ULabMin 0.6.0

By: James Reynolds - Revised: 2006-06-01 devin

Introduction

ULabMin is a collection of scripts, modifications, tools, graphics, etc., that the University of Utah's Student Computing Labs uses on their student Macintosh lab computers. This page provides links and tries to describe how to set ULabMin up.

Even though the version is a "beta" .60, all of this is in active use. These scripts are a bit behind what is currently deployed. But they are being used on over 350 computers.

Note, this is not "offical" yet, because there is so little documentation and other missing stuff (like a few graphics). But for those who want, check it all out! If you can't get something to work, please contact us.


Understanding ULabMin

ULabMin has got to be very confusing because it started out as a few modifications and scripts and over the process of a few years grew and grew until it got huge. It went through several major revisions to make it easier to manage and more accessible to the public. However, it still does not have a GUI method for installing or configuring. Much worse, there are only two people who know what this all does anyway, and even they sometimes forget some of the stuff it does...

To understand how ULabMin works, you must understand what it is used on. These scripts and modifications are used on authenticated workstations, autologin kiosks, authenticated kiosks, presentation computers (that run PowerPoint over and over), and even a few servers. The same scripts and modifications are on every computer, but they behave differently depending on the script settings. So if the computer is an autologin kiosk, the scripts behave as if it is an autologin kiosk. If the computer is an authenticated workstation, then the scripts behave accordingly. So there is a lot of shared behavior.

Road map of future changes

To document everything that needs to be improved in these scripts would take me at least a day to list. I'm working on it now, but slowly.

Remove cron_minutely.pl and move that functionality to the startup item.

Version history

To document all of the changes between this version and .51 will take at least a day to list...

Documentation

To document everything these scripts do would take me at least a few days.

How to install

First, install the required software listed in the "Requirements" section.

Second, download all of the scripts in the "Download" section.

Third, move everything into its place (there currently is no installer--sorry!). /Library/ULabMin, can be changed to /etc, /usr/local/ulabmin, or whatever makes you happy. /Library/ULabMin does not have to be world readable. However, the other paths are required (like /Library/Perl).

The ULabMin files and folders should NOT be world writable!!!

Make all script files executable!!!!

Fourth, configure it. There is no assistant or preference pane. Sorry! You configure it by editing a few key files and then creating some trigger files. See the "Configure" section below.

Fifth, turn it on by downloading and installing the hook scripts and files.

Requirements

Mac OS X 10.3 - This version of ULabMin is tailored for Mac OS X 10.3. A lot of the 10.2 stuff has been left in the scripts, but 10.2 compatibility is not tested or thought about much.

ULabMin requires some free applications and scripts. Here are the links to the original websites. Please download these and install them in their default locations (except Screen Preserver, which doesn't have a default location).

Menuversum - Menuversum (note, the developer does not have a Panther working version on his site). You can get a sorta working version from ULabMin 0.5.1 for Mac OS X 10.2.
ncutil 2.x - ncutil
Radmind - Radmind
iHook - iHook
Screen Preserver - There currently is no Screen Preserver webpage. It is by RSUG, er, Andrew of RSUG, same guys who wrote Radmind. Get it from here: ULabMin 0.5.1 for Mac OS X 10.2
SecureIt - SecureIt

Download

(links removed)

