Self Destructing Apple Script

Discussion in 'Mac Programming' started by allamar, Jun 27, 2010.

  1. allamar macrumors newbie

    Joined:
    Jun 27, 2010
    #1
    I've been looking for a way to create a self destructing Apple Script. What I mean by this is, I would to create an apple script that on startup, opens up system preferences, opens up sharing, checks to see if the item "remote login" is checked, and if it is, Uncheck it. After this is done, I would like the script and anything associated with it to delete itself.

    I would love it if I could get some help on this matter. Also, I apologize if I posted this in the wrong section.
     
  2. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #2
    Use Launchd and have the script remove the LaunchAgent at the completion of the script. So you aren't removing the script, but instead removing the mechanism by which it is started.

    For your reading pleasure:
    http://developer.apple.com/mac/libr.../Reference/ManPages/man5/launchd.plist.5.html

    If I may ask, why are you doing this?

    Also, I am not sure if your description of the script was literal, but I would recommend using systemsetup or launchctl to determine if remote login in on. For example:

    Code:
    systemsetup -getremotelogin
    This will tell you if it is on. To turn if off:

    Code:
    systemsetup -f -setremotelogin off
    The -f is required, otherwise it will ask for confirmation. You will of course have to use:

    Code:
    do shell script
    In AppleScript and write your if statements based on the results of the remotelogin status.
     
  3. allamar thread starter macrumors newbie

    Joined:
    Jun 27, 2010
    #3
    Thanks for the fast response.

    I work at a school. We're technically not supposed to use auto scripts, but every morning we have a check-list of things to go through. Some of the students turn on remote login and ssh from other computers. Unfortunately, we're not allowed to change the security settings set up by the I.T Department. However, I spoke with my supervisor and what we can do is have a script that we load that goes through that portion of the check-list and then auto deletes itself. I was told that it was necessary to delete it so that no students could get a hold of the script. I'm a complete noob when it comes to apple scripting so I really don't even have the first clue as to how to do this. However, I was told that this was the place to ask. If it's possible, I would really love it to be a script or an application that will delete itself as soon as it is done.
     
  4. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #4
    Well, from the sounds of it, you want the script to run daily, correct?

    How do you plan to have this run daily if the script is deleting itself?

    As long as the script does not contain sensitive information, I don't see any reason to delete it. You can however compile it as run only, that way students will be unable to view the contents of the script.
     
  5. allamar thread starter macrumors newbie

    Joined:
    Jun 27, 2010
    #5
    Hmmm. You bring up some good points. I'm not sure how I can really get around this without breaking the rules... With that said, I may need to come up with another solution. I can ssh into all of the computers, is there a way (without apple remote desktop) to turn off the option using ssh .
     
  6. fredthefool macrumors newbie

    Joined:
    Jun 4, 2008
    #6
    This thread would imho better run in some 'admin' section than in 'mac programming', so maybe a moderator keeps an eye on that.

    As far as i understand the op, there could be some security issue within the system settings of the pupil's macs: If they're allowed to change the system settings of the single units, here the 'sharing' settings (which contain the options to remote ssh logins), they seem to use some kind of admin account.
    (Regular users under OS X aren't supposed to change these settings and therefore have not the rights to do that.)
    In this scenario, you probably will run into some 'Admin-vs-Admin' war, because in the worst case every other admin user will stay able to run some kind of script, which will disable your 'login resetter' automatically.

    To me, the better option seems to talk to the IT Department and ask them to change the pupil's accounts to regular user accounts ('Standard' account), which aren't allowed to change (locked) major settings without the admin password (to which they usually shouldn't have access to).
    So they wouldn't be able to activate remote login daily, too.

    Also see Mac Help on this modus operandi.


    AFAIK the activation of additional (regular) user accounts doesn't impact neither on the established security settings of the internal network nor the settings of the mac units, so that wouldn't harm.
     
  7. Zortrium macrumors 6502

    Joined:
    Jun 23, 2003
    #7
    As the other responses have mentioned, if the students have admin accounts there's really not much you can do, since admins can't really be overridden. If students don't have admin accounts, then if you have "Require a password to unlock each system pref pane" checked in Security, then this shouldn't be a problem to begin with. I doubt they need to have admin accounts for anything in the first place.
     
  8. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #8
    It sounds like they may be ok with it, they just want to shut if off at the start of each day. But, who knows really.

    fredthefool, we don't really have an admin section here, I suppose it could fall under OS X Server and notions of a managed client, but since this one deals with applescript it is probably alright staying here.
     
  9. hhas macrumors regular

    Joined:
    Oct 15, 2007
    #9
    Are you allowed to change the I.T. Department instead? From the sound of things, this would be a much more secure solution.
     
  10. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #10
    No need for scripts.

    1. Password protect System preferences changes (1 click)
    2. Use secure password
     
  11. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #11
    They may very well be fine with it, they simply want to reset it daily. We don't really know until the OP returns.

    Also, it sounds like the students are admins, so it won't matter if it is protected.
     
  12. macsmurf macrumors 65816

    macsmurf

    Joined:
    Aug 3, 2007
    #12
    This is a strange request. How can you ssh into all the computers if remote login is disabled? If you disable it, how will you be able to log in? Why is the contents of the script secret?

    It doesn't really make sense to do what you want to do. It's probably a very bad idea to let users muck about with the sshd directly anyway because there is simply no way to guarantee that you'd be able to login remotely yourself. Also, it seems you're trying to circumvent the admins' policies instead of talking to them and asking them for a more robust solution.

    Anyway, there are ways to do what you say you want simply by sending a launchctl command via ssh, but I question whether you actually want to do what you say you want.
     
  13. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #13
    Come to think about it, the OP is probably the student who wants to bypass school's security settings.
     

Share This Page