Solved

run login scripts as root

Posted on 2013-06-10
13
404 Views
Last Modified: 2014-01-14
I have 2 login scripts. I need script1 to run if user1 logs in and script 2 to run if user2 logs in.

I believe I need to create a .plist file in the ~/Library/Launchagents folders of each user calling their respective scripts. Is this true.?

Also, the commands within the script have to be run as root.

how can user1 and user2 run the scripts as root..?

Many thanks in advance..

Mat
0
Comment
Question by:matedwards
13 Comments
 
LVL 10

Expert Comment

by:Sam Simon Nasser
ID: 39234988
try this


    When Bash starts, it executes the commands in a variety of different scripts.

    When Bash is invoked as an interactive login shell, it first reads and executes commands from the file /etc/profile, if that file exists. After reading that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile, in that order, and reads and executes commands from the first one that exists and is readable.

    When a login shell exits, Bash reads and executes commands from the file ~/.bash_logout, if it exists.

    When an interactive shell that is not a login shell is started, Bash reads and executes commands from ~/.bashrc, if that file exists. This may be inhibited by using the --norc option. The --rcfile file option will force Bash to read and execute commands from file instead of ~/.bashrc.

http://stackoverflow.com/questions/97137/how-do-you-run-a-script-on-login-in-nix
0
 
LVL 23

Expert Comment

by:nemws1
ID: 39235044
You are correct - you want to use Launchagent.  I'm at work with an older Mac (10.4), so I can't test/show you how to do this until this evening.  Hopefully another expert can show you how to do this sooner.
0
 
LVL 61

Expert Comment

by:gheist
ID: 39242795
Can you explain what root part of script will do? Maybe that can be done without root privileges.
Normally "man visudo" explains how to run commands and what to type in visudo
0
 

Author Comment

by:matedwards
ID: 39344832
Apolgies for the lateness..
I need the scripts to move some files out of the System folder disabling Spell Check in TextEdit. The plist files in Launchagents initiate the scripts but I keep getting a Permssion Denied error and the files aren't moved. I have added this line in the visudo file

user1 ALL=(ALL) NOPSSWD:ALL or

but I'm still getting the Permission Denied error..

many thanks for the help..

Mat
0
 
LVL 61

Expert Comment

by:gheist
ID: 39346066
Not really
user1 ALL=(ALL) NOPSSWD:ALL or

Should be
user1 ALL=(ALL) NOPASSWD: ALL
0
 

Author Comment

by:matedwards
ID: 39347445
thanks gheist.. tried that.. no luck.. also tried..

user1 ALL=(ALL) NOPASSWD: /path/to/script

thanks again
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 61

Expert Comment

by:gheist
ID: 39348699
Run the script via bash -x
sudo should show some error if command line is one-off


Normally you override system preference with editing plist under same name in users preference directory, not deleting the system files.
0
 

Author Comment

by:matedwards
ID: 39482891
The script runs with no problems from the bash shell..  for example ./script

It only fails when run at login by the Launchagent.

regards

Mat
0
 
LVL 61

Expert Comment

by:gheist
ID: 39488006
Do you read what I wrote here? You can override system plists per-user. No unix involved.
0
 

Author Comment

by:matedwards
ID: 39525083
If User1 logs in Script1 moves three files out of /System to disable SpellCheck in TextEdit..

/System/Library/Coreservices/CarbonSpellChecker.bundle
/System/Library/Services/Applespell.Service
/System/Library/Spelling

If User2 logs in Script2 moves them back to enable Spellcheck in TextEdit

How can this be done in system plist per-user..?
0
 
LVL 61

Expert Comment

by:gheist
ID: 39525658
0
 

Accepted Solution

by:
matedwards earned 0 total points
ID: 39767616
Cannot get this to work.. I know it should be possible with Launchagent and elevated privileges.. closing question..
0
 

Author Closing Comment

by:matedwards
ID: 39778736
No solution
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now