/bin/LogoutNow.zip
/bin/Maintenance Notification.zip
/bin/password.pl
/private/etc/create_overload_filter
/private/etc/hosts.allow
/private/etc/hosts.deny
/private/etc/sshd_config
/Library/Admin/Logout.zip (put a copy of this app into the guest template folder as well on the Desktop)
/Library/Admin/Run Maintenance.zip (put a copy of this app into the admin home folder on the Desktop)
/Library/Perl/ipopfeed.pl (this file does not work yet, but is required by a few scripts, so here it is)
/Library/Perl/ulabmin.pl
/Library/ULabMin/homefolderbackups (empty)
/Library/ULabMin/lost and found (empty)
/Library/ULabMin/resources/ejectexclude (not used yet)
/Library/ULabMin/resources/lostAndFoundReadme
/Library/ULabMin/resources/MAC_address_names (does not work)
/Library/ULabMin/resources/objects.nib.zip
/Library/ULabMin/resources/performing_maintenance1.jpg (needs to be updated)
/Library/ULabMin/resources/performing_maintenance2.jpg (needs to be updated)
/Library/ULabMin/resources/performing_maintenance3.jpg (needs to be updated)
/Library/ULabMin/resources/status_green.tif
/Library/ULabMin/resources/status_red.tif
/Library/ULabMin/scripts/assimilateUser.pl
/Library/ULabMin/scripts/create_crontab.pl
/Library/ULabMin/scripts/createHomeFolderBackups.pl
/Library/ULabMin/scripts/cron_minutely.pl
/Library/ULabMin/scripts/cron_nightly.pl
/Library/ULabMin/scripts/eject.sh (not used yet)
/Library/ULabMin/scripts/find_writable.pl
/Library/ULabMin/scripts/idlescript.pl
/Library/ULabMin/scripts/killsumapps.pl
/Library/ULabMin/scripts/labsingleuser.pl
/Library/ULabMin/scripts/launch_maintenance_kindly.pl
/Library/ULabMin/scripts/launch_maintenance.pl
/Library/ULabMin/scripts/loginhook.pl
/Library/ULabMin/scripts/logouthook.pl
/Library/ULabMin/scripts/maintenance_status.pl
/Library/ULabMin/scripts/newPresentation.pl
/Library/ULabMin/scripts/post_maintenance.pl
/Library/ULabMin/scripts/report_to_master.sh
/Library/ULabMin/scripts/run_radmind.pl
/Library/ULabMin/scripts/secure_system.pl
/Library/ULabMin/scripts/set_computer_name.pl
/Library/ULabMin/scripts/startup_script.pl
/Library/ULabMin/scripts/tracker.pl
/Library/ULabMin/scripts/updateByHostPrefs.sh
/Library/ULabMin/tools/GetFileInfo (get from Developer Tools)
/Library/ULabMin/tools/iPopfeed (not available yet--doesn't work yet...)
/Library/ULabMin/tools/OFPW (get from www.macosxlabs.org)
/Library/ULabMin/tools/Screen Preserver (get from ULabMin 0.5.1 for Mac OS X 10.2 (4.5 MB))
/Library/ULabMin/tools/SetDisplay (get from ULabMin 0.5.1 for Mac OS X 10.2 (4.5 MB))
/Library/ULabMin/tools/SetFile (get from Developer Tools)
/Library/ULabMin/triggerfiles/possibletriggerfiles

Configure

New in version .6!!! Settings are no longer in every singe file. They are stored in /Library/Perl/ulabmin.pl
Note, because of the way the settings are stored, the path of this file is not changeable (unless you know more about Perl than I do, which is very likely).

Edit ULabMin path
Edit line 29 ("$basepath = ...") in /Library/Perl/ulabmin.pl to set the location of all the ULabMin stuff to /Library/ULabMin

These files do not use /Library/Perl/ulabmin.pl for settings, so they must be edited individually:

create_overload_filter Line 2 and 3
labsingleuser.pl Line 31 and 39
launch_maintenance.pl Line 28
newPresentation.pl Line 33
eject.sh Line 14 (this file not really used)
ipopfeed.pl Line 24 (this file not really used)

In the last step, "Turn it on", you will also need to edit these files: /Library/Preferences/com.apple.loginwindow.plist Line 6 and 8
/Library/StartupItems/ULabMin/ULabMin Line 15

