# LoginHook Script Problems



## emh_alpha1 (Aug 26, 2003)

We're needing to use a script to create local home directories on a workstation based on an LDAP lookup against our Netware NDS database.

The script runs fine from root's terminal. If i connect it up to LoginHook in /etc/ttys I can login and it copies the model directory, names it properly and logins in, but does not changes the permissions on the directory at all. I've checked the script is running as root, but for some reason I cannot correct the permissions.

Any ideas - this is quite urgent.

Thanks in advance.

M.

script -->

#!/bin/sh

USERNAME=$*

GID=`id -g`
echo "running as: $GID" > /test 

echo "Checking user: $USERNAME"

if test -d "/users/$USERNAME"
then
	echo "Directory: $USERNAME already exists"
else
	echo "Directory: $USERNAME does not exist"
	echo "Creating directory: $USERNAME"

	# uppercase username
	USERNAME=`echo $USERNAME | tr a-z A-Z`
	USERID=`id $USERNAME | cut -f 2 -d "=" | cut -f 1 -d "("`
	echo $USERID

	ditto -rsrc /system/library/user\ template/english.lproj /users/$USERNAME
	echo "Setting default priveleges"
	sudo chown -R $USERID:1000 /users/$USERNAME
	sudo chmod -R 700 /users/$USERNAME
	sudo chmod 755 /users/$USERNAME/Public
	sudo chmod 755 /users/$USERNAME/Sites
	sudo chmod 733 /users/$USERNAME/Public/Drop\ Box
	echo "Created directory: $USERNAME"
fi


----------



## mr. k (Aug 26, 2003)

I bet it's because you are using sudo chmod... I really don't know a lot about shell scripts but I read through it and understood what the script is doing.  If you run the script as root without using sudo in the part where you set permissions it should work just fine.
sudo requires authentication...
Oh well I just tested it and if you run sudo as root I guess it doesn't need authentication, but I still don't see why if the script runs with root priv's you would need to throw sudo in there.  I would try running it without.


----------



## seann (Aug 26, 2003)

..


----------



## emh_alpha1 (Aug 26, 2003)

I removed the sudo as you suggested but it did not make any difference. I suspected it wouldn't as i only added sudo after initially testing to see if it would make a difference. i have also verified that the script is running as root when logging in, so sudo shouldn't have had any effect anyway.

Looks to me like something in the login process of OSX is stopping the permissions from being changed.

I appreciate your suggestions... any other ideas?


----------



## lanceo (Aug 29, 2003)

Personally, I would have a separate login hook script that executed this script you've posted as the user logging in.

When a user logs in, and you're wanting to grab their username within a bash script, you do so by taking the $1 variable.
Here's my loginhook I run(not completely cleaned up yet) as well as a corresponding user_setup.sh script.

