Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

macOS Self Destructing Apple Script

A

allamar

macrumors newbie
Original poster
Jun 27, 2010
4
0
I've been looking for a way to create a self destructing Apple Script. What I mean by this is, I would to create an apple script that on startup, opens up system preferences, opens up sharing, checks to see if the item "remote login" is checked, and if it is, Uncheck it. After this is done, I would like the script and anything associated with it to delete itself.

I would love it if I could get some help on this matter. Also, I apologize if I posted this in the wrong section.
 
Use Launchd and have the script remove the LaunchAgent at the completion of the script. So you aren't removing the script, but instead removing the mechanism by which it is started.

For your reading pleasure:
http://developer.apple.com/mac/libr.../Reference/ManPages/man5/launchd.plist.5.html

If I may ask, why are you doing this?

Also, I am not sure if your description of the script was literal, but I would recommend using systemsetup or launchctl to determine if remote login in on. For example:

Code: 
systemsetup -getremotelogin

This will tell you if it is on. To turn if off:

Code: 
systemsetup -f -setremotelogin off

The -f is required, otherwise it will ask for confirmation. You will of course have to use:

Code: 
do shell script

In AppleScript and write your if statements based on the results of the remotelogin status.
 
Thanks for the fast response.

I work at a school. We're technically not supposed to use auto scripts, but every morning we have a check-list of things to go through. Some of the students turn on remote login and ssh from other computers. Unfortunately, we're not allowed to change the security settings set up by the I.T Department. However, I spoke with my supervisor and what we can do is have a script that we load that goes through that portion of the check-list and then auto deletes itself. I was told that it was necessary to delete it so that no students could get a hold of the script. I'm a complete noob when it comes to apple scripting so I really don't even have the first clue as to how to do this. However, I was told that this was the place to ask. If it's possible, I would really love it to be a script or an application that will delete itself as soon as it is done.
 
Well, from the sounds of it, you want the script to run daily, correct?

How do you plan to have this run daily if the script is deleting itself?

As long as the script does not contain sensitive information, I don't see any reason to delete it. You can however compile it as run only, that way students will be unable to view the contents of the script.
 
Hmmm. You bring up some good points. I'm not sure how I can really get around this without breaking the rules... With that said, I may need to come up with another solution. I can ssh into all of the computers, is there a way (without apple remote desktop) to turn off the option using ssh .
 
This thread would imho better run in some 'admin' section than in 'mac programming', so maybe a moderator keeps an eye on that.

As far as i understand the op, there could be some security issue within the system settings of the pupil's macs: If they're allowed to change the system settings of the single units, here the 'sharing' settings (which contain the options to remote ssh logins), they seem to use some kind of admin account.
(Regular users under OS X aren't supposed to change these settings and therefore have not the rights to do that.)
In this scenario, you probably will run into some 'Admin-vs-Admin' war, because in the worst case every other admin user will stay able to run some kind of script, which will disable your 'login resetter' automatically.

To me, the better option seems to talk to the IT Department and ask them to change the pupil's accounts to regular user accounts ('Standard' account), which aren't allowed to change (locked) major settings without the admin password (to which they usually shouldn't have access to).
So they wouldn't be able to activate remote login daily, too.

Also see Mac Help on this modus operandi.


AFAIK the activation of additional (regular) user accounts doesn't impact neither on the established security settings of the internal network nor the settings of the mac units, so that wouldn't harm.
 
As the other responses have mentioned, if the students have admin accounts there's really not much you can do, since admins can't really be overridden. If students don't have admin accounts, then if you have "Require a password to unlock each system pref pane" checked in Security, then this shouldn't be a problem to begin with. I doubt they need to have admin accounts for anything in the first place.
 
It sounds like they may be ok with it, they just want to shut if off at the start of each day. But, who knows really.

fredthefool, we don't really have an admin section here, I suppose it could fall under OS X Server and notions of a managed client, but since this one deals with applescript it is probably alright staying here.
 
No need for scripts.

1. Password protect System preferences changes (1 click)
2. Use secure password
 
Consultant said:
No need for scripts.

1. Password protect System preferences changes (1 click)
2. Use secure password
Click to expand...

They may very well be fine with it, they simply want to reset it daily. We don't really know until the OP returns.

Also, it sounds like the students are admins, so it won't matter if it is protected.
 
allamar said:
Hmmm. You bring up some good points. I'm not sure how I can really get around this without breaking the rules... With that said, I may need to come up with another solution. I can ssh into all of the computers, is there a way (without apple remote desktop) to turn off the option using ssh .
Click to expand...

This is a strange request. How can you ssh into all the computers if remote login is disabled? If you disable it, how will you be able to log in? Why is the contents of the script secret?

It doesn't really make sense to do what you want to do. It's probably a very bad idea to let users muck about with the sshd directly anyway because there is simply no way to guarantee that you'd be able to login remotely yourself. Also, it seems you're trying to circumvent the admins' policies instead of talking to them and asking them for a more robust solution.

Anyway, there are ways to do what you say you want simply by sending a launchctl command via ssh, but I question whether you actually want to do what you say you want.
 
Come to think about it, the OP is probably the student who wants to bypass school's security settings.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back