Create Hidden Users Script No Longer Working In Snow Leopard
 

Create Hidden Users Script No Longer Working In Snow Leopard

Can anyone look at this script and explain why it no longer works in Snow Leopard. What changed in Snow Leopard.

Found this in Mac OS X Hints a year or so ago, very helpful for OS X Admins, who want to create a OS X Account via the CL (dscl), creates the users, name UID, group, home folder, all that stuff, and then also hides it so users who are may also have Admin rights can not see it in the Sys Prefs GUI and delete it or downgrade to Standard.

Also, It would be cool if this script could:

1) Be a double clickable file, when clicked, opens the terminal and presents the text:
"Type a user name to be created" , once done, presents

"Type in a password"

Once that is done, then runs its script to create that user and password

It would be cooler

thanks in advance

Not sure where I can attach the script, so

----

Hi,

At first glance it looks OK.

What errors are you getting and what, if anything, appears in the console log? Have you tried running each section separately to see what breaks where?

// Tony

Here is a script I use at work, it has only been tested in 10.5 as my SL machine is wiped out at the moment.

http://tlarkin.com/tech/create-hidden-user-105

You can also hide it from the GUI too, but if you need to deploy it the script is where it is at.

The script macguitarman posted checks the system version, or the version number of the Darwin kernel actually. That is what "uname -r" does. Leopard has Darwin version 9, and SL has version 10.

You can see how Tiger (darwin version 8) stores user information in '/NetInfo/root', and Leopard stores it in '/Local/Default'. Hence the need to distinguish between OS X releases. As you can se, the catch-all case in the if-then-else statement terminates the script.

Provided nothing changed dramatically between 10.5 and 10.6, just change the "9" on row 15 to "10", and the script should work fine on SL.

EDIT:
Okay, that was almost correct.

Instead of usnig 'uname -r | cut -c1' to extract the first digit of the version string, use 'uname -r | cut -d . -f 1'. This will split the string at every dot, and return to us the first segment. Since SL is Darwin version 10.0.0, picking only one digit (i.e. 1) does not make sense.

I successfully created a completely hidden account on SL 10.6.1 using the following script. Is is (should be) still backwards compatible with 10.5.

I have read reports that 10.6 breaks hidden user accounts. I had one user (begrudgingly) upgrade to 10.6 all on her own and it broke several of my hidden accounts I use for management.

I recreated them and they seem to work fine, however, I think there might be a bug in it?

I am not able to get this script to work. Could someone give me details on how to properly run it?

how to run
 

I just tested the script and it works. So to answer how to run I will need to offer some basics..... If some of my steps are not clear, then a different forum may be necessary or if I am too basic, please excuse me because your post was not clear where the failure happened.

Copy and Save the script in your favorite editor (I like TextWrangler) and I typically use the .sh for my shell scripts.
Remember where you saved it.
Run terminal
drill down to the directory you saved it to
type: sudo ./scriptname.sh <username you want to use> <password you want to use>

(tip you can also drag the file into the terminal window, this will give you the full path and file name, at which point you edit the line with the sudo and variables needed. i.e. sudo ./path/filename <username> <password>)

Hope this helps. I know this post is old, but maybe someone else may benefit.

@ salmon - thanks for the instructions, glad i found this thread. i'm having a problem getting this to work though, forgive me if i'm missing something obvious. i used TextWrangler to save the file, giving it the name "script.sh" and placed it on the desktop. Navigated to desktop in Terminal and ran the command - prompted me for password, then gave me a the following message:
"sudo: ./script.sh: command not found"
Do I need to modify anything in the script itself before executing?

I am getting the same message as steagle: "sudo: ./script.sh: command not found"

Please help! :)

You need to run the script with the full path to the name of the script, so for example if the script was on your desktop...

Replace myscript with the name of your actual script.

more clarification
 

I was not clear and thank you tlarkin for explaining the full path. Sometimes in my head it makes sense, but then I look at it later going what was I thinking or I left a chunk out.

before running the script, try checking to see if you can see the script (to make sure you are in the correct directory).
To do this, at the command prompt type ls -l
(ls -l means list the contents of where I am at in long format)
so I might see something like this

admin-001:desktop salmon$ ls -l
total 6686552
-rwxrwxrwx 1 salmon staff 793 Jun 15 2008 01 scriptname.sh

by doing this I can see that the file scriptname.sh is here where my prompt is. when you run the command:
sudo ./scriptname.sh <username you want to use> <password you want to use>
the "./" means in the current directory, in other words you are saying run this script that is right here. So if the script is not right here, then you will get the error "sudo: ./script.sh: command not found"
You can put the full path in like sudo ~/Desktop/myscript.sh or change directory to your desktop (if that is where you saved the script) by typing
cd ~/Desktop
then
sudo ./scriptname.sh <username you want to use> <password you want to use>
would work because the file is in the current directory.
I hope this makes sense and I did not make it clear as mud

Script bug fixes
 

I haven't gone through the whole script yet, but I did find at least two bugs in the script above. Here is the corrected script:


The bugs are that every user was being created with the same PrimaryGroupID and the same UniqueID. Though that is still possible with this corrected script the difference is that this script will actually use the group ID and unique ID passed as command line arguments.

i'm getting this when running this script

-bash: ./hadmin.sh: /bin/sh^M: bad interpreter: No such file or directory


can anyone one help. I've search for sh^M and its not in the script and when I look at the script I cant see anything obviously wrong, but Im new to these scripts... what is it applescript? or some sort of Unix Script I presume?

ok Im having problems with this first line

#!/bin/sh

I assume for some reason my system dosnt have the correct shell loaded?

