User modification package

[hunter]

I am trying to do some user modification after successfully booting an InstaUp2date image with a package that contains the setup shell script and launch daemon item. I am seeing some odd behavior that i cant account for and was wondering if someone might be able to explain it. I have a package added to InstaDMG image that installs a shell script into the /Library/Scripts/CompanyName/ directory along with a LaunchDaemon plist that gets installed in /Library/LaunchDaemons/. This package gets properly incorporated into the image, and at first boot, the script gets launched and does a few things (i.e. time zone setup, etc) and eventually reboots the system. Interestingly enough, when the system returns the shell script is now of file type data and can no longer be executed by the LaunchDaemon. Can anyone explain why that occurs? Is it launchctl that does that?

Secondly, as part of the system changes i make, i have been trying to make changes to a pre-created user that is also packaged (a la createUser.pkg) into the image. I am simply trying to move a pre-created com.apple.dock.plist and com.apple.desktop.plist from their packaged location from within the Scripts directory as described above, to the pre-created user’s ~/Library/Preferences/ directory. Now i understand that the image doesn’t create the /Users/PreCreatedUserDirectory, but i am trying to do the moves after the user logs in at first boot. Which i would think means, the user’s ~/Library/Preferences/ directory has been created by that point. Can anyone shed a little light on why my approach isn’t working as expected? Seems simple enough to me, but i know there are far more knowledgeable folks on this list than i, LOL, that can help guide me to a solution.

[Patrick Fergus]

Question 1) launchctl shouldn’t bork your script by itself–can you paste the contents of your script and LaunchDaemon?

Question 2) You could:

– Use a Directory Service (OD, AD) and WorkGroup Manager, if available (preferred)
– Use local MCX (search the forum)
– Put a correct file in the User Template (/System/Library/User\ Template/English.lproj/)

If you’re just putting your plists into the pre-created user’s home, you’re going to have issues since OS X won’t copy over the User Template because it sees the user’s home directory there [i]already[/i] and skips copying the User Template.

– Patrick

[hunter]

I know it shouldnt, LOL, thats why i was asking, its really odd behavior and i cant explain it. here is the
system setup shell script contents:

[code]
#!/bin/bash

#No .ds-store on network shares
defaults write com.apple.desktopservices DSDontWriteNetworkStores true

#turn off time machine
defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool YES

#disable time machine in general
defaults write /Library/Preferences/com.apple.TimeMachine AutoBackup 0

#disable time machine new disk requests
defaults write com.apple.TimeMachine DoNotOfferNewDisksForBackup 1

#change status of the firewall: 0=off 1=on for specific services and 2=on for essential services
sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 0

#Globaly set the large print dialouge box
defaults write /Library/Preferences/.GlobalPreferences PMPrintingExpandedStateForPrint -bool TRUE

#use expanded save dialouges
defaults write -g NSNavPanelExpandedStateForSaveMode -bool TRUE

#use short name as default for logging into network shares
defaults write /Library/Preferences/com.apple.NetworkAuthorization UseDefaultName -bool NO
defaults write /Library/Preferences/com.apple.NetworkAuthorization UseShortName -bool YES

#set screen capture file format
defaults write com.apple.screencapture type pdf

#set the clock to display seconds
defaults write com.apple.MenuBarClock DisplaySeconds 1

#Adds Recents Things Stack to dock
defaults write com.apple.dock persistent-others -array-add ‘{ “tile-data” = { “list-type” = 1; }; “tile-type” = “recents-tile”; }’

#Hide sub 500UID users
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE

#Hide the Other user from login etc.
defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE

#Time Zone Setup
systemsetup -settimezone America/New_York

#Set to use Network Time Server dc3
systemsetup -setusingnetworktime on
systemsetup -setnetworktimeserver dc3

#Enable ARD for admin
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users “admin” -privs -all -restart -agent

#Start Remote Login
sudo /sbin/service ssh start

#Set ASUS to xserve1
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL “http://xserve1:8088/”
sudo defaults write com.apple.SoftwareUpdate CatalogURL “http://xserve1:8088/”

#Modify pre-created local admin Desktop/Dock
sudo mv /Library/Scripts/RCS/usermod/com.apple.desktop.plist /Users/ladmin/Library/Preferences/com.apple/desktop.plist
sudo mv /Library/Scripts/RCS/usermod/com.apple.dock.plist /Users/ladmin/Library/Preferences/com.apple.dock.plist
sudo mv /Library/Scripts/RCS/usermod/com.apple.dock.db /Users/ladmin/Library/Preferences/com.apple.dock.db
sudo rmdir /Library/Scripts/RCS/usermod

#Remove Launchd item
sudo rm /Library/LaunchDaemons/org.server.systemsetup.plist

#Reboot in 1 minute
sleep 60
sudo reboot

#Self Destruct
srm “$0”
[/code]

Launch Daemon contents:

[code]


Disabled

Label
org.server.systemsetup
ProgramArguments

sudo
./Library/Scripts/RCS/systemsetup.sh

RunAtLoad
[/code]

I would put it in the User Template but this is only for the one user that will be pre-created on the system. Is there no way
to get this done in this manner then? And at this point the machine isnt bound to AD or OD though i would agree using
MCX is a much better and more graceful solution.

