Mac OS X: network management login script to Hide Programs

Note: This article is based on corner stone's article login script to hide applications changed from certain OD users.

First, in an enterprise environment, different user groups can be allowed by different programs, but in general, all users logging on to a machine have read permission on the/applications directory. Therefore, as long as they are applications installed in/applications (including ity, server, and other sub-Directories, the logged-on user can see it. in some enterprise environments, some users will produce: "Why can't I run this program? Is it administrator's mistake? "," I heard that this chat program is quite good, and it is also on the hard disk. Ask the administrator if I can play it. "Waiting for such problems due to curiosity and other reasons, this will not only negatively affect the work efficiency of frontline users, but also the Administrator will face such a large number of inquiries, it takes a lot of time to check user settings.

In addition, even if it is not a medium or large network management enterprise user, in a loose management without network management, the management personnel or application implementers can also do some work through the following ideas, reduce Unnecessary management time waste.

The basic idea is that different user group settings can be used to give a list of applications forbidden to users. Each time a user logs on to the system, run a script program to hide programs that are not allowed to be used. When you exit the system, release the programs in the list. In this way, you can manage the applications that you can see by maintaining the list.

This involves two scripts programs: login script and logout script.

The original Article of royal all did not involve logout scripts. the method used by Royal all generates slow logon complaints in a large system, and the method used is only a framework.

The WWW Service is used here to manage the Application List of user groups, because the WWW Service can be said to have free and powerful www servers in mainstream systems such as Windows, Linux, UNIX, and BSD, here we only use the simplest functions. store the list of prohibited applications in different groups on the server and store them to different files according to the group name. as long as you can see these files through the normal browser, the script can be accessed normally. In the following script, you only need to modify the server address.

1. #1. Create a logfile
2. Log = "/tmp/hideapps. log"
5. #2. Path to the setfile binary from developer tools.
6. Setfile = "/usr/local/bin/setfile"

2. #3. Path to the folder with applications we want to hide.
3. App_path = "/Applications" # Your path here

2. #4. We need to get the MCX workgroup so we can hide the right apps.
3. Workgroup = 'defaults' read/library/managed/preferences/$1/COM. Apple. MCX workgroup'
6. #5. Set file name for hidden file list.
7. Hiddenfilelist = "/tmp/hiddenfilelist.txt"
10. #6. Set hidden apps for each workgroup. Sample Application names are supported ded.
11. #. Be sure to include the. app after the application name.
12. Httpgroupfile = "http: // 10.0.0.1"
14. Groupfile = 'curl-M 60-fr-o $ hiddenfilelist $ httpgroupfile/$ workgroup'

2. Echo "workgroup is $ workgroup. Will now hide applications, list in file $ hiddenfilelist which is got from $ httpgroupfile/$ workgroup." >>$ log
4. Grep httpgroupfile | awk {print $1} | xargs $ setfile-A V
7. Echo "applications successfully hidden. exiting."> $ log
9. Exit 0

As for the logout script, you only need to change the hidden command above to display it. here we will not repeat it here.