echo $USERYou can then put this into your scripts. I’ve been using the same block of code for decades, which can be run in a script by itself if you’d like to paste this into one.
if [[ $USER != "root" ]]; then echo "This script must be run as root" else echo "You are root" exit 1 fiNote: Keep in mind that the built-in $USER variable is case sensitive. Obviously, most people won’t keep the lines that contain the else and you are root echo statements. You can just remove these or replace them with the meat of your script that requires elevated privileges to run. Enjoy.
krypted December 21st, 2015
passwd chronosOnce you’ve got slightly more secure shell environment (by virtue of not using the default root password), it is time to do a little exploring. Notice that in /bin, you see sh, bash, rbash and the standard fare of Linux commands (chmod, chown, cp, attr, etc. Notice that you don’t see tcsh, csh or ksh. So bash commands from other platforms can come in, but YMMV with tcsh, etc. Running ps will give you some idea of what’s going on process-wise under the hood:
ps auxFrom encrypts to crypto to the wpa supplicant, there’s plenty to get lost in exploring here, but as the title of the article suggests, we’re here to write a script. And where better to start than hello world. So let’s mkdir a /scripts directory:
mkdir /scriptsThen let’s touch a script in there called helloworld.sh:
touch /scripts/helloworld.shThen let’s give it the classic echo by opening it in a text editor (use vi as nano and pico aren’t there) and typing:
echo "Hello Cruel World"Now close, save and then run it:
/scripts/helloworld.shAnd you’ve done it. Use the exit command twice to get back to crosh and another time to close the command line screen. You now have a script running on ChromeOS. Next up, it’s time to start looking at deployment. This starts with knowing what you’re looking at. To see the kernel version:
uname -rOr better:
cat /proc/versionGoogle has been kind enough to build in similar sandboxing to that in Mac OS X, but the concept that you can’t run local applications is a bit mistaken. Sure, the user interface is a web browser, but under the hood you can still do much of what most deployment engineers will need to do. If these devices are to be deployed en masse at companies and schools, scripts that setup users, bind to LDAP (GCC isn’t built-in, so it might be a bit of a pain to get there), join networks and the such will need to be forthcoming. These don’t often come from the vendor of an operating system, but from the community that ends up supporting and owning the support. While the LDAP functionality could come from Google Apps accounts that are integrated with LDAP, the ability to have a “One touch deploy” is a necessity for any OS at scale, and until I start digging around for a few specific commands/frameworks and doing some deployment scripts to use them, right now I’m at about a 6 touch deploy… But all in good time!
krypted September 8th, 2011
killall opendirectorydAlso, local account passwords in OS X have been moved into attributes within user account property lists and so there is no longer a /var/db/shadow/hash directory. Therefore, copying property lists and their associated password hash file is no longer a necessary process. dsperfmonitor vs odutil Next, dsperfmonitor has gone to the great binary place in the sky to join dirt and DirectoryService. It is somewhat replaced with odutil. The odutil command is pretty easy and straight forward. You can see all open sessions, nodes, modules, requests, statistics and nodenames using the show verb (along with those subcommands). You can also set the logging level for directory services to alert, critical, error, warning, notice, info and debug, each with more and more events that are trapped. This is done with the set log verb along with the level (which is by default set to error):
odutil set log debugThe odutil command is also used to enable statistics. These are pretty memory intensive (or they were on a mini w/ 4GB of memory in it but might not be with your 32GB of RAM fortified Xserve). This is done using odutil’s set statistics verb w/ an option of either on or off:
odutil set statistics onNote: It’s worth noticing that stats are persistent across restarts, so don’t forget to turn it off. dsconfigldap For Open Directory administrators, you’ll be elated to know that your LDAP bind script just got a bit shorter. Now, search policies are updated automatically when binding via dsconfigldap. But, if you have a bunch of scripting that you don’t want to rip apart you can still do search policies manually by using the spiffy new -S option for dsconfigldap (yes, I just insinuated that -S was for spiffy, what’s it to ya’?!?!). Kerberos scutil can now be used to view Active Directory Kerberos information. scutil can also be used to query the search node and interface states. klist no longer seems to function properly, so use ktutil to with a list verb to see service principals:
