Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: LittlePLanet
LittlePLanet Author
User level: Level 1
0 points

Help Creating a "Mac Kiosk" Using a Shell Script

Hello,


I have a MacBook from my school running OS X Snow Leopard and I would like to configure it so that upon restart, the student user folder gets erased and copied from a preserved configuration on startup. Can anyone show me how to do this through the use of launchd, LoginHook, or chron? Basically, I am trying to achieve a state similar to what Faronics Deep Freeze would provide, but my school doesn't have enough in the budget to license the 40 other Macs that they own.


I tried doing what this page recommended (http://www.gcsdstaff.org/roodhouse/?p=3164) which uses a LoginHook, but it didn't seem to work. The script executed just fine through the Terminal, but not on startup. When I tried launchd, it didn't work either. After using OS X for a while, I haven't really needed to use scripts until now, so consider me a noob 😝.


Any replies are appreciated,

LittlePLanet

Posted on Jan 27, 2016 9:29 PM

Reply
16 replies
User profile for user: rccharles
rccharles
User level: Level 6
12,957 points

Jan 28, 2016 8:15 PM in response to LittlePLanet

😊.


Anyway, I've gotten my login hook working on Yosemite. I don't delete data in this example.


I'm big on debugging, so I created a log file to tell if the login hook is getting invoked. The idea hear is to get this script working or add the debug lines to your script to see if the hook gets invoked.



deepFreeze.sh

#!/bin/bash
# This is run for every user that login.
# when
### sudo defaults write com.apple.loginwindow LoginHook /Users/mac/config//deepFreeze.sh
# review what is in the login hook.
### sudo defaults read com.apple.loginwindow LoginHook
# to get rid of the login hook.
### sudo defaults delete com.apple.loginwindow LoginHook

export PS4='+(${BASH_SOURCE}:${LINENO}):'

whereToLog="/Users/perfectStudentLog.txt"
userid=${1}

touch "${whereToLog}"

echo "--- beginning login ---"  >> "${whereToLog}"
echo "  The ${userid} user is logging in."  >> "${whereToLog}"
echo "  $(date) " >> "${whereToLog}"

# following ideas gotten
#http://www.gcsdstaff.org/roodhouse/?p=3164

if [ "${1}" = "student" ] ; then

  echo "  Making perfect files and folder for ${userid} " >> "${whereToLog}"
  echo "  well... not yet!" >> "${whereToLog}"

fi



# You need to use the complete path here. No shortcuts like ~.


mac $ sudo defaults write com.apple.loginwindow LoginHook /Users/mac/config/deepFreeze.sh

Password:

mac $


mac $ sudo defaults read com.apple.loginwindow LoginHook

/Users/mac/config/deepFreeze.sh

mac $


Here is the log file output.

mac $ cat /Users/perfectStudentLog.txt
--- beginning login ---
  The student user is logging in.
  Thu Jan 28 22:57:55 EST 2016
  Making perfect files and folder for student
  well... not yet!
--- beginning login ---
  The mac user is logging in.
  Thu Jan 28 22:58:21 EST 2016
mac $
Reply
User profile for user: rccharles
rccharles
User level: Level 6
12,957 points

Jan 29, 2016 9:56 PM in response to LittlePLanet

rm -R /Users/student


This rm command fails with a return code of 64. I think maybe delete dir isn't allow. Trying a find a workaround.


#define EX_USAGE 64 /* command line usage error */

* EX_USAGE -- The command was used incorrectly, e.g., with

* the wrong number of arguments, a bad flag, a bad

* syntax in a parameter, or whatever.


I think maybe if you rename the student to studentold then delete on the student account might be one way.


R

Reply
User profile for user: rccharles
rccharles
User level: Level 6
12,957 points

Jan 30, 2016 6:45 PM in response to LittlePLanet

Well, I've made partial progress. Partial restore works. When I delete a dock items, it's not restored. When I change finder preferences, there not restored. When I add files, they are deleted.


I think I'll hammer it with that global permission fix.


