Go Back   The macosxhints Forums > OS X Help Requests > System



Reply
 
Thread Tools Rating: Thread Rating: 4 votes, 5.00 average. Display Modes
Old 05-06-2005, 05:17 PM   #1
perl
Prospect
 
Join Date: Mar 2004
Location: New York
Posts: 18
How do I run a script at user login?

Prior to Tiger, OSX had a LoginHook/LogoutHook feature that allowed you to run an arbitrary shell script whenever a user logged in or out. In Tiger, this feature has been abruptly removed (thanks for the advance warning, Apple) supposedly replaced by something else, but I can't find any coherent information on how to duplicate the functionality of LoginHook/LogoutHook under Tiger. Can anyone enlighten me?
perl is offline   Reply With Quote
Old 05-06-2005, 06:07 PM   #2
tas
Triple-A Player
 
Join Date: Nov 2002
Location: Frankfurt, Germany
Posts: 167
Unbelievable! You're absolutely right, this doesn't work anymore. And the information that Apple provides reads like a parody. Here's what the document "System Startup Programming Topics" has to say about the topic:
Code:
The -LoginHook and -LogoutHook parameters were particularly useful because 
they permit custom administrative, accounting, or security programs to run as 
part of the login and logout procedures.
I had a wonderful logouthook that would back up my data to a second internal drive, and like you, I'm wondering how to get this functionality back.
tas is offline   Reply With Quote
Old 05-06-2005, 06:38 PM   #3
giskard22
Moderator
 
Join Date: May 2003
Posts: 4,272
It's second-hand info, but I have it on reasonably good authority that the documentation is going to be changed. The capability is not meant to be deprecated, even though they did get rid of one way of doing it. Previously, you could either modify your ttys file to add the parameters to the command that launches loginwindow, or you could put the parameters in loginwindows' plist file. You can no longer use the plist. Use the example in Apple's documentation here to see how to modify your /etc/ttys file to make it work again.
giskard22 is offline   Reply With Quote
Old 05-07-2005, 01:05 AM   #4
perl
Prospect
 
Join Date: Mar 2004
Location: New York
Posts: 18
LoginHook option not working

I've tried the -LoginHook options but they don't seem to be working. Here's the console line from my /etc/ttys:

console "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow -LoginHook /local/lib/login/LoginHook.osx -LogoutHook /local/lib/login/LogoutHook.osx" vt100 on secure onoption="/usr/libexec/getty std.9600"

What am I doing wrong?
perl is offline   Reply With Quote
Old 05-07-2005, 02:27 AM   #5
tas
Triple-A Player
 
Join Date: Nov 2002
Location: Frankfurt, Germany
Posts: 167
Quote:
Originally Posted by giskard22
It's second-hand info, but I have it on reasonably good authority that the documentation is going to be changed. The capability is not meant to be deprecated, even though they did get rid of one way of doing it. Previously, you could either modify your ttys file to add the parameters to the command that launches loginwindow, or you could put the parameters in loginwindows' plist file. You can no longer use the plist. Use the example in Apple's documentation here to see how to modify your /etc/ttys file to make it work again.

Your "reasonably good authority" is wrong, modifying the /etc/ttys doesn't work either. Which is what the document I linke to says:
Code:
To use the loginwindow hooks on versions of Mac OS X prior to 10.4, you must
modify the code for launching loginwindow found in /etc/ttys.
"Prior to 10.4." Looks like they got rid of this functionality for good. Just great.
tas is offline   Reply With Quote
Old 05-07-2005, 03:50 AM   #6
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,473
A file named "TODO" in the 'launchd' source code (available as part of Darwin) shows "per user support" as one of the items that presumably will get implemented as time is available.
No further details, but I might guess that login/logout hooks would be part of this.
hayne is online now   Reply With Quote
Old 05-09-2005, 03:50 PM   #7
perl
Prospect
 
Join Date: Mar 2004
Location: New York
Posts: 18
So because they plan on implementing a replacement for LoginHooks, they disable the old feature before the replacement is available? Unbelievable!
perl is offline   Reply With Quote
Old 05-09-2005, 07:22 PM   #8
giskard22
Moderator
 
Join Date: May 2003
Posts: 4,272
There's quite a storm on Apple's Client Management mailing list about this very issue. It appears that if you use the 'defaults' command in the Terminal and 'sudo' it, this works.
Code:
sudo defaults com.apple.loginwindow LoginHook /path/to/script
This puts the LoginHook preference in the root user's home directory, which to me makes no sense (/private/var/root/Library/Preferences/com.apple.loginwindow.plist). But it works!

