Mac OS X Login and Logout Scripts Demystified

Before You Begin

There are some things one must understand about Mac OS X login scripts before you can begin:

  • Apple refers to them as login- and logout- “hooks”.
  • Hooks run as root so you need to su as the user to take actions as the user.
  • You must activate them with the defaults command or use Workgroup Manager in Open Directory.

Creating a Login Script

You can technically save your scripts anywhere on the filesystem, but /usr/local/bin makes a lot of sense for various reasons.
So, create a file there and mark it executable:

sudo touch /usr/local/bin/login
sudo chmod +x /usr/local/bin/login

Configuring Login Script Actions

Open the login script in your favorite editor:

sudo vi /usr/local/bin/login

Inside the script, you can do things as root or as the user as shown in this sample batch script:

#!/bin/bash

##
# Mac login script
##

# As root, create a directory named "/foo"
mkdir /foo

# As root, set or enforce system settings
defaults write ...

# As the user, create a directory named "~/foo"
su - $1 -c "/bin/mkdir -p ~/foo"

# As the user, set or enforce user settings
su - $1 -c "/usr/bin/defaults write ..."

The username is passed to the script as the one (and only) argument. In bash, you can use the $1 variable to access the username.

Activating a Login Script

Run this to activate the script:

sudo defaults write com.apple.loginwindow LoginHook /usr/local/bin/login

Logout Scripts

Configure a logout script by following the instructions above then activate it as follows:

sudo defaults write com.apple.loginwindow LogoutHook /usr/local/bin/logout
About these ads