#!/bin/bash

# debug stuff if needed. Place after bash on first line.
# -vx
#
# name: deepFreeze.sh
#
# input: parameter 1 is the userid of the login user.
#
# This script will run for every user at login.
# Runs as root.
# The user of the login hook has been depreciate, but it's still around in 10.10. Hooks
#   are easy to use and well documented for coping home folders. ;-)
#
# create a login hook.  Use the complete path to this script.
# put some permissions on the script so the student cannot edit it. 
### sudo chown root:admin /Users/mac/config/deepFreeze.sh
### sudo defaults write com.apple.loginwindow LoginHook /Users/mac/config/deepFreeze.sh
# review what is in the login hook.
### sudo defaults read com.apple.loginwindow LoginHook
# get rid of the login hook when done with it
### sudo defaults delete com.apple.loginwindow LoginHook

# how to create the archive
### cd /Users
### sudo tar vcf /Users/studenttar student
#

export PS4='+(${BASH_SOURCE}:${LINENO}):'


userid=${1}
whereToLog="/Users/perfectStudentLog.txt"

# send terminal output to a file
# with -vx on the shebang line we get bash script debug info.
#
# with the exec we avoid the need for  >> "${whereToLog}" after every echo
# default redirection
# 0 stdin
# 1 stdout
# 2 stderr
#
# backup
exec 5<&1
exec 6<&2
# redirect
exec 1>>"${whereToLog}"
exec 2>>"${whereToLog}"

touch "${whereToLog}"

echo "--- login for ${userid} ---" 
echo "  $(date) "

# following concept gotten from
# http://www.gcsdstaff.org/roodhouse/?p=3164
if [ "${userid}" = "student" ] ; then

  # Note I use the exact account name of student to protect against
  # accidental variable snafus.
  echo "how are the files before?"
  ls -l "/Users"


  echo "  Making perfect files and folders for ${userid} "

  # for some reason rm command to delete all is blocked when running in the login hook.
  # I think the blockage has something to do with deleting directories.
  # return code of 64.
  id
  env

  echo "Number of files in student before delete $(  find '/Users/student' | wc -l )"
  # Switching to student seems to get around rm failing.
  su "student"
  echo "  return code ${?} student from su."
  echo "  ->running with student id."
  env

  rm -Rf "/Users/student"
  echo "  return code ${?} student from rm."
  # goes back to root when we are running in the login hook!
  # doesn't seem to go away from root like in normal terminal
  # subshells may not be allowed.
  # whatever when on, the rm delete works.
  su
  
  echo "  -> how are the home directories after rm?"
  ls -l "/Users"

  cd "/Users"
  tar xpf "/Users/studenttar"
  echo "    return code ${?} from tar -x "
  # previous tries with corresponding data.  All :-(.
  #   preferences get changed. Data files get deleted.
  ### cp -RP "/Users/studenthidden/" "/Users"
  #ditto -x  "/Users/perfectstudent" "/Users/student"

  echo "Number of files in student after restore $(  find '/Users/student' | wc -l )"

  ls -l "/Users"
  find "/Users/student"   -exec  ls -ld {} \; | head -n 40

fi

# restore redirection
# close output.  May not need.
exec 1<&-
exec 2<&-
# restore file descriptors
exec 1<&5
exec 2<&6
# close file descriptors
exec 5<&-
exec 6<&-
Reply
User profile for user: LittlePLanet
LittlePLanet Author
User level: Level 1
0 points

Jan 31, 2016 7:56 PM in response to rccharles

LOL. I'm actually running into another issue, and I'm hoping you can help me out with it. I made a really simple script that I have in /var/root/Scripts (I even put it in the root of the hard drive to test and make sure it's not a path issue). I am logged in as root. When I double-click it in Finder, it opens a Terminal window but it does not work. I have to type "sh /var/root/Scripts/test.sh" in order for it to execute. Here is the script:


#!/bin/bash

echo meh






I am also trying another script with a LogoutHook that isn't working and also has this issue. I'm thinking solving it might help with my progress.

Thanks!

LittlePLanet

Reply

Help Creating a "Mac Kiosk" Using a Shell Script

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up