Run login script as root

Similar Messages

• Run shell script as root on boot

  Hi!
  I have the need to run a shell script on boot up as root.
  It will not run as any other user because the software that the shell script runs requires root permissions, and I don't use my computer as root. I can't run it at login and use sudo because it would ask for a password and hang.
  How can I have the shell script auto-run at boot (or login) as root?
  Thanks
  Ross

  Hi,
  first of all you can store your shell script anywhere on your system, I prefere the location /usr/local/scripts (this doesn't exist by default).
  Second you have to create a LaunchDeamon script in /Library/LaunchDeamons which execute your shell script at boot as root.
  An example:
  -------------------------snip------------------------
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST
  1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>Label</key>
  <string>YOURIDENTIFIERNAME</string>
  <key>ProgramArguments</key>
  <array>
  <string>/usr/local/scripts/YOUR_SCRIPT.sh</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
  <key>UserName</key>
  <string>ROOT</string>
  <key>GroupName</key>
  <string>WHEEL</string>
  </dict>
  </plist>
  -------------------------snap------------------------
  http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemS tartup/Articles/LaunchOnDemandDaemons.html
  To run a script as root during a user login you can configure a LoginHook. To create a LoginHook login as the relating user and type the following commad:
  sudo defaults write com.apple.loginwindow LoginHook /Path/To/Your/Script
  http://support.apple.com/kb/HT2420
  Hope that helps
  Bye Tom

• [Solved]Run shell script as root on startup

  Hi
  How to start shell script as root on startup?
  When i search online it is all about an rc.local, but I do not have a rc.local, and when I make one myself it does not run the shell script.
  Regards
  Frederik
  Last edited by Fred7109 (2015-05-26 20:13:04)

  Thankyou for the answers, I went into problems so could first answer now. The script is supposed to delete sandboxes I have created with the sandfox script, and also start a new sandbox with sandfox.
  Regards
  Frederik

• [solved] Running a systemd script as root on startup

  Hello,
  I wrote following shell script in order to restart vsftpd when my dynamic wan ip adress changes:
  #!/bin/bash
  oldip=`xxxdyndns.com +short`
  while :
  do
  newip=`dig xxxdyndns.com +short`
  if [ $newip != $oldip ]; then
  echo "renewd ip. new ip: $newip"
  oldip=$newip
  systemctl restart vsftpd.service
  fi
  sleep 5m
  done
  exit 0
  The script needs to be run with root privileges (due to the systemctl restart line).
  I want the script to be run when my system starts, so I thought about writing a systemd service file. Unfortunately, I could not find out how to tell systemd that it shall run the script as root. I'm sure that this is a very novice question, but my board and google search did not tun out to be successful.
  Last edited by vibee (2014-01-16 15:42:02)

  Have you tried a service with
  User=root
  similar to e.g. https://wiki.archlinux.org/index.php/Sy … ces#Gitlab ?
  Last edited by karol (2014-01-16 15:28:37)

• How do I run an app as root at Login?

  Hi,
  I need to run an application as root at login (not startup). The terminal command to do this is:
  sudo -b /Applications/MarcoPolo.app/Contents/MacOS/MarcoPolo
  Is there a way to run "/Applications/MarcoPolo.app/Contents/MacOS/MarcoPolo" as root when a user logs in?

  Perhaps there is a more graceful way to do this using launch daemons (you should ask on the [Unix forum|http://discussions.apple.com/forum.jspa?forumID=735] but the following will work.
  paste the following into Script Editor and save it as an application. Add that application to your login items.
  do shell script "/Applications/MarcoPolo.app/Contents/MacOS/MarcoPolo" user name "your-admin-username" password "your-admin-password" with administrator privileges
  You'll have to enter your admin username and password in the above in open text. This is a clear drawback of course.
  I don't know how to incorporate -b option in this.

• Is it possible to run an application from a user or container login script?

