LittlePLanet

Q: Help Creating a "Mac Kiosk" Using a Shell Script

Hello,

 

I have a MacBook from my school running OS X Snow Leopard and I would like to configure it so that upon restart, the student user folder gets erased and copied from a preserved configuration on startup. Can anyone show me how to do this through the use of launchd, LoginHook, or chron? Basically, I am trying to achieve a state similar to what Faronics Deep Freeze would provide, but my school doesn't have enough in the budget to license the 40 other Macs that they own.

 

I tried doing what this page recommended (http://www.gcsdstaff.org/roodhouse/?p=3164) which uses a LoginHook, but it didn't seem to work. The script executed just fine through the Terminal, but not on startup. When I tried launchd, it didn't work either. After using OS X for a while, I haven't really needed to use scripts until now, so consider me a noob .

 

Any replies are appreciated,

LittlePLanet

Posted on Jan 27, 2016 9:29 PM

Close

Q: Help Creating a "Mac Kiosk" Using a Shell Script

  • All replies
  • Helpful answers

Page 1 Next
  • by rccharles,

    rccharles rccharles Jan 28, 2016 12:27 PM in response to LittlePLanet
    Level 6 (8,464 points)
    Classic Mac OS
    Jan 28, 2016 12:27 PM in response to LittlePLanet

    We are going to need to see your script.

     

    You cannot assume any customization in your bash profile.

  • by LittlePLanet,

    LittlePLanet LittlePLanet Jan 28, 2016 4:57 PM in response to rccharles
    Level 1 (0 points)
    Jan 28, 2016 4:57 PM in response to rccharles
    #!/bin/bash
    #rm -R /Users/student
    #cp -R /Users/cleanstudent /Users/student
    #chmod -R 777 /Users/student
    
    
    

     

    I don't know how to put this in one of those fancy boxes that these lines are always in. How do I do that?

     

    Thanks,

    LittlePLanet

  • by rccharles,Helpful

    rccharles rccharles Jan 28, 2016 7:41 PM in response to LittlePLanet
    Level 6 (8,464 points)
    Classic Mac OS
    Jan 28, 2016 7:41 PM in response to LittlePLanet

    What version of OS X?

     

    El capitan has added more authorization checks.

     

    The method cited in your link is called a login hock.  It's been depreciated. Don't know if it is gone or not.

     

    The replacements seems more complicated.

    https://developer.apple.com/library/mac/technotes/tn2228/_index.html#//apple_ref /doc/uid/DTS40007991

  • by LittlePLanet,

    LittlePLanet LittlePLanet Jan 28, 2016 7:42 PM in response to rccharles
    Level 1 (0 points)
    Jan 28, 2016 7:42 PM in response to rccharles

    As said in the OP, OS X Snow Leopard. I am not sure of the exact version number (I don't have the computer with me at the moment) but I know that there are no pending updates for the computer. I haven't seen the Authorization Plugin yet so I'll try that. Thanks.

  • by rccharles,

    rccharles rccharles Jan 28, 2016 8:15 PM in response to LittlePLanet
    Level 6 (8,464 points)
    Classic Mac OS
    Jan 28, 2016 8:15 PM in response to LittlePLanet

    .

     

    Anyway, I've gotten my login hook working on Yosemite. I don't delete data in this example.

     

    I'm big on debugging, so I created a log file to tell if the login hook is getting invoked. The idea hear is to get this script working or add the debug lines to your script to see if the hook gets invoked.

     

     

    deepFreeze.sh

    #!/bin/bash
    # This is run for every user that login.
    # when
    ### sudo defaults write com.apple.loginwindow LoginHook /Users/mac/config//deepFreeze.sh
    # review what is in the login hook.
    ### sudo defaults read com.apple.loginwindow LoginHook
    # to get rid of the login hook.
    ### sudo defaults delete com.apple.loginwindow LoginHook
    
    export PS4='+(${BASH_SOURCE}:${LINENO}):'
    
    whereToLog="/Users/perfectStudentLog.txt"
    userid=${1}
    
    touch "${whereToLog}"
    
    echo "--- beginning login ---"  >> "${whereToLog}"
    echo "  The ${userid} user is logging in."  >> "${whereToLog}"
    echo "  $(date) " >> "${whereToLog}"
    
    # following ideas gotten
    #http://www.gcsdstaff.org/roodhouse/?p=3164
    
    if [ "${1}" = "student" ] ; then
    
      echo "  Making perfect files and folder for ${userid} " >> "${whereToLog}"
      echo "  well... not yet!" >> "${whereToLog}"
    
    fi
    
    
    
