:12 localhost mach_init[2]: Server 0 in bootstrap d03 uid 0: "/usr/sbin/lookupd": exited as a result of signal 1 [pid 936]
Jun 11 09:41:13 localhost lookupd[1056]: lookupd (version 324.13) starting - Sun Jun 11 09:41:13 2006
Jun 11 09:41:14 localhost set-hostname[1061]: setting hostname to mac-tpolk07
iBook/Powerbook G4 Mac OS X (10.3.9) Linksys WRTP54G router, Airport Express

You might have to update your Airports Firmware and
your OSX.
Thanks for the suggestion. I haven't updated my OS, but I did update the Airport Express firmware (to v6.3). Unfortunately, I still get the spinning beach ball.
Any other thoughts?

After the latest updat to Mavericks 10.9.3, my imac continues to loop back to the login screen...Suggestions??? THANK YOU VERY MUCH!

After the latest updat to Mavericks 10.9.3, my imac continues to loop back to the login screen...Suggestions??? THANK YOU VERY MUCH!

1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. All it does is to collect information about the state of the computer. That information goes nowhere unless you choose to share it. However, you should be cautious about running any kind of program (not just a shell script) at the request of a stranger. If you have doubts, search this site for other discussions in which this procedure has been followed without any report of ill effects. If you can't satisfy yourself that the instructions are safe, don't follow them. Ask for other options.
Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
4. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
5. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
6. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts 51 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports 'com.autodesk.AutoCad com.evenflow.dropbox com.google.GoogleDrive' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 ` route -n get default|awk '/e:/{print $2}' ` 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^$[0-9]+$ /,"");n=$0;getline;} $NF=="'${p[45]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n\t(%s)\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}')printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;5p;6p;8p;12p;' ' {sub(/^ +/,"")};NR==6;NR==13&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ s/ *:$//;x;s/\n//;/Apple|Capacity:|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;};/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;} ' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/:/;END { if(NR<100)print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}')print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR==2'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' ' s/^.{52}//;s/ .+//p ' ' /Launch[AD].+\.plist$/;END{if(NR<100)print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/root/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/;END{if(NR<100)print "/System/"};' '/^\/usr\/lib\/.+dylib$/p' '/\/etc\/(auto_m|hosts[^.]|peri)/s/^\.\/[^/]+//p' ' /\/(Contents\/.+\/Contents|Frameworks)\//d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| ","||kMDItem'${p[35]}'=");sub("^.."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[9]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/ { next;} /%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' /lR/ { if($2<='${p[25]}')print $2;} ' ' BEGIN { FS=":";} $3~/(sh|ng|ic)$/ { n=split($3,a,".");sub(/_2[01].+/,"",$3);b=b"\n"$2" "$3" "a[n]" "$1;c=c$1;} END { d="sort|tail -n'${p[38]}'";print b|d;close(d);if(c)print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"file -b "F|getline T;if(T!~/^(A.+ E.+ text$|POSIX sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ +B/{ s/.+= |(-[0-9]+)?\.s.+//g;p;} ' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' /:/{$0="'"${p[28]}"'"};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil PlistBuddy whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil );c2=(com.apple.loginwindow\ LoginHook '-c Print /L*/P*/loginw*' '-c Print L*/P*/*loginit*' '-c Print L*/Saf*/*/E*.plist' '~ $TMPDIR.. $ -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 $' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' '-c Print\ :'${p[35]}' 2>&1' '-c Print\ :Label 2>&1' '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status "-F '\$Time \$Message' -k Sender kernel -k Message Req 'Beac|caug|dead[^bl]|FAIL|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA$|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:' -o -k Sender fseventsd -k Message Req 'SL'" '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/*/*.{BS,Bas,Es,OSXU,Rem}*.bom' '{/,}L*/Lo*/Diag* -type f \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true $ -execdir stat -f:%Sc:%N -t%F {} \;' '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Compon,Ex,In,iTu,Keyb,Mail/B,P*P,Qu*T,Scripti,Sec,Servi,Spo}* -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto_master,{cron,fs}tab,hosts,{launchd,sysctl}.conf} /usr/local/etc/periodic/*/* .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' );N1=${#c2[@]};for j in {0..8};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP RSSI Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear;};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ test "$v"&&echo "$_";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;A0;{ A2 0 $((N1+1)) 2;C0;A1 0 $N1 1;C0;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D22 0 $((N1+4)) 5 4;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D23 24 24 32 31;D13 25 37 32 33;A1 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;D22 32 31 43 38;D23 20 42 32 41;D23 14 2 48 43;D13 4 5 32 1;D22 4 4 50 0;D13 14 3 49 5;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
7. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
8. If you see an error message in the Terminal window such as "syntax error," enter
exec bash
and press return. Then paste the script again.
9. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
10. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report the results. No harm will be done.
11. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with "Model Identifier." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
12. When you post the results, you might see the message, "You have included content in your post that is not permitted." It means that the forum software has misidentified something in the post as a violation of the rules. If that happens, please post the test results on Pastebin, then post a link here to the page you created.
Note: This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

Best way to run script to copy files on login

I ran the following script last year for the purpoase of copying shortcuts (ex. college webmail, helpdesk, website) to the desktop. I had the shortcuts in a folder on an open share and on login the script would run and copy the shortcuts.
#bin/bash
mkdir /Volumes/scripts
mount -t afp afp://server/scripts /Volumes/scripts
cp -R /Volumes/scripts/desktop_shortcuts/* ~/Desktop
umount /Volumes/scripts
killall Terminal
This allowed me to add or adjust shortcuts so we would never need to handle adding these manually in the image or after lab deployment. Last year I added it to the "Login Itmes" for the user but this year I'd like to have it run from a server. I've had no luck getting this to wrok from a WGM Server or Profile Manager Server. I tried the "Login Hooks" from the serverside and no luck.
I can't seem to find a clear document that tells me what the proper scripting procedure is for Mavericks.
Some posts say used launchd, some say .plist & others applescript.