  Is it possible to run an application from a user login script or a container login script?
  A "Force Run" application object works fine if the user's workstation is setup to auto-load "Application Window" or "Application Explorer" but in this case I'd like to run an application when someone does a manual login (ie. they right-click red "N" and choose "Novell Login...")
  Using a User Package's "Scheduled Action Policy" and the Event=Login also does not work when a user logs in manually. This type of Event seems to only apply when the user first logs into the workstation, not at a manual login.
  Thanks,
  Marc

  > Is it possible to run an application from a user login script or a
  container login script?
  Yes, see the documentation:
  http://www.novell.com/documentation/...a/a7q6999.html
  Regards
  Rolf Lidvall
  Swedish Radio (Ltd)

• Login scripts not running with AnyConnect NAM and ISE 1.2

  I am using AnyConnect 3.1 NAM as my 802.1x supplicant for ISE 1.2.  When users log in with EAP Chaining (User and Machine Auth), the login script seems hit or miss on if it runs to map their drives.  If I uninstall the NAM client, they map drives every time.  I would think that running a login script to map drives is a common scenario and I was wondering if anyone else using AnyConnect NAM was having similar issues or how they were dealing with it.

  I have the same issue and I solve the issue with change these parameters.
  1.- You must change on configuration profile "before user logon". I have 5 seconds
  2.- You must change on configuration profile  "port authentication Exception policy" and you must enable checkbox "enable port exceptions" and select "allow data traffic before authentication"
  3.- You must enable in the option of interface Ethernet Intel on PC "Wait for link" this option It's in "configured advanced of Intel. You must select "on" in this option.
  4.- (this recommendation it was by Cisco) 
  Active Direct GPO has a setting "Computer Configuration\Administrative
  Templates\System\Logon\ Always wait for the network at computer startup and logon" that
  can be enabled to make the logon scripts wait till 802.1x authentication is completed.
  With those changes the logon script run fine.
  Regards
  David.

• Oracle 11gR2 RAC: Running the script root.sh problem

  Folks,
  Hello. I am installing Oracle 11gR2 RAC using 2 Virtual Machines (rac1 and rac2 whose OS are Oracle Linux 5.6) in VMPlayer and according to the tutorial
  http://appsdbaworkshop.blogspot.com/2011/10/11gr2-rac-on-linux-56-using-vmware.html
  I have been installing Grid Infrastructure using runInstaller from step 1 to step 9 of 10 in both VM rac1 and rac2.
  Now, I am running the script root.sh in VM rac1 and rac2 as below:
  [root@rac1 /]# /u01/app/grid/root.sh
  Output:
  CRS-4123: ohasd is starting
  FATAL: Module oracleoks not found
  FATAL: Module oracleadvm not found
  FATAL: Module oracleacfs not found
  ACFS-9121: Failed to detect /dev/asm/.asm_ctl_spec
  ACFS-9310: ADVM/ACFS installation failed.
  ACFS-9311: not all components were detected after installation
  'UpdateNodeList' was successful.
  [root@rac1 /]#
  [root@rac2 /]# /u01/app/grid/root.sh
  Output:
  CRS-4123: ohasd is starting
  FATAL: Module oracleoks not found
  FATAL: Module oracleadvm not found
  FATAL: Module oracleacfs not found
  ACFS-9121: Failed to detect /dev/asm/.asm_ctl_spec
  ACFS-9310: ADVM/ACFS installation failed.
  ACFS-9311: not all components were detected after installation
  Start of resource "ora.asm_init" failed.
  Failed to start ASM.
  Failed to start Oracle Clusterware Stack.
  [root@rac2 /]#
  As we see the output above, rac1 and rac2 get the same problems. in addition, rac2 fails to start ASM and Clusterware stack. Thus, I have 2 questions:
  First, the common problem for rac1 and rac2 :
  1)Module "oracleoks, oracleadvm, oracleacfs" not found
  2)/dev/asm/.asm_ctl_spec not detected
  3)ADVM/ACFS installation failed
  Do the above 3 factors affect Grid and DataBase Installation later ? If yes, how to solve these problems ?
  Second, how to start ASM and Clusterware stack in rac2 ?
  Thanks.