    
    

     

     

    # You need to use the complete path here.  No shortcuts like ~.

     

    mac $ sudo defaults write com.apple.loginwindow LoginHook /Users/mac/config/deepFreeze.sh

    Password:

    mac $

     

    mac $ sudo defaults read com.apple.loginwindow LoginHook

    /Users/mac/config/deepFreeze.sh

    mac $

     

    Here is the log file output.

    mac $ cat /Users/perfectStudentLog.txt
    --- beginning login ---
      The student user is logging in.
      Thu Jan 28 22:57:55 EST 2016
      Making perfect files and folder for student
      well... not yet!
    --- beginning login ---
      The mac user is logging in.
      Thu Jan 28 22:58:21 EST 2016
    mac $
    
    
    
    
  • by rccharles,

    rccharles rccharles Jan 29, 2016 9:56 PM in response to LittlePLanet
    Level 6 (8,464 points)
    Classic Mac OS
    Jan 29, 2016 9:56 PM in response to LittlePLanet

    rm -R /Users/student

     

    This rm command fails with a return code of 64.  I think maybe delete dir isn't allow.  Trying a find a workaround.

     

    #define    EX_USAGE    64    /* command line usage error */

    *    EX_USAGE -- The command was used incorrectly, e.g., with

    *        the wrong number of arguments, a bad flag, a bad

    *        syntax in a parameter, or whatever.

     

    I think maybe if you rename the student to studentold then delete on the student account might be one way.

     

    R

  • by LittlePLanet,

    LittlePLanet LittlePLanet Jan 30, 2016 9:10 AM in response to rccharles
    Level 1 (0 points)
    Jan 30, 2016 9:10 AM in response to rccharles

    Thanks again. I'll make sure to try this out when I have time this weekend.

     

     

    -LittlePLanet

  • by rccharles,

    rccharles rccharles Jan 30, 2016 6:45 PM in response to LittlePLanet
    Level 6 (8,464 points)
    Classic Mac OS
    Jan 30, 2016 6:45 PM in response to LittlePLanet

    Well, I've made partial progress.  Partial restore works. When I delete a dock items, it's not restored. When I change finder preferences, there not restored.  When I add files, they are deleted.

     

    I think I'll hammer it with that global permission fix.

     

    #!/bin/bash
    
    # debug stuff if needed. Place after bash on first line.
    # -vx
    #
    # name: deepFreeze.sh
    #
    # input: parameter 1 is the userid of the login user.
    #
    # This script will run for every user at login.
    # Runs as root.
    # The user of the login hook has been depreciate, but it's still around in 10.10. Hooks
    #   are easy to use and well documented for coping home folders. ;-)
    #
    # create a login hook.  Use the complete path to this script.
    # put some permissions on the script so the student cannot edit it. 
    ### sudo chown root:admin /Users/mac/config/deepFreeze.sh
    ### sudo defaults write com.apple.loginwindow LoginHook /Users/mac/config/deepFreeze.sh
    # review what is in the login hook.
    ### sudo defaults read com.apple.loginwindow LoginHook
    # get rid of the login hook when done with it
    ### sudo defaults delete com.apple.loginwindow LoginHook
    
    # how to create the archive
    ### cd /Users
    ### sudo tar vcf /Users/studenttar student
    #
    
    export PS4='+(${BASH_SOURCE}:${LINENO}):'
    
    
    userid=${1}
    whereToLog="/Users/perfectStudentLog.txt"
    
    # send terminal output to a file
    # with -vx on the shebang line we get bash script debug info.
    #
    # with the exec we avoid the need for  >> "${whereToLog}" after every echo
    # default redirection
    # 0 stdin
    # 1 stdout
    # 2 stderr
    #
    # backup
    exec 5<&1
    exec 6<&2
    # redirect
    exec 1>>"${whereToLog}"
    exec 2>>"${whereToLog}"
    
    touch "${whereToLog}"
    
    echo "--- login for ${userid} ---" 
    echo "  $(date) "
    
    # following concept gotten from
    # http://www.gcsdstaff.org/roodhouse/?p=3164
    if [ "${userid}" = "student" ] ; then
    
      # Note I use the exact account name of student to protect against
      # accidental variable snafus.
      echo "how are the files before?"
      ls -l "/Users"
    
    
      echo "  Making perfect files and folders for ${userid} "
    