ULabMin settings
Search /Library/Perl/ulabmin.pl for anything that you think you need to edit. For example:
  • $harddiskname - Your hard disk will be named this at every startup.
  • $kioskusername - Logging in as this user will disable the Dock, the Finder, and will cause the idlescript to completely change its behavior so that it always keeps a Safari web browser open, and it removes and cleans up the home folder when the screen saver is on. Note, in Mac OS X 10.3 "guest" is not a valid username... :(
  • $adminusername - Logging in as this user will skip home folder creation and certain idlescripts tasks.
  • $maintenanceusername - Logging in with this username will run radmind.
  • $imagerusername - (Doesn't work, but it is suppose to run an ASR utility to image a second hard disk.)
  • $kiosk_homefolder_name - Homefolder name of the kiosk user (this is normally /Users/$kioskusername, but can be different). Note, this folder is created by the scripts. Any folder you create with this path will be deleted.
  • $kioskUserHomeFolder - /Users/$kiosk_homefolder_name. Ok, a bit of duplication here. It isn't perfect.
  • $presentation_homefolder_name - This is the folder for the "presentation" user.
  • $lab_homefolder_name - Homefolder name of the authenticated user. Each user (no matter what their username is) should get this folder. The name is the same for every user to simplify configuration of preferences and such that require that the path of the home folder be known by the admin. YOU MUST SET THIS UP IN NETINFO MANAGER (local users) or DIRECTORY ACCESS (ldap/etc users).
  • $authenticatedUserHomeFolder - Homefolder name of the kiosk user (this is normally /Users/$kioskusername, but can be different). Note, this folder is created by the scripts. Any folder you create with this path will be deleted.
  • $template_homefolder - The location of the home folder you have setup for your users to use.
You probably do not need or want to change any other settings...

System settings
If you want to remotely ssh into your lab computers, you must put the IP's of the allowed computers into the file /private/etc/hosts.allow and you need to modify the bottom of the file /private/etc/sshd_config by changing "AllowUsers admin" to "AllowUsers youradminusername".

Other software
  • Menuversum - Currently the menuversum files are not being distributed on this page. They will be added soon. When they are added, no configuration of Menuversum will be needed.
  • You should configure SecureIt's password. Please read the SecureIt documentation how to do that. Note, ULabMin replaces some modifications that SecureIt performs.
  • iHook - we modify iHook's NIB so that the window behaves closer to what we want. If you use your own iHook graphics, you don't need to worry about modifying iHook in the way we have. However, if you want to use our graphics, you will need to modify iHook. The instructions are not provided here yet...
  • Screen Preserver - Just put pictures in the pictures folder located inside of the app bundle.
  • ncutil 2.x and Radmind require no modifications.
Create trigger files
Because of the way SCL manages their computers, it was easier to configure a computer by creating an empty file with a particular name and distributing that rather than a configuration file that contained settings. These files are called "triggerfiles".

See the file /Library/ULabMin/triggerfiles/possibletriggerfiles for a list of the possible trigger files.

Turn it on

(links to individual files removed)

Download and install these files to turn ULabMin on.
  • /Library/Preferences/com.apple.loginwindow.plist (this file activates the login and logout hook and disables logging in as ">console"--the other settings don't matter)
  • /Library/StartupItems/ULabMin/StartupParameters.plist (required for the startup script)
  • /Library/StartupItems/ULabMin/ULabMin (this file executes the startup script)
  • /private/etc/rc (this script disables setting the language with /var/log/CDIS.custom because /var/log is ignored by radmind, and we don't want /etc/rc to read anything in it!)
  • /private/etc/rc.boot (this script runs fsck a bit different... saves the success or failure of fsck into nvram)
  • /private/etc/rc.cleanup (this script removes and replaces /Volumes just like it does /tmp because radmind ignores /Volumes, and we want to clean it up!)
  • /private/etc/ttys (this file disables logging in as ">console" too)
  • /System/Library/StartupItems/LoginWindow/StartupParameters.plist (this file stops the startup process until the ULabMin startup item finishes, very important if you want to run radmind at startup or with cron)


Edit the path in these files to point to

/Library/Preferences/com.apple.loginwindow.plist Line 6 and 8
/Library/StartupItems/ULabMin/ULabMin Line 15

