One step closer to world domination
Archive for January, 2009
Scripting Login Tasks in Mac OS X
Jan 21st
Recently I wanted to configure some of our lab computers to automatically configure printers when a user logged on. While reading Apple’s documentation to find a solution I learned about the possible ways to script login procedures in Mac OS X 10.5.
Login Hooks
The first method of scripting a login action is the use of a Login Hook. A Login Hook is a script that is executed immediately after the user logs on but before other login processes are performed. The script runs as root and needs to be chmod’d +x to be made executable. This feature has existed in OS X for some time and is handy for some account specific tasks.
To configure OS X to run your script run the following command as root in Terminal:
defaults write com.apple.loginwindow LoginHook /path/to/script
This modifies root’s login window properties in /var/root/Library/Preferences/. In Leopard login hooks do not work in any other user or system-wide com.apple.loginwindow preference file. I’m not sure if they did in previous versions.
More information about LoginHooks can be found on Apple’s developer site.
System Login Items (Deprecated)
SystemLoginItems was an old login script mechanism that has now been deprecated and will be removed in Snow Leopard. Scripts were executed when the Login Window was displayed and ran as root. When a user logged in the script died and was executed again as the user.
In Leopard SystemLoginItems behaves oddly. Applications do not launch upon login, instead they launch when the user logs out and attempt to run behind the Login Window.
Example usage of SystemLoginItems:
defaults write /Library/Preferences/com.apple.SystemLoginItems AutoLaunchedApplicationDictionary -array-add '{ "Path" = "/path/to/script"; "Hide" = 0; }'
SystemLoginItems was not well documented by Apple and it’s believed Apple created them specifically for a few developers. Now that Launchd exists SystemLoginItems is no longer necessary, likely the reason it is to be removed.
A brief discussion of SystemLoginItems can be found in this MacEnterprise thread.
Global Login Items
GlobalLoginItems has superseded SystemLoginItems, and in some cases LoginHooks, as the best method for launching a login script. Unlike LoginHooks, a Global Login Item executes after all the login processes have completed and is meant for GUI applications. You can even configure whether you would like the application’s GUI to appear or not.
To configure a Global Login Item run the following command as root:
defaults write /Library/Preferences/loginwindow AutoLaunchedApplicationDictionary -array-add '{ "Path" = "/path/to/script"; "Hide" = "0"; }'
To remove the global login item either delete /Library/Preferences/loginwindow or run the following command as root:
defaults delete /Library/Preferences/loginwindow AutoLaunchedApplicationDictionary
Note that we are modifying the loginwindow.plist file and not the more popular com.apple.loginwindow.plist file. A reboot may also be required after deleting a global login item
More information about Login Items can be found in this Apple Technical Note.
Sudo without a password in Mac OS X
Jan 12th
Mac OS X users who spend a lot of time in Terminal may find having to enter their account passwords when using sudo to be inconvenient. A few simple steps can disable this and allow you to use sudo without ever needing a password in Mac OS X 10.5 Leopard. The steps are similar for 10.3 and 10.4 however /etc/sudoers may be slightly different.
Warning! Be aware that removing the password requirement to use sudo eliminates a level of security. If someone gains access to your account they will be able to easily escalate to root privileges.
First, edit /etc/sudoers and uncomment (remove the “#”)
# %wheel ALL=(ALL) NOPASSWD: ALL
Then, in Terminal run the following command as root, replacing your_username with your account username:
dscl . append /Groups/wheel GroupMembership your_username
