LoginHook Script Problems

[emh_alpha1]

We're needing to use a script to create local home directories on a workstation based on an LDAP lookup against our Netware NDS database.

The script runs fine from root's terminal. If i connect it up to LoginHook in /etc/ttys I can login and it copies the model directory, names it properly and logins in, but does not changes the permissions on the directory at all. I've checked the script is running as root, but for some reason I cannot correct the permissions.

Any ideas - this is quite urgent.

Thanks in advance.

M.

script -->

#!/bin/sh

USERNAME=$*

GID=`id -g`
echo "running as: $GID" > /test

echo "Checking user: $USERNAME"

if test -d "/users/$USERNAME"
then
echo "Directory: $USERNAME already exists"
else
echo "Directory: $USERNAME does not exist"
echo "Creating directory: $USERNAME"

# uppercase username
USERNAME=`echo $USERNAME | tr a-z A-Z`
USERID=`id $USERNAME | cut -f 2 -d "=" | cut -f 1 -d "("`
echo $USERID

ditto -rsrc /system/library/user\ template/english.lproj /users/$USERNAME
echo "Setting default priveleges"
sudo chown -R $USERID:1000 /users/$USERNAME
sudo chmod -R 700 /users/$USERNAME
sudo chmod 755 /users/$USERNAME/Public
sudo chmod 755 /users/$USERNAME/Sites
sudo chmod 733 /users/$USERNAME/Public/Drop\ Box
echo "Created directory: $USERNAME"
fi

 

[mr. k]

I bet it's because you are using sudo chmod... I really don't know a lot about shell scripts but I read through it and understood what the script is doing. If you run the script as root without using sudo in the part where you set permissions it should work just fine.
sudo requires authentication...
Oh well I just tested it and if you run sudo as root I guess it doesn't need authentication, but I still don't see why if the script runs with root priv's you would need to throw sudo in there. I would try running it without.

 

[seann]

..

 

[emh_alpha1]

I removed the sudo as you suggested but it did not make any difference. I suspected it wouldn't as i only added sudo after initially testing to see if it would make a difference. i have also verified that the script is running as root when logging in, so sudo shouldn't have had any effect anyway.

Looks to me like something in the login process of OSX is stopping the permissions from being changed.

I appreciate your suggestions... any other ideas?

 

[lanceo]

Personally, I would have a separate login hook script that executed this script you've posted as the user logging in.

When a user logs in, and you're wanting to grab their username within a bash script, you do so by taking the $1 variable.
Here's my loginhook I run(not completely cleaned up yet) as well as a corresponding user_setup.sh script.

#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/Developer/Tools; export PATH
#
#
# Owlmac login hook
#
# Revisions : 07/02/2003 Cleaned up script
# 08/01/2003 Added executing of user_setup script
#
# ----------------------------------------------------------------------------------
# Variable setups
RIGHTNOW=`date +%m/%d/%y%t%H:%M:%S`
LOGINNAME=$1
NODENAME=`grep APPLETALK_HOSTNAME /etc/hostconfig | cut -d '=' -f 2`
location_log="/var/log/admin/admin_tasks.log"
#####################################################################################
# Have logger send login info to syslog where it then gets saved to gui_login_logout.log
logger -p local0.notice Login: $1
# Not sure if I want to implement above logger method. The one used at the end of this script
# seems to be sufficient.
#####################################################################################
#
# Check to see if someone is trying to login while iHook is running.
ihookpid=`/bin/ps xcO command | /usr/bin/grep -v grep | /usr/bin/grep iHook | /usr/bin/awk '{ print $1 }'`
if test "$ihookpid"; then
lwpid=`/bin/ps xcO command | /usr/bin/grep -v grep | /usr/bin/grep loginwindow | /usr/bin/awk '{ print $1 }'`
kill $lwpid;
# Remove pid files for the network homes check, just in case that was the ihook script running.
/sbin/reboot
exit 0
fi
#
#
#####################################################################################
# Check to see if the user logging in is Radmind.
if [ $1 = "radmind" ]; then
/private/.scripts/iHook.app/Contents/MacOS/iHook --script=/private/.scripts/run_radmind.pl
fi
if [ $1 = "root" ]; then
/sbin/reboot
fi
######################################################################################
# Log user to log file
echo "LOGIN $NODENAME $LOGINNAME $RIGHTNOW">>/var/log/admin/console_access.log
######################################################################################
# Run the User setup script as long as we are not logging in as the Radmind user or the Admin
# User.
##### Checking for if a train account
#
#
TRAINTEST=`echo $1 | /usr/bin/egrep '^train[0-9]+$'`
if [ ! -z "$TRAINTEST" ]; then
## It is a train account
su $1 -c "/Library/Admin/train.sh $1"
su $1 -c "/Library/Admin/byhost_user.sh $1"
cp /Library/Admin/printer_defaults/printers.conf /etc/cups/printers.conf
exit 0
fi
if [ "$1" != "etsadmin" ]; then
cd /
su $1 -c "/Library/Admin/user_setup.sh $1"
su $1 -c "/Library/Admin/byhost_user.sh $1"
cp /Library/Admin/printer_defaults/printers.conf /etc/cups/printers.conf
exit 0
fi
if [ $1 = "etsadmin" ]; then
cd /
/private/.scripts/byhost_admin.sh
cp /Library/Admin/printer_defaults/printers.conf /etc/cups/printers.conf
fi
exit 0





Here's my user_setup.sh script:

#!/bin/sh
#
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/Developer/Tools; export PATH
#
###############################################################
# DIR is the location where the machine identity is being held
#DIR=/Library/Admin/machine_identity/; export DIR
# ID is setting its value as the contents of DIR
#ID=`ls $DIR`
###############################################################
cd /home/$1
##############################
mkdir -p /tmp/$1/Caches
CpMac /Library/Admin/printer_defaults/.lpoptions_nullps /home/$1/.lpoptions
if [ ! -d /home/$1/Documents ]; then
mkdir Documents
chmod 0755 Documents
fi
if [ -d /home/$1/Library/Caches/ ]; then
rm -r /home/$1/Library/Caches
ln -s /tmp/$1/Caches/ /home/$1/Library/Caches
chmod 0700 /tmp/$1/
fi
# Deal with Library
if [ ! -d /home/$1/Library/ ]; then
CpMac -r /Library/Admin/user_preferences/Library /home/$1/
CpMac /Library/Admin/user_preferences/com.apple.dock.plist /home/$1/Library/Preferences/
ln -s /tmp/$1/Caches/ /home/$1/Library/Caches
chmod 0700 /tmp/$1/
exit 0
fi
if [ -d /home/$1/Library/Preferences/ ]; then
chmod 0755 /home/$1/Library/
chmod 0755 /home/$1/Library/Preferences/
CpMac -r /Library/Admin/user_preferences/Library/Preferences /home/$1/Library/
fi
if [ ! -f /home/$1/Library/Preferences/com.apple.dock.plist ]: then
CpMac /Library/Admin/user_preferences/com.apple.dock.plist /home/$1/Library/Preferences/
fi

exit 0





One thing to always remember is that within the script you can always set the debug mode
#!/bin/sh -x
and then watch the output of the script to determine where things are breaking..

Hopefully these scripts will help some.
From my login hook script by using the
su $1 -c "/Library/Admin/user_setup.sh $1"
I'm executing the user_setup.sh script as the user logging in. This allows you to remove all of the sudo calls within the other script..