The macosxhints Forums - Create Hidden Users Script No Longer Working In Snow Leopard

The macosxhints Forums (http://hintsforums.macworld.com/index.php)

- UNIX - General (http://hintsforums.macworld.com/forumdisplay.php?f=16)

- - Create Hidden Users Script No Longer Working In Snow Leopard (http://hintsforums.macworld.com/showthread.php?t=104926)

meh - just re-saved it using LF for line endings and UTF8 for encoding with TextMate and got this:

Code:

WuWei:Desktop fudog$ sudo ./hadmin.sh hadmin hadmin

Password:

sudo: ./hadmin.sh: command not found

WuWei:Desktop fudog$

[edit]

same result with #!/bin/bash as well

Quote:

Originally Posted by tlarkin (Post 598855)

Some text editors by default will save as rich text. This will cause problems. I am not too familiar with textmate. I use TextWrangler personally.

Textmate should be fine, its a pro text editor.
http://macromates.com/

I can grab textwrangler and give that a go - but I dont think thats the problem now, unfortunately (I wish it was that simple). But I'll try it anyway just in case

Quote:

Originally Posted by fudog (Post 598856)

meh - just re-saved it using LF for line endings and UTF8 for encoding with TextMate and got this:

Code:

WuWei:Desktop fudog$ sudo ./hadmin.sh hadmin hadmin

Password:

sudo: ./hadmin.sh: command not found

WuWei:Desktop fudog$

[edit]

same result with #!/bin/bash as well

Try this instead

Code:

sudo sh ~/Desktop/myscript.sh

where myscript.sh is the actual name of the script.

just tried it with TextWrangler and got the same results. booo

Quote:

Originally Posted by tlarkin (Post 598858)

Try this instead

Code:

sudo sh ~/Desktop/myscript.sh

where myscript.sh is the actual name of the script.

same result mate. "Command not found"

I've done ls -l and I can see it there via the terminal

OK, lets get some fundamentals here as this thread is old. I know hidden user scripts work because I use them daily when imaging macs at my work.

Please answer the following:

1) What OS X version are you running?

2) what is the exact script are you running?

3) Does any other script work, or is it just this one that is broken?

Thanks

Os x 10.6.4

the script I'm running is this:

Code:

#!/bin/sh



if [ -z $1 ] ; then

        echo "usage: `basename $0` [username] [password] ([UID] optional) ([GID] optional)"

        exit 1

fi



USERNAME=$1

PASSWORD=$2

USERID=$3

GROUPID=$4





if [ `uname -r | cut -d . -f 1` = 8 ] ; then

        PATH='/NetInfo/root'

elif [ `uname -r | cut -d . -f 1` = 9 ] ; then

        PATH='/Local/Default'

elif [ `uname -r | cut -d . -f 1` = 10 ] ; then

        PATH='/Local/Default'

else

        exit 1

fi



if [ -z $GROUPID ] || [ -z $UNIQUEID ] ; then

        GROUPID=0

        UNIQUEID=0

fi



checkUser ()

{

        echo "checking user.."

        if [[ `/usr/bin/dscl localhost list /Local/Default/Users | /usr/bin/grep "$USERNAME" | /usr/bin/grep -v "$USERNAME." | /usr/bin/grep -v ".$USERNAME"` == "$USERNAME" ]] ; then

                echo "the username '$USERNAME' already exists"

                exit 1

        fi

}



makeUser ()

{

        /bin/echo "creating admin user account…"

        /usr/bin/dscl localhost create $PATH/Users/$USERNAME

        /usr/bin/dscl localhost create $PATH/Users/$USERNAME PrimaryGroupID $GROUPID

        /usr/bin/dscl localhost create $PATH/Users/$USERNAME UniqueID $UNIQUEID

        /usr/bin/dscl localhost create $PATH/Users/$USERNAME UserShell /bin/bash

        /usr/bin/dscl localhost passwd $PATH/Users/$USERNAME $PASSWORD

        /usr/bin/dscl localhost append $PATH/Groups/admin GroupMembership $USERNAME

        /usr/bin/dscl localhost create $PATH/Users/$USERNAME NFSHomeDirectory /var/home/$USERNAME

        /bin/echo "creating new admin account homedir…"

        /bin/mkdir -p /var/home/$USERNAME

        /usr/bin/ditto -rsrc -V /System/Library/User\ Template/English.lproj/ /var/home/$USERNAME/

        /usr/sbin/chown -Rf $USERNAME:admin /var/home/$USERNAME

        /bin/echo "confirming what we just did…"

        /bin/ls /var/home/$USERNAME/

        /usr/bin/id $USERNAME

        /bin/echo "if that looks good, we're all set."