Try:
#!/bin/bash

yes mate - I tried that one and it didnt work, same problem. Although I know I'm using Bash as my interactive shell. So god knows why it cant find it in /bin

try #! /bin/bash as renault said. ^M is a line ending character (carriage return as opposed to linefeed) that sometimes appears in files when you move them ungracefully from a Windows box to a unix machine. possibly one of the profile or resource files that's getting accessed when the shell tries to start got windozed at some point? you might gander through those a bit in TextWrangler.

Also, you are saving this in plain text right?

I copied pasted the code from safari into textmate then saved it as .sh

let me have another look actually I think theyre are options for the c-returns when I save

Some text editors by default will save as rich text. This will cause problems. I am not too familiar with textmate. I use TextWrangler personally.

meh - just re-saved it using LF for line endings and UTF8 for encoding with TextMate and got this:

[edit]

same result with #!/bin/bash as well

Textmate should be fine, its a pro text editor.
http://macromates.com/

I can grab textwrangler and give that a go - but I dont think thats the problem now, unfortunately (I wish it was that simple). But I'll try it anyway just in case

Try this instead

where myscript.sh is the actual name of the script.

just tried it with TextWrangler and got the same results. booo

same result mate. "Command not found"

I've done ls -l and I can see it there via the terminal

OK, lets get some fundamentals here as this thread is old. I know hidden user scripts work because I use them daily when imaging macs at my work.

Please answer the following:

1) What OS X version are you running?

2) what is the exact script are you running?

3) Does any other script work, or is it just this one that is broken?

Thanks

Os x 10.6.4

the script I'm running is this:
(sometimes with this alternative on the first line: #!/bin/bash)

I just tried this (test.sh):

and received the same problem - so that gives us some info

I think i fixed it with:

chmod +x test.sh

so this is the result I got in terminal


I can see a new user in preferences, but it has no name (even though I gave the variable called 'hadmin'). I was hoping to not see a user in there, the point being that its invisible. Also Im trying to find the home directory for this new user. I cant find /Local/Default/ - if that is indeed where its meant to be?

thanks for your help so far mate - learning lots here.

[edit] oh I see its meant to be in /var/

Confirmed, there is a new home directory for my user in /var/home/

thats interesting. Although I can see the new user in preferences. It has no name and is just labeled as an admin. But I cant delete the user.

hmmm that because it is root. hmm thats not right, root is visible in my preferences now. odd

well if it is 10.6 you can get rid of a lot of that code since you definitely do not need netinfo.

Here is a make-shift one you can try for testing purposes

I just whipped this up but it may or may not work as I do not have time to test it. You should make sure the script is executable and ran by root when running it.

the orginal script had this in it

if [ -z $GROUPID ] || [ -z $UNIQUEID ] ; then
GROUPID=0
UNIQUEID=0


would I be right in thinking that groupid=0 uniqueid=0 is the same as root... so the new user I created is conflicting with root?

I'll have a crack later, in deleting this user i just created and start over ;-) - I need to go have some lunch ;D

thanks for the help

Yes UID and GID 0 is root:wheel you need to create a local admin users that is UID below 500 (so between 400 and 500 to be safe) and needs to be in the staff and admin group.

OK I slightly amended your script

things I changed were:
#!/bin/bash (just a typo)
UID to UniqID (had to change this variable, the script wouldnt run with the UID, it is a read only variable)
homefolder="/private/var/home" (this path, I wanted the home dir to be created in home inside var)

It seem to run ok accept that I think the home dir didnt create. Although I was able to log in with this user there is no home dir visible when logged in. And when I physically look in var/home/ there is nothing in it.

cheers

I think that by nature home directories create on the fly at first log in. So the home folder may not exist until you actually log in.

Glad that worked for you. I only had about 3 minutes of free time so I just typed that out as fast as I could. Now back to work...as my lunch break is now over.

ok I fixed it by creating another script:

I guess youre going to tell me that I dont really need a home folder now arnt you :D - anyway its done. and Im more confident with terminal. cheers

thanks for your help mate - i owe you a pint or two cheers

This is where directory services local differs from server side I guess. Server side it creates on the fly when you first log in. Technically if this is for local administration and remote admin connection you don't need a home folder per se, but yeah I get it.

Copying the contents of the user template to the home folder will in fact create the desktop, documents, etc folders. Which is most likely what the server side does under the hood for you if you change anything in particular.

I will have to modify my create user scripts to add options for home folders.

Thanks,
Tom