      # for some reason rm command to delete all is blocked when running in the login hook.
      # I think the blockage has something to do with deleting directories.
      # return code of 64.
      id
      env
    
      echo "Number of files in student before delete $(  find '/Users/student' | wc -l )"
      # Switching to student seems to get around rm failing.
      su "student"
      echo "  return code ${?} student from su."
      echo "  ->running with student id."
      env
    
      rm -Rf "/Users/student"
      echo "  return code ${?} student from rm."
      # goes back to root when we are running in the login hook!
      # doesn't seem to go away from root like in normal terminal
      # subshells may not be allowed.
      # whatever when on, the rm delete works.
      su
      
      echo "  -> how are the home directories after rm?"
      ls -l "/Users"
    
      cd "/Users"
      tar xpf "/Users/studenttar"
      echo "    return code ${?} from tar -x "
      # previous tries with corresponding data.  All :-(.
      #   preferences get changed. Data files get deleted.
      ### cp -RP "/Users/studenthidden/" "/Users"
      #ditto -x  "/Users/perfectstudent" "/Users/student"
    
      echo "Number of files in student after restore $(  find '/Users/student' | wc -l )"
    
      ls -l "/Users"
      find "/Users/student"   -exec  ls -ld {} \; | head -n 40
    
    fi
    
    # restore redirection
    # close output.  May not need.
    exec 1<&-
    exec 2<&-
    # restore file descriptors
    exec 1<&5
    exec 2<&6
    # close file descriptors
    exec 5<&-
    exec 6<&-
    
    
    
  • by rccharles,

    rccharles rccharles Jan 30, 2016 7:00 PM in response to rccharles
    Level 6 (8,464 points)
    Classic Mac OS
    Jan 30, 2016 7:00 PM in response to rccharles

    At least my student id has a nice eagle icon.

     

    Screen Shot 2016-01-30 at 9.59.45 PM.png

  • by LittlePLanet,

    LittlePLanet LittlePLanet Jan 31, 2016 7:56 PM in response to rccharles
    Level 1 (0 points)
    Jan 31, 2016 7:56 PM in response to rccharles

    LOL. I'm actually running into another issue, and I'm hoping you can help me out with it. I made a really simple script that I have in /var/root/Scripts (I even put it in the root of the hard drive to test and make sure it's not a path issue). I am logged in as root. When I double-click it in Finder, it opens a Terminal window but it does not work. I have to type "sh /var/root/Scripts/test.sh" in order for it to execute. Here is the script:

     

    #!/bin/bash

    echo meh

     

     

     

     

     

    I am also trying another script with a LogoutHook that isn't working and also has this issue. I'm thinking solving it might help with my progress.

    Thanks!

    LittlePLanet

  • by rccharles,Helpful

    rccharles rccharles Jan 31, 2016 8:49 PM in response to LittlePLanet
    Level 6 (8,464 points)
    Classic Mac OS
    Jan 31, 2016 8:49 PM in response to LittlePLanet

    The finder expects the extension to be .command

     

    Screen Shot 2016-01-31 at 11.26.41 PM.png

     

    More details are here:

    http://alvinalexander.com/mac-os-x/exec-unix-shell-script-mac-finder-execute-cli ck

     

    extreme details with the answer with 20 points. Don't know why a silly answer got more ... 87.

    http://stackoverflow.com/questions/5125907/how-to-run-a-shell-script-in-os-x-by- double-clicking

  • by LittlePLanet,Solvedanswer

    LittlePLanet LittlePLanet Jan 31, 2016 8:49 PM in response to rccharles
    Level 1 (0 points)
    Jan 31, 2016 8:49 PM in response to rccharles

    It's the internet, what do you expect?

     

    Anyways, thanks. I forgot to chmod my script which prevented it from being executed in Finder and as a LogoutHook. I believe that's all the help I will need. Thanks!

  • by rccharles,

    rccharles rccharles Feb 1, 2016 10:25 AM in response to LittlePLanet
    Level 6 (8,464 points)
    Classic Mac OS
    Feb 1, 2016 10:25 AM in response to LittlePLanet

    The script executed just fine through the Terminal, but not on startup

     

    I'm surprised. I'd have assume you were using the same script in both places.

     

    R

  • by suijuris,

    suijuris suijuris Apr 19, 2016 1:19 PM in response to LittlePLanet
    Level 1 (9 points)
    Mac OS X
    Apr 19, 2016 1:19 PM in response to LittlePLanet

    Hi everyone, I am trying to do the same things as LittlePLanet but the school's computers are in El Capitan. Can someone share their details in how to implement this? Thank you.

Page 1 Next