}



deleteUser ()

{

        /usr/bin/sudo /usr/bin/dscl localhost delete $PATH/Users/$USERNAME

        /usr/bin/sudo /usr/bin/dscl localhost delete $PATH/Groups/admin GroupMembership $USERNAME

}



hideUser ()

{

        /usr/bin/sudo /bin/cp -n /Library/Preferences/com.apple.loginwindow.plist /Library/Preferences/com.apple.loginwindow.plist.backup

        /usr/bin/sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE

        /usr/bin/sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array $USERNAME

        /usr/bin/sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE

}



checkUser

makeUser

hideUser

#deleteUser

(sometimes with this alternative on the first line: #!/bin/bash)

I just tried this (test.sh):

Code:

cd /

ls -al

cd /Users

ls -al

cat ~/test.sh

and received the same problem - so that gives us some info

I think i fixed it with:

chmod +x test.sh

so this is the result I got in terminal

Code:

WuWei:Desktop fudog$ sudo ./hadmin.sh hadmin hadmin

checking user..

creating admin user account…

creating new admin account homedir…

>>> Copying /System/Library/User Template/English.lproj/ 

copying file ./.CFUserTextEncoding ... 

3 bytes for ./.CFUserTextEncoding

copying file ./Desktop/.localized ... 

0 bytes for ./Desktop/.localized

copying file ./Documents/.localized ... 

0 bytes for ./Documents/.localized

copying file ./Documents/About Stacks.pdf ... 

466028 bytes for ./Documents/About Stacks.pdf

copying file ./Downloads/.localized ... 

0 bytes for ./Downloads/.localized

copying file ./Downloads/About Downloads.pdf ... 

557722 bytes for ./Downloads/About Downloads.pdf

copying file ./Library/.localized ... 

0 bytes for ./Library/.localized

copying file ./Library/Compositions/.localized ... 

0 bytes for ./Library/Compositions/.localized

copying file ./Library/Favorites/.localized ... 

0 bytes for ./Library/Favorites/.localized

copying file ./Library/FontCollections/Fixed Width.collection ... 

957 bytes for ./Library/FontCollections/Fixed Width.collection

copying file ./Library/FontCollections/Fun.collection ... 

872 bytes for ./Library/FontCollections/Fun.collection

copying file ./Library/FontCollections/Modern.collection ... 

815 bytes for ./Library/FontCollections/Modern.collection

copying file ./Library/FontCollections/PDF.collection ... 

856 bytes for ./Library/FontCollections/PDF.collection

copying file ./Library/FontCollections/Traditional.collection ... 

1055 bytes for ./Library/FontCollections/Traditional.collection

copying file ./Library/FontCollections/Web.collection ... 

1164 bytes for ./Library/FontCollections/Web.collection

copying file ./Library/Input Methods/.localized ... 

0 bytes for ./Library/Input Methods/.localized

copying file ./Library/Preferences/.GlobalPreferences.plist ... 

955 bytes for ./Library/Preferences/.GlobalPreferences.plist

copying file ./Library/Preferences/com.apple.symbolichotkeys.plist ... 

42 bytes for ./Library/Preferences/com.apple.symbolichotkeys.plist

copying file ./Movies/.localized ... 

0 bytes for ./Movies/.localized

copying file ./Music/.localized ... 

0 bytes for ./Music/.localized

copying file ./Pictures/.localized ... 

0 bytes for ./Pictures/.localized

copying symlink ./Pictures/iChat Icons ... 

linked ./Pictures/iChat Icons

copying file ./Public/.localized ... 

0 bytes for ./Public/.localized

copying file ./Public/Drop Box/.localized ... 

0 bytes for ./Public/Drop Box/.localized

copying file ./Sites/.localized ... 

0 bytes for ./Sites/.localized

copying file ./Sites/images/gradient.jpg ... 

29315 bytes for ./Sites/images/gradient.jpg

copying file ./Sites/index.html ... 

2642 bytes for ./Sites/index.html

confirming what we just did…

.CFUserTextEncoding        Documents                Library                        Music                        Public

Desktop                        Downloads                Movies                        Pictures                Sites

uid=0(hadmin) gid=0(wheel) groups=0(wheel),102(com.apple.sharepoint.group.2),204(_developer),100(_lpoperator),98(_lpadmin),80(admin),61(localaccounts),29(certusers),20(staff),12(everyone),9(procmod),8(procview),5(operator),4(tty),3(sys),2(kmem),1(daemon),101(com.apple.sharepoint.group.1),401(com.apple.sharepoint.group.3)

if that looks good, we're all set.

sudo: unable to cache uid, already exists

sudo: unable to cache uid, already exists

sudo: unable to cache uid, already exists

sudo: unable to cache uid, already exists

WuWei:Desktop fudog$

I can see a new user in preferences, but it has no name (even though I gave the variable called 'hadmin'). I was hoping to not see a user in there, the point being that its invisible. Also Im trying to find the home directory for this new user. I cant find /Local/Default/ - if that is indeed where its meant to be?

thanks for your help so far mate - learning lots here.