I'm trying to understand how the defaults system works in 10.4. When you use the 'defaults read' command, you never ever get keys from any of the files in /Library/Preferences. Only the stuff in ~/Library shows up. And after doing the command above, if you do
Code:
defaults read com.apple.loginwindow
you don't get your LoginHook. You always have to use 'sudo'. Isn't this different than in 10.3?

I think it makes no sense that items in /Library are ignored but items in the root user's home directory take effect for all users. Is that how things normally work?
giskard22 is offline   Reply With Quote
Old 05-09-2005, 07:52 PM   #9
biovizier
All Star
 
Join Date: May 2004
Location: london on ca
Posts: 930
I'm glad that 'sudo defaults write...' for login hooks works. Thanks for the update. As for writing the preference to root's "Library", I suppose that sort of makes sense if "loginwindow" is running as "root"... I know that the language used in the main login window is determined by the language set in the "root" user's ".GlobalPreferences.plist" file. Ok so maybe that doesn't make sense either, but it is a precedent.

But as long as it works, the new way should be considered an improvenet since it would mean it is no longer possible for someone logged in to an "admin" account to add a "login hook" (intentionally or via trojan) without supplying a password. Given that scripts launched by "login hook" run as root, the issue of "/Library" and "/Library/Preferences" being writable by "admin" group users being a problem has come up before. There was a bug in earlier "Panther" versions (I haven't checked lately to see if it's still there) in which a non-admin could acquire write privileges to "admin" writable directories which made "login hooks" a huge security hole.
biovizier is offline   Reply With Quote
Old 05-09-2005, 09:21 PM   #10
giskard22
Moderator
 
Join Date: May 2003
Posts: 4,272
They fixed the pref file issue anyway. If you look in /Library/Preferences, all those files are owned by root and writeable only by owner. If you change one (like add g+w to com.apple.loginwindow.plist) and reboot, you'll see it's been changed back. Given that it requires an admin password to do the 'chmod' in that case, they could have left the LoginHook capability there and still had it protected.

What cracks me up about the whole thing is that Mike Bombich just released a revision of his LoginWindow Manager that works in 10.4. And even he didn't know you had to write those keys to a different location; it still writes them in /Library/Preferences/com.apple.loginwindow.plist.
giskard22 is offline   Reply With Quote
Old 05-10-2005, 02:37 PM   #11
mark hunte
MVP
 
Join Date: Apr 2004
Location: Hello London Calling
Posts: 1,787
Apple have posted this.

http://docs.info.apple.com/article.html?artnum=301446
mark hunte is offline   Reply With Quote
Old 05-10-2005, 03:42 PM   #12
giskard22
Moderator
 
Join Date: May 2003
Posts: 4,272
Yeah, I thought that was pretty funny. Clearly there are some Apple employees on the mailing lists. I don't think there's a single Mac forum I visit that hasn't had discussions on this topic.

Apparently though, 10.4 Server adds Login and Logout Hooks to its managed preferences. I won't get my copy for a couple months, but hopefully this whole discussion will be moot for me. :-)
giskard22 is offline   Reply With Quote
Old 05-12-2005, 03:18 AM   #13
tas
Triple-A Player
 
Join Date: Nov 2002
Location: Frankfurt, Germany
Posts: 167
giskard22, you're the man! I just came home to my Tiger box, and with "sudo defaults write ..." my logouthook is working again. Thanks for pointing that out. And shame on Apple for their abysmal system of not informing customers about these changes.
tas is offline   Reply With Quote
Old 05-12-2005, 10:07 AM   #14
CPYCGerry
Triple-A Player
 
Join Date: Mar 2004
Posts: 81
What if BOTH of us want to create a login hook

a) Product A (myProg) changes LoginHook on installation via the postinstall script.

b) Product B (yourProg) changes LoginHook on installation via the postinstall script.