  you have 2 options:
  1. OEL 5.6 comes with 2 kernels, the original Red Hat, and Oracle UEK, you can choose not to use UEK
  or the one i would recommend:
  2. Upgrade Grid Infrastructure,
  *11.2.0.3.1* (patch 13348650, released about a 1 month ago) supports ACFS on UEK (starting with 2.6.32.200 IIRC)

• Run script as root

  I want to uninstall Mono and need to run this script:
  #!/bin/sh -x
  #This script removes Mono from an OS X System. It must be run as root
  rm -r /Library/Frameworks/Mono.framework
  rm -r /Library/Receipts/MonoFramework-*
  for dir in /usr/bin /usr/share/man/man1 /usr/share/man/man3 /usr/share/man/man5; do
  (cd ${dir};
  for i in `ls -al | grep /Library/Frameworks/Mono.framework/ | awk '{print $9}'`; do
  rm ${i}
  done);
  done
  I went http://support.apple.com/kb/HT1528?viewlocale=en_US to enable root, but the script still doesn't work.
  I'm not familiar with Unix commands. Please advise.

  To run a Terminal command as root, just preface the command with sudo.
  Example: sudo rm -r /Library/Frameworks/Mono.framework
  or:
  sudo (hit spacebar, drag script file into Terminal window, press return)
  You have to be logged in to an admin account to use sudo. Authenticate with the admin password after entering the first sudo command.

• Cannot get login script to run

  I have followed instructions in the Apple "User Management" admin guide but get stuck fairly early on because when I run this:
  dscl localhost -read /LDAPv3/myserver.private dsAttrTypeStandard:TrustInformation
  I get nothing in return. I have run this command on different clients with the same result.
  So then I tried to confirm the trust level by doing this and looking at the file loginwindow.plist file and I could see that Full Trust was set.
  I did everything else in the document as well as a couple of other things, but still the login script won't run.
  BTW the login script is very simple and just mount an afp share. Leopard 10.5.7 on client and server.
  Any clues would be greatly appreciated.
  Matt

  Have you checked the 'Computer Name:' in the 'Sharing' System Prefpane? The name cannot contain anything other than numbers or letters (alpha-numeric), this includes the BonJour (.local) name. If, for example, the hostname is set to 'client.domain.tld' in the 'Sharing' System Prefpane, the BonJour name will default to 'client-domain-tld.local'. Neither of those are 'legal' names. you must change theme both to something along these lines, 'ClientDomainTld' and 'clientdomaintld.local'.
  The script 'trust' level defaults to 'Full Trust' on the client but you have to make certain that the settings on the authentication policy on the OD master and the client both match.
  So for a 'Full Trust' relationship you must have:
  Digitally sign all packets (requires Kerberos)
  Block man-in-the-middle attacks (requires Kerberos)
  or the script won't run.

• NCL2 problem: login scripts only run on 2nd login

  This is wierd, but reproduceable. I'm running NCL 2 here
  (Novell_Client_10.2-i386-2007913-CD1.iso) on OpenSuSE 10.2 and have
  found that it only processes the login script correctly the second time
  I log in.
  On the first log in, I get:
  http://www.staff.niu.edu/~a02dag1/pu...-Results-1.png
  If I then log in again, I get:
  http://www.staff.niu.edu/~a02dag1/pu...-Results-2.png
  After that, subsequent log in attempts all work fine. It's just the
  first one that doesn't.
  David Gersic dgersic_@_niu.edu
  I'm tired of receiving rubbish in my mailbox, so the E-mail address is
  munged to foil the junkmail bots. Humans will figure it out on their own.

