User profile for user: ducatuca
ducatuca Author
User level: Level 1
49 points

Add script.sh on sudo defaults write com.apple.loginwindow (login/logout)

Goodmorning! I'm using a 2017 iMac with MacOS Mojave v10.6.14.


I need to insert an automation that executes a script when the user logs out/login and when they put the computer in standby (lockscreen/sleepmode).


I have currently created a "test script" and I'm trying to introduce it with this commands lines (on administrator account):

sudo defaults write com.apple.loginwindow LoginHook /usr/local/test.sh
sudo defaults write com.apple.loginwindow LogoutHook /usr/local/test.sh


This is my current script (a simple test on "Ethernet" network):

#!/bin/bash
# get networkstatus
status=$(networksetup -showpppeostatus "Ethernet")
# show popup/alert
osascript -e 'tell application "System Events" to button returned of (display dialog "$status" buttons {"OK"} default button "OK")' 
# create a log file
echo "$status" >> /tmp/test.log


I saved the script file in the directory, fixed all the permissions/owners:

sudo chmod ugo+rwx /usr/local/test.sh 
sudo chown root:wheel /usr/local/test.sh

but unfortunately if i try to power on and login and logout it doesn't work.

Can someone tell me where I am going wrong?

I wouldn't create a .plist file. Thank you.

iMac (2017 – 2020)

Posted on May 8, 2024 2:59 AM

Reply
2 replies
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
117,963 points

May 8, 2024 7:51 AM in response to ducatuca

For your present macOS 10.14 path, beware the “note:” included here: Customizing Login and Logout


Then write (only) a file somewhere (temporarily!) world writable using an absolute path, as a test. Don’t try to hit the UI. Login hooks are pretty limited with what they can do, and are missing parts of the usual shell environment.


While very old, IIRC macOS 10.14 and later requires permission to run scripts, too.


The replacement for login hooks is LaunchAgents, et al.


https://apple.stackexchange.com/questions/423278/how-do-i-run-a-sudo-command-at-login-logout-on-macos


Reply
User profile for user: ducatuca
ducatuca Author
User level: Level 1
49 points

May 9, 2024 12:41 AM in response to MrHoffman

Good morning, thank you for your reply! I finally did some experiments for my solution and everything works.

I bring the complete example below if maybe it can be useful for someone:


OSX: iMac (Intel, 2017) with MacOS Mojave 10.14.6


Problem: I need to find a basic solution that allows me to disable an internet network (wifi/ethernet/vpn) before a possible "lock screen" or "sleep mode".


1 - CREATE A BASH SCRIPT

cd /usr/local/bin
sudo touch script.sh
sudo chmod +x touch.sh
sudo chown root:wheel com.script.plist
sudo nano touch.sh

Inside the script i write this code (it works but I would like some suggestion/improvements)

while true; do
        scriptdate=$(date -j)
        scriptstatus=$(networksetup -showpppoestatus "MyVPN")
        if tail -n 1 /var/log/system.log | grep "com.apple.xpc.launchd.unmanaged.loginwindow"; then
                if [ "$scriptstatus" = "connected" ]; then
                        echo "$scriptdate >> script_force_disconnection" >> /tmp/script.log
                        networksetup -disconnectpppoeservice "MyVPN"
                fi
        else
                echo "$scriptdate >> $scriptstatus" >> /tmp/script.log
        fi
        sleep 1
done


2 - CREATE THE .PLIST FILE

cd /Library/LaunchDaemons
sudo touch com.script.plist
sudo chmod +x com.script.plist
sudo chown root:wheel com.script.plist
sudo nano com.script.plist

Inside this file i write this code to activate it at the login and leave it always on:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>com.script</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/bin/script.sh</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>KeepAlive</key>
        <true/>
</dict>
</plist>


3 - LOAD THE .PLIST FILE

sudo launchctl load -w /Library/LaunchAgents/com.script.plist
# if you want to unload it, you can use the following command line
sudo launchctl unload /Library/LaunchAgents/com.script.plist


4 - CHECK IF THE .PLIST IS LOAD

# get all the process and manually find "com.script"
sudo launchctl list
# or filter all the process with the process name
sudo launchctl list | grep "com.script"

if you did everything correctly you should get output similar to this:

PID    Status   Label
56     0        com.script

If you get an output like this:

PID    Status   Label
-      78       com.script

probably there is a problem in your script/.plist or file/directory permissions/owners in use


5 - RESTART & CONCLUSIONS

Restart your computer and do some testing with your Internet connection (I tried with a VPN).

When the computer goes into standby/sleep mode with the lock screen the script will proceed with disconnecting from the VPN.


This can be useful for corporate network accounts because the VPN can restrict access to corporate network resources and login.

Reply

Add script.sh on sudo defaults write com.apple.loginwindow (login/logout)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up