Guess what? myProg doesn't launch anymore.

I'm staying with /Library/Preferences/loginwindow.plist. It works uniformly on 10.2.x, 10.3.x, 10.4. That allows multiple entries in the array AutoLaunchedApplicationDictionary. Symantec uses it.
CPYCGerry is offline   Reply With Quote
Old 05-12-2005, 10:44 AM   #15
giskard22
Moderator
 
Join Date: May 2003
Posts: 4,272
I'm fairly sure Apple would say that loginhooks aren't a "proper" way to make your program function. It may just be the circles I run in ;-), but every use I've heard of for them has been people doing client management, like a bunch of systems in a computer lab. And let me tell you: Symantec is generally a great example of how not to do things. Their products have been causing havoc under OS X since day 1. Every time there's an OS update, something breaks.

And I'm not sure you're talking about the same capability. Login and Logout Hooks are generally used by people who want to make changes to the file system before or after a user session. They aren't designed to be a launching mechanism for processes that are going to be running during the user session.

I use them to automatically refresh certain home directories so our lab computers always appear fresh to the next user. For stuff that's going to happen once the GUI loads, I use regular login items.
giskard22 is offline   Reply With Quote
Old 05-12-2005, 11:10 AM   #16
CPYCGerry
Triple-A Player
 
Join Date: Mar 2004
Posts: 81
What IS recommended?

What I need is the ability to launch the application everytime any user logs in. I have a daemon. Each user on a machine has to have the ability to uniquely configure the daemon via an LSUIElement application (a Apple Menu Bar item like sound volume). If the user logs out and a new one logs in, the daemon must be configured to that user's specification. Currently I do this by relaunching the app and reading that user's preferences. Any ideas?
CPYCGerry is offline   Reply With Quote
Old 05-12-2005, 02:07 PM   #17
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,473
Quote:
Originally Posted by CPYCGerry
What I need is the ability to launch the application everytime any user logs in. I have a daemon. Each user on a machine has to have the ability to uniquely configure the daemon via an LSUIElement application (a Apple Menu Bar item like sound volume). If the user logs out and a new one logs in, the daemon must be configured to that user's specification. Currently I do this by relaunching the app and reading that user's preferences. Any ideas?

Umm, why aren't you just adding your app to each user's Login Items?
hayne is online now   Reply With Quote
Old 05-12-2005, 08:36 PM   #18
CPYCGerry
Triple-A Player
 
Join Date: Mar 2004
Posts: 81
That is the long way

Yep - I can go through the users and add the app to each ~/Library/Preferences/loginwindow.plist. One problem with that is any new user added after the installation would not get the app launched. About a year ago, I discovered an undocumented feature that the file /Library/Preferences/loginwindow.plist is used by every user.

So my issue is still that it is easy to add an entry into AutoLaunchedApplicationDictionary via "defaults add" when using the command line (or the postinstall/postupgrade script). But the problem is that it is not easy to delete one item from the array via the command line.

I writing a Bash script to edit the file.

If there is another way to get this all done, I'd like to see a link to the process.
CPYCGerry is offline   Reply With Quote
Old 05-12-2005, 09:28 PM   #19
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,473
Quote:
Originally Posted by CPYCGerry
One problem with that is any new user added after the installation would not get the app launched

I would consider that a feature - each user (or administrator who controls that user's account) can decide whether or not your app is desired.
Don't underestimate the usefulness of having "vanilla" user accounts for troubleshooting.
hayne is online now   Reply With Quote
Old 05-12-2005, 10:14 PM   #20
CPYCGerry
Triple-A Player
 
Join Date: Mar 2004
Posts: 81
Not that easy...

My daemon takes over certain I/O features. One of the UI options is to bypass. A vanilla user would not work without the app running.
CPYCGerry is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 03:43 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.