#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/Developer/Tools; export PATH
#
#
# Owlmac login hook
#
# Revisions     : 07/02/2003    Cleaned up script 
#                 08/01/2003    Added executing of user_setup script
#
# ----------------------------------------------------------------------------------
# Variable setups
RIGHTNOW=`date +%m/%d/%y%t%H:%M:%S`
LOGINNAME=$1
NODENAME=`grep APPLETALK_HOSTNAME /etc/hostconfig | cut -d '=' -f 2`
location_log="/var/log/admin/admin_tasks.log"
#####################################################################################
# Have logger send login info to syslog where it then gets saved to gui_login_logout.log
logger -p local0.notice Login: $1
# Not sure if I want to implement above logger method. The one used at the end of this script
# seems to be sufficient.
#####################################################################################
#
# Check to see if someone is trying to login while iHook is running.
ihookpid=`/bin/ps xcO command | /usr/bin/grep -v grep | /usr/bin/grep iHook | /usr/bin/awk '{ print $1 }'`
if test "$ihookpid"; then
   lwpid=`/bin/ps xcO command | /usr/bin/grep -v grep | /usr/bin/grep loginwindow | /usr/bin/awk '{ print $1 }'`
   kill $lwpid;
# Remove pid files for the network homes check, just in case that was the ihook script running.
 /sbin/reboot
 exit 0
fi
#
#
#####################################################################################
# Check to see if the user logging in is Radmind.
if [ $1 = "radmind" ]; then
/private/.scripts/iHook.app/Contents/MacOS/iHook --script=/private/.scripts/run_radmind.pl
fi
if [ $1 = "root" ]; then
/sbin/reboot
fi
######################################################################################
# Log user to log file
echo "LOGIN $NODENAME $LOGINNAME $RIGHTNOW">>/var/log/admin/console_access.log
######################################################################################
# Run the User setup script as long as we are not logging in as the Radmind user or the Admin
# User.
##### Checking for if a train account
#
#
TRAINTEST=`echo $1 | /usr/bin/egrep '^train[0-9]+$'`
if [ ! -z "$TRAINTEST" ]; then
## It is a train account
su $1 -c "/Library/Admin/train.sh $1"
su $1 -c "/Library/Admin/byhost_user.sh $1"
cp /Library/Admin/printer_defaults/printers.conf /etc/cups/printers.conf
exit 0
fi
if [ "$1" != "etsadmin" ]; then
cd /
su $1 -c "/Library/Admin/user_setup.sh $1"
su $1 -c "/Library/Admin/byhost_user.sh $1"
cp /Library/Admin/printer_defaults/printers.conf /etc/cups/printers.conf
exit 0
fi
if [ $1 = "etsadmin" ]; then
cd /
/private/.scripts/byhost_admin.sh
cp /Library/Admin/printer_defaults/printers.conf /etc/cups/printers.conf
fi
exit 0





Here's my user_setup.sh script:

#!/bin/sh
#
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/Developer/Tools; export PATH
#
###############################################################
# DIR is the location where the machine identity is being held
#DIR=/Library/Admin/machine_identity/; export DIR
# ID is setting its value as the contents of DIR
#ID=`ls $DIR`
###############################################################
cd /home/$1
##############################
mkdir -p /tmp/$1/Caches
CpMac /Library/Admin/printer_defaults/.lpoptions_nullps  /home/$1/.lpoptions
if [ ! -d /home/$1/Documents ]; then
     mkdir Documents
     chmod 0755 Documents
fi
if [ -d /home/$1/Library/Caches/ ]; then
  rm -r /home/$1/Library/Caches
  ln -s /tmp/$1/Caches/ /home/$1/Library/Caches
  chmod 0700 /tmp/$1/
fi
# Deal with Library
  if [ ! -d /home/$1/Library/ ]; then
     CpMac -r /Library/Admin/user_preferences/Library /home/$1/
     CpMac /Library/Admin/user_preferences/com.apple.dock.plist /home/$1/Library/Preferences/
     ln -s /tmp/$1/Caches/ /home/$1/Library/Caches
     chmod 0700 /tmp/$1/
  exit 0  
  fi
 if [ -d /home/$1/Library/Preferences/ ]; then
    chmod 0755 /home/$1/Library/
    chmod 0755 /home/$1/Library/Preferences/ 
    CpMac -r /Library/Admin/user_preferences/Library/Preferences /home/$1/Library/
 fi
 if [ ! -f /home/$1/Library/Preferences/com.apple.dock.plist ]: then
  CpMac /Library/Admin/user_preferences/com.apple.dock.plist /home/$1/Library/Preferences/ 
 fi 

exit 0





One thing to always remember is that within the script you can always set the debug mode
#!/bin/sh -x
and then watch the output of the script to determine where things are breaking..

Hopefully these scripts will help some.
From my login hook script by using the 
su $1 -c "/Library/Admin/user_setup.sh $1"
I'm executing the user_setup.sh script as the user logging in. This allows you to remove all of the sudo calls within the other script..


----------