  >>> On November 15, 2007 at 4:16 PM, in message
  <tz3%i.290$[email protected]>, Rick
  Bousquet<[email protected]> wrote:
  > David Gersic wrote:
  >
  >> This is wierd, but reproduceable. I'm running NCL 2 here
  >> (Novell_Client_10.2-i386-2007913-CD1.iso) on OpenSuSE 10.2 and have
  >> found that it only processes the login script correctly the second time
  >> I log in.
  >>
  >> On the first log in, I get:
  >>
  >> http://www.staff.niu.edu/~a02dag1/pu...-Results-1.png
  >>
  >> If I then log in again, I get:
  >>
  >> http://www.staff.niu.edu/~a02dag1/pu...-Results-2.png
  >>
  >> After that, subsequent log in attempts all work fine. It's just the
  >> first one that doesn't.
  >>
  >>
  >>
  >> David Gersic
  dgersic_@_niu.edu
  >>
  >> I'm tired of receiving rubbish in my mailbox, so the E-mail address is
  >> munged to foil the junkmail bots. Humans will figure it out on their
  own.
  >
  >
  > seeing same here. I wish they had feedback during public beta. I would
  have
  > reported it.
  Strange, my client always seems to run the login script properly, but the
  client on my machine is horrendously slow and no one can tell me why. Have
  you tried grabbing a lantrace from wireshark to see if it shows anything
  obvious? Also, was this client upgraded from previous public betas at all?
  They do have feedback during public betas, you simply use the 'feedback'
  link on the bottom of the beta product page. Its not exactly the most
  obvious way but it is how they want you to do it.
  Rodney

• Applescript: How to run a script once upon logon for multiple users

  I'm deploying a NetRestore image to about 150 Macs which will be using Active Directory and I've designed a custom default user for each new user. However, our system requires a specialized certificate that has to be installed on the local login.keychain for each user otherwise network connectivity is impacted.
  I've tried to use the security command through Terminal to install the certificate, but no matter what combination of commands, I cannot seem to get that to work properly even with an already-created user. While it will often say it's installed, the cert will not actually show up in the login keychain in Keychain Access. And the network connectivity is still impacted.
  So instead, I created a brief AppleScript that just gives the user brief instructions to click "Add" on the prompt for which Keychain to add the cert and then "Always Trust" for the "This cert is not verified" prompt. Then it launches Keychain Access. Originally, I was going to have it actually click the buttons for the user, but I realized trying to get the whole Accessibility apps and assitive devices to work on every new user would be a nightmare.
  I created the script on another 10.9 Mac using Automator to make it an actual application. I've used the instructions in OS X: Using AppleScript with Accessibility and Security features in Mavericks to sign it and I'm using root to move it from its network location into the Applications folder. I've adjusted the permissions to allow all Admin users to r/w (along with everyone else). To the root user, it shows as a usable application, but every other user on the Mac sees it as damaged/incomplete.
  What I want to do is add it to the default Login Items, so I can run the final AppleScript command to simply remove the login items listing. That way I don't need to worry about it running again, but it's still available for the next user to sign onto the deployed Mac.
  I know it's a little convoluted, but this is the final piece to the NetRestore deployment I've been working on for months. Any suggestions on how to make this work (or even a completely different solution) would be greatly appreciated.
  Here was the original shell script in case you're curious.
  #!/bin/bash
  ## Prompt for current user admin for use in Certificate Install
  while :; do # Loop until valid input is entered or Cancel is pressed.
      localpass=$(osascript -e 'Tell application "System Events" to display dialog "Enter your password for Lync Setup:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null)
      if (( $? )); then exit 1; fi  # Abort, if user pressed Cancel.
      localpass=$(echo -n "$localpass" | sed 's/^ *//' | sed 's/ *$//')  # Trim leading and trailing whitespace.
      if [[ -z "$localpass" ]]; then
          # The user left the password field blank.
          osascript -e 'Tell application "System Events" to display alert "You must enter the local user password; please try again." as warning' >/dev/null
          # Continue loop to prompt again.
      else
          # Valid input: exit loop and continue.
          break
      fi
  done
  echo $localpass | sudo security import /'StartupFiles'/bn-virtual.crt ~/Library/Keychain/login.keychain
  osascript -e 'tell Application "System Events" to delete every login item whose name is "LyncCert"
  And this is the AppleScript itself. (I used the \ to make it easier to read. The first line is actually one complete command)
  display dialog "Click OK to start installing Mac Network Certificate." & return & return & \
  "In the following prompts, click the 'Add' then 'Always Trust'." & return & return & \
  After you have clicked 'Always Trust', quit Keychain Access." default button 1 with title \
  "Mac Network Certificate Install"
  activate application "Keychain Access"
  tell application "Finder" to open POSIX file "/StartupFiles/bn-virtualcar.crt"
  tell application "System Events" to delete login item "Lync-AppleScript"
  end
  Thank you for your help!