[Rusty Myers]

This code is why the script is no longer executable:
[code]#Self Destruct
srm “$0”
[/code]

Perhaps you can script the copy of the home folder (ditto, chown) and then install the preferences.
[code]
sudo ditto -rsrc /System/Library/User Template/English.lproj /Users/user

sudo chown -R user:staff /Users/user
[/code]

HTH!
Rusty

EDIT: I didn’t test any of the user template commands!

[Patrick Fergus]

[i]when the system returns the shell script is now of file type data and can no longer be executed by the LaunchDaemon[/i][code]#Reboot in 1 minute
sleep 60
sudo reboot

#Self Destruct
srm “$0″[/code]You’re rebooting and then while the reboot is occurring you’re trying to securely delete the script.

– Patrick

[hunter]

Ahh Haaa!! I will remove that, thanks to both responses. That will fix the first issue. Now to look closer at the second.

[Patrick Fergus]

Regarding your setup script, a lot of what you’re doing could be baked into your image at InstaDMG runtime with a few modifications and being inserted into a payload-free pkg. For example:[code]#!/bin/bash

#No .ds-store on network shares
defaults write “$3″/Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true

#turn off time machine
defaults write “$3″/Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool YES

#disable time machine in general
defaults write “$3″/Library/Preferences/com.apple.TimeMachine AutoBackup 0

#Globaly set the large print dialouge box
defaults write “$3″/Library/Preferences/.GlobalPreferences PMPrintingExpandedStateForPrint -bool TRUE[/code]”$3” is pkg postflight language for “the target installation disk”.

Another thing to consider that your setup script (as written) is running as root at first startup via a LaunchDaemon, and unless you fully path the target of your “defaults” commands (e.g. the difference between:[code]defaults write com.apple.TimeMachine DoNotOfferNewDisksForBackup 1[/code]and[code]defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup 1[/code]) you’re writing your settings to root’s account. Those settings likely will not affect the user you are trying to create.

Also, just as thespider mentioned above you should be copying in the User Template [i]before[/i] writing any preferences. A template-less user [url=https://www.afp548.com/forum/viewtopic.php?showtopic=23062]doesn’t work very well[/url] and will give you all sorts of strange issues. You may want to do something like the following [i]after[/i] you create the account record:[code]#/bin/bash
username=USERNAME

/bin/mkdir /Users/$username
/usr/bin/ditto -rsrcFork /System/Library/User\ Template/English.lproj /Users/$username[/code]and then when you’re done editing settings:[code]#/bin/bash
username=USERNAME

/usr/sbin/chown -R $username /Users/$username[/code]But overall most (all?) of what you’re doing could either be baked into the build at InstaDMG time rather than first boot. First boot is for things that can’t be baked in easily, like enabling AppleTalk, binding to AD, or setting the time zone if you have machines being built in multiple time zones.

Regarding your LaunchDaemon, IIRC LaunchDaemons run as root by their nature. You shouldn’t need to sudo it.

– Patrick

[hunter]

Thanks Patrick, i will take your advice and correct a few things as suggested and work towards moving the bulk of this into a pkg post-flight script. I havent done that up to this point, so i am not 100% sure on how to accomplish that. What i have done so far, just to give you a little background, was to take a Retail 10.5 DVD and create an image out of that using DiskUtility. Then worked with InstaUp2date and the Apple updates and security update packages, as well as createUser and clearReg packages, and rolling an image that i can then NetRestore from a netbooted client machine. Nothing really magic there, but i havent gotten into the post-flight stuff yet, and again, not sure just how to go about doing that.

[Patrick Fergus]

For payload-free pkgs, see post #3:

[url=https://www.afp548.com/forum/viewtopic.php?showtopic=19312]Creating Payload-Free Packages?? How-To Needed..[/url]

– Patrick

[knowmad]

and just to kick the horse that passed away:
a lot of those defaults can be set via MCX.
actually all of it can.
OR
write the defaults to the English.lproj
worth considering….. really

[hunter]

Thank you both for your insightful advice, i am working my way through your suggestions!!

[Author]

Posts