General Info

By: James Reynolds - Revised: 2006-06-06 devin

Introduction

Basic Information about startup, login, and logout scripts and related security issues.


What are startup, login, and logout scripts, and why are they important?

What is a startup script? A startup script runs when the Mac is booted. It is more than just a script though, it has components that help define the exact behavior of the script. The script itself should be formatted specially to act as a startup script.

What is a login script? A login script is executed right after the user authenticates and before the Finder loads. The script has no special requirements.

What is a logout script? A logout script is executed right after the Finder quits and before the login panel is displayed. The script has no special requirements.

Why are these scripts important? Knowledge of these scripts will help do several things:
  • Debug existing startup/login/logout scripts
    • Many existing applications install bad startup/login/logout scripts (TB2, KeyServer).
  • Create your own system customizations
    • Execute a script or tool with root permissions
    • Custom administrative, accounting, or security tools/scripts
For example:

Startup customizations
  • Check machine status
  • Run maintenance like RsyncX or Radmind
  • Check permissions
  • Startup daemons
Login customizations
  • Delete home folder & replace with template
  • Debug login problems (when using Directory Services)
  • Keep a login log
  • Check login username and do something different for each user
    • Retrieve network home folder
    • Give elevated access (but not admin) to "super-users"
    • Notify the campus police for bad guys
Logout customizations
  • Perform home folder backup
  • Sync home folder to a network home folder server
  • Clean up after the user

Security

StartupItems and Login/LogoutHooks all run with root user permissions. Thus to prevent your script from being "hijacked", you MUST use these secure script writing practices:
  • Scripts CANNOT be writable by "group" or "other"
  • Specify paths to commands ("/bin/reboot" NOT "reboot")
  • Every file interaction is a possible security breach so make sure that script/tool executed by the script is similarly secure
Never do anything like this in your script (assuming the file /Users/guest/script.pl is world writable):

#!/usr/bin

/Users/guest/script.pl

If /Users/guest/script.pl is world writable, anyone can modify it and run root commands when the script runs at startup/login/logout. It only takes one root command to compromise the entire Mac...

The other issue is that if you launch a process that is not really secure and you don't want to run it as root user, you want to launch the process as a nonroot user using this syntax in the startup/login/logout script (replace "<username>" with the username of a real user on the system):

#!/usr/bin

su - <username> -c /path/to/some/process

For example, here is the radmind server startup script modified so that it launches as a user named "radmind", instead of root user:

#!/bin/sh

. /etc/rc.common

##
# Start up radmind server
##

if [ -f /var/radmind/config ]; then
    CheckForNetwork

    if [ "${NETWORKUP}" = "-NO-" ]; then exit; fi

    ConsoleMessage "Starting Radmind Server"

    # The line below launches radmind as "root" user     #/usr/local/sbin/radmind -u 077
    # The line below launches radmind as "radmind" user
    su - radmind -c "/usr/local/sbin/radmind -u 077"

fi