Troubleshooting

General
  • Make sure scripts are executable.
  • Make sure scripts have Unix line endings.
  • Make sure scripts don't have bad white space, which happens when you copy text out of a web browser window.
  • Make sure the scripts do not have syntax errors.
  • Make sure scripts that execute other scripts have correct paths.
  • When debugging ULabMin behavior, it is VERY helpful to have sshd turned on and to ssh into the computer.
  • Check /var/log/system.log, nearly all ULabMin scripts save messages there.
No login panel, startup is "Waiting" for something
Most often what it says it is "waiting" for isn't the actual problem. If the ULabMin startup item hangs, you will get this problem.
  • Verify that the ULabMin startup item is running (see "Startup" below). If ULabMin isn't running, then disable it to see if ULabMin is the problem, or something else. Disable ULabMin startup item by:
    1. Edit the file /System/Library/StartupItems/LoginWindow/StartupParameters.plist
    Change:
    Requires = ("Disks", "SecurityServer", "Order from Chaos");
    To:
    Requires = ("Disks", "SecurityServer");
     
  • 2. Move /Library/StartupItems/ULabmin to some other location (/ works).
    If the computer still hangs at startup after disabling ULabMin's startup item, some other startup item is hanging and you will need to figure that one out on your own.
Blue screen
Blue screens will occur if you have auto login enabled and some process hangs login, the Dock, the Finder, or any application that is specified as a Finder replacement. If the computer has the kiosk triggerfile, then the loginhook will replace the Finder with Safari (or Internet Explorer if you specify it) and disable the Dock. If the application you have specified does not exist. The following assumes that ULabMin is configured as a kiosk computer.
  • Make sure the application that replaces the Finder exists and is executable by the user logging in.
  • Try to enable sshd and check to see what process is running... kinda hard to debug this one.
Login that never finishes
It is possible that the loginhook never finishes or takes a very long time. You need to check to make sure though, because other issues could cause login to fail also.
  • Make sure the loginhook runs (execute it in the command line)
  • Make sure there is a valid home folder after the loginhook finishes that can be read and written to by the user logging in (you may want to check the home folder path in NetInfo manager (local users), Directory Access (network users with a home folder setting that is static), or your LDAP/etc server (network users that have the home folder set in the directory)
  • Make sure the loginhook finishes (check /var/log/system.log for loginhook.pl messages)
Startup
To check to see if your computer is executing the ULabMin startup item, you will need to read the file /var/log/system.log. If your computer boots, then login and read it. If your computer does not boot enough to let you login, you can either boot to single user mode and use "pico /var/log/system.log", "cat /var/log/system.log" or whatever you like (remember SecureIt requires a password and OFPW needs to be off to do this). Or boot to some other device that gives you access to a terminal or other text editor.
  • When the ULabMin startup item executes, text is saved in /var/log/system.log like this:

    Apr 17 00:40:09 localhost ConsoleMessage: ULabMin starting up
    Apr 17 00:40:11 localhost root: ULabMin starting up

    If you don't see those lines /Library/StartupItems/ULabMin/ULabMin is not executing at startup. Follow the "General" troubleshooting list for the file /Library/StartupItems/ULabMin/ULabMin.
  • Next, check for these lines in /var/log/system.log

    Apr 17 00:40:12 localhost startup_script.pl[326]: Started.
    Apr 17 00:40:30 localhost startup_script.pl[426]: LabStartup took 18.

    If you don't see those lines /Library/ULabMin/scripts/startup_script.pl is not executing. Follow the "General" troubleshooting list for the file /Library/ULabMin/scripts/startup_script.pl.
  • If all of those lines are present, then ULabMin startup script is at least executing and finishing properly.
  • If some other script is not executing, search /var/log/system.log for the name of the script that is not executing. If there is nothing there, check /Library/ULabMin/scripts/startup_script.pl to make sure that it can execute the script.