ktutil listdsconfigad Not to be left out, the Active Directory binding tool, dsconfigad, got some new flair as well (yes, I just insinuated that dsconfigad was really Jennifer Aniston’s contribution to OS X and I challenge you to prove me wrong). There is now a -restrictDDNS option, which I’m sure you can guess disable dynamic DNS registration in Active Directory-integrated DNS zones. There’s also the rockin’ new -authority option, which enabls or disables Kerberos authority generation. Finally, dsconfigad gets some minor cosmetic changes. -f becomes -force, -r becomes -remove, -lu becomes -localuser, -lp becomes localpassword, -u becomes username, -p becomes -password, but the original options still work. Who knows how long the old operators will stick around, but my guess is they’ll be around until dsconfgad isn’t… Most options and settings for the AD plug-in should now be configured following the AD bind process (thanks to @djstarr for that little addition). How does this impact your scripts. Just move the settings to the bottom of the script if they give you gruff… Also, the -enableSSO option has been changed to -enablesso. Defaults Finally, defaults allows you to put the .plist in the command when you use a file path to list them out. This should eliminate the 6 backspaces we often had to type to test certain things after auto-completing file names… 🙂
krypted July 20th, 2011
open facetime://email@example.comOr if my phone number were 310-555-1212 (it is you know;):
open facetime://3105551212Happy FaceTiming
krypted November 9th, 2010
Posted In: Mac OS X
defaults write com.apple.dock persistent-apps -array-add ‘<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Applications/Microsoft Office 2008/Microsoft Word</string><key>_CFURLStringType</key><integer>0</integer></dict></dict></dict>’You can also add a custom title for the object that you are adding by using the file-label key and providing a string with the content that you want the label to have. You can also add a folder or file to the dock using a similar command:
defaults write com.apple.dock persistent-apps -array-add “<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Users</string><key>_CFURLStringType</key><integer>0</integer></dict><key>file-label</key><string>UsersDirectory</string><key>file-type</key><integer>18</integer></dict><key>tile-type</key><string>directory-tile</string></dict>”You can also write an object using a variable, or another command when wrapped with “. For example, if we wanted to put a link to the specific users directory rather than the /Users directory we would use the following:
defaults write com.apple.dock persistent-apps -array-add “<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>/Users/`whoami`</string><key>_CFURLStringType</key><integer>0</integer></dict><key>file-label</key><string>MyHome</string><key>file-type</key><integer>18</integer></dict><key>tile-type</key><string>directory-tile</string></dict>”There are several uses for this. For example, you can link to certain folders that allow you to access recently changed content. Provided you have mounted a network share you can also add a network directory, similar to what happens when you add your Network Home in managed preferences. But this gets the process started and from here it’s just figuring out your specific logic. Once you have added an item into the Dock you’ll then need to restart it:
killall DockYou should then see your Dock item. It is worth noting that if the location does not exist then you will need to create it and so you might script some logic as such. Also, if you create the location after creating the item then you will need to restart the Dock again.
krypted August 2nd, 2010
diskutil secureErase freespace [level] [device]The levels are as follows (per the man page as not all of these are specified in Disk Utility):
diskutil secureErase freespace 0 /Volumes/SeldonIf you were to automate the command then you would want to dump the output into a log file. For example:
diskutil secureErase freespace 0 /Volumes/Seldon > /var/log/secureeraselog.tmp
krypted February 22nd, 2010
Posted In: Mac OS X
krypted February 1st, 2010
krypted January 15th, 2010
Posted In: Windows XP
networksetup -listlocationsIf you are on a freshly installed system you should see Automatic as your only location. Therefore, that should be the output of the next option. But just to make sure, now use the -getcurrentlocation option to show your current location:
networksetup -getcurrentlocationWhen you’re scripting the creation of locations you will use the -createlocation option. This option will allow you to create a new location without any network services created for that location. Let’s create an empty location called Work
networksetup -createlocation WorkThis will create an entry in the /Library/Preferences/SystemConfiguration/preferences.plist. Each of these entries is marked with a unique identifier. That unique identifier is then referenced as a Set within the preferences.plist and as you create network services they are in turn referenced by a unique identifier within the set. While we’re creating locations we can go ahead and create one with the default set of network services (1 of each physical adapter). To do so, use the -createlocation option again, but this time follow it with a populate verb. We’ll use this location to setup a location for home.
networksetup -createlocation Homeq populateOops, did we misspell Home as Homeq, we should probably delete that and create the one we actually meant to create. To do so use the -deletelocation option and then add the Home location again:
networksetup -deletelocation HomeqThe -deletelocation option will amusingly output the string found it!
networksetup -createlocation Home populateNext, in order to configure the various network services within each location you will need to switch to that location. Here, we will switch the active location using the -switchlocation option:
networksetup -switchlocation WorkWith the appropriate location selected, use the -createnetworkservice, -removenetworkservice and -ordernetworkservices options to more granularly configure your locations, as I previously covered.
krypted December 10th, 2009