  I have run into this same issue. Are you trying to run the script one time as a new  user logs in or everytime a user logs in?

• Windows 7 with Login Script from 2008 R2 server Duplicates Drives

  I have a single user that when they login to the domain and their login script runs, it ends up giving them duplicate drives. I can copy the script to another account and not have the issue. I have not tried logging in as the user on another machine yet,
  to see if the error follows the account. Anyone have any thoughts on what might be causing this? I have removed all of the drives from both the command line using
  net use /del *
  An example of the login script is
  net use z: /delete
  net use z: \\servername\sharename
  Its random which drives it will duplicate to.

  Hi Mgibson-TC,
  Can we run this script locally to check what’s the result?
  You can try Ed (DareDevil57)’s suggest first, if this issue persists, we can do some tests to narrow down this root cause.
  Alex Zhao
  TechNet Community Support

• Login Scripts question

  I have cobbled together a script which display a users quota information when logging in. The script works fine and I can get it to run from the login script managed preference set in workgroup manager. The problem I have is that the script is reporting the user as root rather than the login user. My understanding is that login scripts (not loginhooks) run as the login user rather than the root account or is this incorrect? Trust level is set to anonymous at the moment.
  Here is the script so its more clear what im doing:
  #!/bin/sh
  # quotas - displays usage levels on server.
  # get user's short name.
  thisUser=`whoami`
  # get quota from LDAP
  maxSpace=`ldapsearch -h myserver.com -b "dc=myserver,dc=com" -x -LLL uid=$thisUser apple-user-homequota|grep apple|awk {'print $2'}`
  # convert to MB
  maxMegs=`expr $maxSpace / 1024 / 1024`
  maxGigs=`expr $maxSpace / 1024 / 1024 / 1024`
  # Returns user's home directory disk usage in 1024 KB blocks.
  currentSpace=`du -sk ~ | awk '{print $1}'`
  # convert to MB
  currentMegs=`expr $currentSpace / 1024`
  # floating point math for percentage used
  spaceUsed=`echo "scale=2; $currentMegs / $maxMegs" | bc`
  percentUsed=`echo "scale=0; $spaceUsed * 100" | bc | sed -e "s/.00//g"`
  /usr/bin/osascript <<-EOF
  tell application "System Events"
  activate
  display dialog "Disk Usage for user: $thisUser used: $currentMegs Mb max: $maxGigs Gb percent: $percentUsed %"
  end tell
  EOF
  exit

  In the future, please post your Code Snippits between
  ... your code here ...
  That will preserve all your formatting and prevent the forum formatting code from stealing some of your characters.
  And it will make it easy for people to see what you really wrote as your script.
  PS. Why not just use the quota command?
  Message was edited by: BobHarris

• Create text file with login script

  I have a login script (loginhook)
  This line works fine :
  sudo -u $1 defaults -currentHost write com.apple.iWork.Pages FirstRunFlag -bool TRUE
  This line does nothing:
  sudo -u $1 echo "never" >> ~/Library/Preferences/com.adobe.57.ALL.registration
  but it works if I type it in the terminal once I am log in:
  echo "never" >> ~/Library/Preferences/com.adobe.57.ALL.registration
  Any idea what is missing?

  This is what your environment looks like while running a loginhook
  PWD=/
  SHLVL=1
  SECURITYSESSIONID=ceb19270
  _=/usr/bin/printenv
  uid=0(root) gid=0(wheel) groups=0(wheel)
  You might be able to get something like
  eval sudo -u $1 echo "never" >> ~$1/Library/Preferences/com.adobe.57.ALL.registration
  Notice the need for 'eval', however, I would hope you have a more reliable way of getting the desired user's home directory.
  You might also try
  sudo -u $1 echo "never" >> /Users/$1/Library/Preferences/com.adobe.57.ALL.registration
  assuming your user accounts are all in /Users