I ran the following script last year for the purpoase of copying shortcuts (ex. college webmail, helpdesk, website) to the desktop. I had the shortcuts in a folder on an open share and on login the script would run and copy the shortcuts.
#bin/bash
mkdir /Volumes/scripts
mount -t afp afp://server/scripts /Volumes/scripts
cp -R /Volumes/scripts/desktop_shortcuts/* ~/Desktop
umount /Volumes/scripts
killall Terminal
This allowed me to add or adjust shortcuts so we would never need to handle adding these manually in the image or after lab deployment. Last year I added it to the "Login Itmes" for the user but this year I'd like to have it run from a server. I've had no luck getting this to wrok from a WGM Server or Profile Manager Server. I tried the "Login Hooks" from the serverside and no luck.
I can't seem to find a clear document that tells me what the proper scripting procedure is for Mavericks.
Some posts say used launchd, some say .plist & others applescript.

Unable to read MAC address of router at login

I'm using the following bash function to get the MAC address of the current router when logging in. The script works when I run it after logging in but doesn't work from my login hook (running as root). The script fails even after sleeping for 30 seconds prior to running. I know the interface is up because my mail client is finished checking mail by the time the script pings the router runs the arp command. I could run it as a cron job, but I'd like to understand why it fails during login.
<pre style="border: 1px solid #ddd; padding-left: .75ex; padding-top: .25em; padding-bottom: .25em; margin-top: .5em; margin-bottom: .5em; margin-left: 1ex; max-width: 80ex; overflow: auto; font-size: 10px; font-family: Monaco, 'Courier New', Courier, monospace; color: #444; background: #eee; line-height: normal">get_route_mac() {
ip=$(netstat -nrfinet | awk '/^default/{print $2; exit}')
[[ "$ip" = *.*.*.* ]] || return 1
[ ${1:-0} -gt 0 ] && ping -nc$1 $ip 2>&1 >/dev/null
arp -n $ip | sed -n 's/.* at $.*:.*:.*:.*:.*:.*$ on .*/\1/p'
</pre>
The idea is to do certain things when joining different networks. Especially when connected to an unknown network (stolen laptop recovery). I would like to support 10.3.9, so I'm avoiding launchd for now.

PWD=/
SHLVL=1
SECURITYSESSIONID=ceb19270
_=/usr/bin/printenv
uid=0(root) gid=0(wheel) groups=0(wheel)
The script works much better when it can find the required programs. :0)
which netstat awk ping arp sed
/usr/sbin/netstat
/usr/local/bin/awk
/sbin/ping
/usr/sbin/arp
/usr/bin/sed
<pre style="border: 1px solid #ddd; padding-left: .75ex; padding-top: .25em; padding-bottom: .25em; margin-top: .5em; margin-bottom: .5em; margin-left: 1ex; max-width: 80ex; overflow: auto; font-size: 10px; font-family: Monaco, 'Courier New', Courier, monospace; color: #444; background: #eee; line-height: normal">get_route_mac() {
ip=$(/usr/sbin/netstat -nrfinet | /usr/local/bin/awk '/^default/{print $2; exit}')
[[ "$ip" = *.*.*.* ]] || return 1
[ ${1:-0} -gt 0 ] && /sbin/ping -nc$1 $ip 2>&1 >/dev/null
/usr/sbin/arp -n $ip | /usr/bin/sed -n 's/.* at (.*:.*:.*:.*:.*:.*) on .*/ /p'
}</pre>
Thanks for your help, Bob!

Stop network home from being created and shared on login

I have successfully set up a OD server bound to Active Directory. I have the shares set up exactly how I want them - except - I don't want network users to have their home folder automatically created. I am only using AD for authentication and not network home folders. Is there a way for when a user logs in to not have the home folder created on the server and thus preventing it from being shared. I only want the shares that I have specified in the Share Point window to show up.

Hi there,
I bring good tidings .
After some tweeking I've gotten this to work.
Replace [YOURDOMAIN] with the first part of the FQDN, e.g. my.domain.net will make MY.plist
Step 1:
copy /Library/Preferences/OpenDirectory/Configurations/Active Directory/[YOUDORMAIN].plist to your Desktop
Change the permissions so you can edit the plist file (I use Plist Editor pro to edit.)
Step 2:
Find the key:
MCXDockSpecialFolders-Raw
Step 3:
Delete the string under it:
0 AddDockMCXOriginalNetworkHomeFolder
Step 4:
sudo cp [YOURDOMAIN].plist /Library/Preferences/OpenDirectory/Configurations/Active Directory/[YOURDOMAIN].plist
Reboot and watch the magic happen!!
I have been fiddling about with some other settings in this plist, it seems to be very powerfull.
I don't know why apple doesn't make options in the AD Plugin to manage these settings, but then again power = the power to break things.
I still mount the network home drive, but I do it with a login hook so that I have the power.
Hope to have made some people happy, but I bet I have.
It's a pity I don't get points for resolving issues myself, this one would be word many points.

Login Hook

Similar Messages

Maybe you are looking for