Jan 12, '04 08:22:00AM • Contributed by: jaysoffian
In any case, this is a three-part tip since I think that even if you continue to use sshLogin, you'll find parts of this useful. Part 1 (this hint) will implement per-user login and logout hooks; Part 2 implements a Keychain command line utility; and Part 3 implements the whole process.
[robg adds: This three-part hint is quite advanced; I have not tested any of it, so you're on your own if you choose to try it on your machine. Before proceeding, you should have a solid level of knowledge concerning the Terminal, text editors, creating executable files, etc.]
Part 1: Implementing per-user Login/Logout hooks
As you may be aware, OS X provides a facility to run a command whenever a user logs in or out. However, this command is always run as root and is passed as an argument the username of the user logging in. I wanted to allow for per-user Login hooks on my system. Here's how I did it:
- Create the directory /Library/Hooks. Place in this directory a single shell-script, called LoginHook, whose contents are:
#!/bin/sh hook="/Users/$1/Library/Hooks/`basename $0`" [ -x "$hook" ] || exit 0 exec su - -f "$1" -c "$hook" "$@"
[ IMPORTANT - this script assumes user home directories are still in the default location of /Users/. If you've moved them, either adjust this script, or figure out how to make it more complicated by looking up the user home directories dynamically via something like getpwnam() ... ]
- Make sure the file and directory have proper ownership and permissions:
# chmod -R 755 /Library/Hooks # chown -R root:wheel /Library/Hooks
- Create a link to this file, called LogoutHook:
# ln /Library/Hooks/LoginHook /Library/Hooks/LogoutHook
- Enable the login hooks via the defaults command:
# defaults write com.apple.loginwindow LoginHook "/Library/Hooks/LoginHook" # defaults write com.apple.loginwindow LogoutHook "/Library/Hooks/LogoutHook"
[ IMPORTANT - you have to run the defaults command as root, or via sudo, otherwise you'll update your personal com.apple.loginwindow prefence file and not the global one. ]
[ IMPORTANT - if you're using sshLogin, it will have already set these values. Other similar-type utilities may also set these hooks. Make sure you preserve the current settings for LoginHook and LogoutHook (
defaults read com.apple.loginwindow) in case you want to back-out these changes. ]
As for what to do with them, see part 3 of this tip (but you might want to see part 2 first...) :-)