[edit] oh I see its meant to be in /var/

Confirmed, there is a new home directory for my user in /var/home/

thats interesting. Although I can see the new user in preferences. It has no name and is just labeled as an admin. But I cant delete the user.

hmmm that because it is root. hmm thats not right, root is visible in my preferences now. odd

well if it is 10.6 you can get rid of a lot of that code since you definitely do not need netinfo.

Here is a make-shift one you can try for testing purposes

Code:

#!/bin/bash



# create local hidden admin account

# hard code account variables



shortname="hadmin"

realname="Hidden Administrator"

uniqid=400

homefolder="/private/var"

defaultshell="/bin/bash"

password="mypassword"



dscl . -create /Users/$shortname

dscl . -create /Users/$shortname UserShell ${defaultshell}

dscl . -create /Users/$shortname RealName "${realname}"

dscl . -create /Users/$shortname UniqueID ${uniqid}

dscl . -create /Users/$shortname PrimaryGroupID 20

dscl . -create /Users/$shortname NFSHomeDirectory ${homefolder}

dscl . -passwd /Users/$shortname "${password}"



# now promote user to admin group



dscl . append /Groups/admin GroupMembership ${shortname}



# now set the loginwindow to hide all UIDs under 500



defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE



exit 0

I just whipped this up but it may or may not work as I do not have time to test it. You should make sure the script is executable and ran by root when running it.

the orginal script had this in it

if [ -z $GROUPID ] || [ -z $UNIQUEID ] ; then
GROUPID=0
UNIQUEID=0

would I be right in thinking that groupid=0 uniqueid=0 is the same as root... so the new user I created is conflicting with root?

I'll have a crack later, in deleting this user i just created and start over ;-) - I need to go have some lunch ;D

thanks for the help

Quote:

Originally Posted by fudog (Post 598872)

Yes UID and GID 0 is root:wheel you need to create a local admin users that is UID below 500 (so between 400 and 500 to be safe) and needs to be in the staff and admin group.

OK I slightly amended your script

Code:

#!/bin/bash



# create local hidden admin account

# hard code account variables



shortname="hadmin"

realname="Hidden Administrator"

UniqID=400

homefolder="/private/var/home"

defaultshell="/bin/bash"

password="mypassword"



dscl . -create /Users/"$shortname"

dscl . -create /Users/$shortname UserShell ${defaultshell}

dscl . -create /Users/$shortname RealName "${realname}"

dscl . -create /Users/$shortname UniqueID ${UniqID}

dscl . -create /Users/$shortname PrimaryGroupID 20

dscl . -create /Users/$shortname NFSHomeDirectory ${homefolder}

dscl . -passwd /Users/$shortname "${password}"



# now promote user to admin group



dscl . append /Groups/admin GroupMembership ${shortname}



# now set the loginwindow to hide all UIDs under 500



defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE



exit 0

things I changed were:
#!/bin/bash (just a typo)
UID to UniqID (had to change this variable, the script wouldnt run with the UID, it is a read only variable)
homefolder="/private/var/home" (this path, I wanted the home dir to be created in home inside var)

It seem to run ok accept that I think the home dir didnt create. Although I was able to log in with this user there is no home dir visible when logged in. And when I physically look in var/home/ there is nothing in it.

cheers

I think that by nature home directories create on the fly at first log in. So the home folder may not exist until you actually log in.

Glad that worked for you. I only had about 3 minutes of free time so I just typed that out as fast as I could. Now back to work...as my lunch break is now over.

ok I fixed it by creating another script:

Code:

/bin/mkdir -p /var/home/hadmin

/usr/bin/ditto -rsrc -V /System/Library/User\ Template/English.lproj/ /var/home/hadmin/

/usr/sbin/chown -Rf $USERNAME:admin /var/home/hadmin

/bin/echo "confirming what we just did…"

/bin/ls /var/home/hadmin/

/usr/bin/id hadmin

/bin/echo "if that looks good, we're all set."

I guess youre going to tell me that I dont really need a home folder now arnt you :D - anyway its done. and Im more confident with terminal. cheers

Quote:

Originally Posted by tlarkin (Post 598890)

thanks for your help mate - i owe you a pint or two cheers

This is where directory services local differs from server side I guess. Server side it creates on the fly when you first log in. Technically if this is for local administration and remote admin connection you don't need a home folder per se, but yeah I get it.

Copying the contents of the user template to the home folder will in fact create the desktop, documents, etc folders. Which is most likely what the server side does under the hood for you if you change anything in particular.

I will have to modify my create user scripts to add options for home folders.

Thanks,
Tom