Create local admin account using Bootstrappr

574 views
Skip to first unread message

Sam Tarr

unread,
Aug 3, 2018, 1:53:56 PM8/3/18
to munki-discuss
We just started testing out bootstrappr I'm wondering how people are creating the local admin account when using bootstrappr. I'm trying to create it using a post install script in a package using dscl.  I'm running into problems creating it on Macintosh HD instead of the booted volume. I've tried it the normal way we have created accounts in the past with 
dscl . create /Users/admin

I've also tried 
dscl -f "$3/private/var/db/dslocal/nodes/Default" -raw . -create /Users/admin

when running both I get 

create: Invalid Path

<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)



Any help is appreciated. Thanks

Sam


John W Altonen

unread,
Aug 3, 2018, 2:19:23 PM8/3/18
to munki-...@googlegroups.com

I dont use bootstrappr to create the local admin.  I use bootstrappr only to install, configure and kickoff munki.  munki does does user creation task.  I recommend syadminctl over dscl for user account creation.  sysadminctl creates a securetoken, not sure about dscl.  below is my script for creating our admin account.


#!/bin/bash

sysadminctl -addUser mactech -UID 500 -password thePassw0rd -home /Users/mactech -admin -picture /Library/Scripts/TechnicalSupport.png

sleep 5

createhomedir -c -u mactech

exit 0



John Altonen 

VCUarts Technology Support 

jwal...@vcu.edu 

Submit a new support request here. 


--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/b8f8e725-a69f-4b16-ac48-0ead277583c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Sam Tarr

unread,
Aug 7, 2018, 4:38:58 PM8/7/18
to munki-discuss
Thanks I'll give that a try. I was just hoping to have an admin account on the machine before it booted in case there were any issues running munki. 


On Friday, August 3, 2018 at 2:19:23 PM UTC-4, John W Altonen wrote:

I dont use bootstrappr to create the local admin.  I use bootstrappr only to install, configure and kickoff munki.  munki does does user creation task.  I recommend syadminctl over dscl for user account creation.  sysadminctl creates a securetoken, not sure about dscl.  below is my script for creating our admin account.


#!/bin/bash

sysadminctl -addUser mactech -UID 500 -password thePassw0rd -home /Users/mactech -admin -picture /Library/Scripts/TechnicalSupport.png

sleep 5

createhomedir -c -u mactech

exit 0



John Altonen 

VCUarts Technology Support 

jwal...@vcu.edu 

Submit a new support request here. 


On Fri, Aug 3, 2018 at 1:19 PM, Sam Tarr <samt...@gmail.com> wrote:
We just started testing out bootstrappr I'm wondering how people are creating the local admin account when using bootstrappr. I'm trying to create it using a post install script in a package using dscl.  I'm running into problems creating it on Macintosh HD instead of the booted volume. I've tried it the normal way we have created accounts in the past with 
dscl . create /Users/admin

I've also tried 
dscl -f "$3/private/var/db/dslocal/nodes/Default" -raw . -create /Users/admin

when running both I get 

create: Invalid Path

<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)



Any help is appreciated. Thanks

Sam


--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.

Gregory Neagle

unread,
Aug 7, 2018, 5:37:57 PM8/7/18
to 'Gregory Neagle' via munki-discuss
I have no problems creating local accounts using bootstrappr (and Imagr and Munki and...) using packages created with this tool: https://github.com/gregneagle/pycreateuserpkg

Yes, an account created this way doesn't get Secure Token unless it's the first account to login via the GUI, but I don't want these accounts to get the initial Secure Token, so that's OK.

-Greg


Sam Tarr

unread,
Aug 9, 2018, 10:00:07 AM8/9/18
to munki-discuss
Thanks Greg that worked perfectly. I know you're in animation and not live action, but I feel like not naming the tool Bootstrap Bill (Turner) was a missed opportunity. :)

Gregory Neagle

unread,
Aug 9, 2018, 10:03:36 AM8/9/18
to munki-...@googlegroups.com
No need to get Disney legal involved...

Stephen Silbert

unread,
Aug 16, 2018, 2:21:01 PM8/16/18
to munki-...@googlegroups.com
It was because of this email thread that I learned of bootstrappr. AWESOME!!!
I can get bootstrappr to create user accounts and install Munki tools but I can't get it to configure Munki. I made a pkg that works when I use ARD. But I can't get bootstrappr to get it to go.

#!/bin/bash
defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "http://mymunkiserver/munki_repo"
defaults write/Library/Preferences/ManagedInstalls ClientIdentifier "Elementary_Laptops"
/usr/local/munki/managedsoftwareupdate --installonly
exit 0

I tried it with the $3 variable in consideration of the issues with postinstall scripts and absolute paths (maybe this is where I don't understand?)

#!/bin/bash
defaults write $3/Library/Preferences/ManagedInstalls SoftwareRepoURL "http://mymunkiserver/munki_repo"
defaults write $3/Library/Preferences/ManagedInstalls ClientIdentifier "Elementary_Laptops"
$3/usr/local/munki/managedsoftwareupdate --installonly
exit 0

When I read the /Library/Preferences/ManagedInstalls they have not been written to. But my package works fine with ARD. If any of you could let me know what I'm missing here, I'd greatly appreciate it.

If not, I still have to say THANK YOU for this AWESOME FREE SOFTWARE!!!

Stephen Silbert
Senior Technology Specialist
Swampscott Public Schools
********************************************
This email may contain confidential material that is the sole property of
Swampscott Public Schools. If you were not the intended recipient, please
notify the sender and delete all copies. Thank you
********************************************


On Fri, Aug 3, 2018 at 2:19 PM John W Altonen <jwal...@vcu.edu> wrote:

I dont use bootstrappr to create the local admin.  I use bootstrappr only to install, configure and kickoff munki.  munki does does user creation task.  I recommend syadminctl over dscl for user account creation.  sysadminctl creates a securetoken, not sure about dscl.  below is my script for creating our admin account.


#!/bin/bash

sysadminctl -addUser mactech -UID 500 -password thePassw0rd -home /Users/mactech -admin -picture /Library/Scripts/TechnicalSupport.png

sleep 5

createhomedir -c -u mactech

exit 0



John Altonen 

VCUarts Technology Support 

jwal...@vcu.edu 

Submit a new support request here. 


On Fri, Aug 3, 2018 at 1:19 PM, Sam Tarr <samt...@gmail.com> wrote:
We just started testing out bootstrappr I'm wondering how people are creating the local admin account when using bootstrappr. I'm trying to create it using a post install script in a package using dscl.  I'm running into problems creating it on Macintosh HD instead of the booted volume. I've tried it the normal way we have created accounts in the past with 
dscl . create /Users/admin

I've also tried 
dscl -f "$3/private/var/db/dslocal/nodes/Default" -raw . -create /Users/admin

when running both I get 

create: Invalid Path

<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)



Any help is appreciated. Thanks

Sam


--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/b8f8e725-a69f-4b16-ac48-0ead277583c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/CACzgJATsUB_rHigX88BZixAsGvUAU1VoVLj513ikMGvei%3DJpvQ%40mail.gmail.com.

Gregory Neagle

unread,
Aug 16, 2018, 2:32:00 PM8/16/18
to munki-...@googlegroups.com

On Aug 16, 2018, at 11:20 AM, Stephen Silbert <sil...@swampscott.k12.ma.us> wrote:

It was because of this email thread that I learned of bootstrappr. AWESOME!!!
I can get bootstrappr to create user accounts and install Munki tools but I can't get it to configure Munki. I made a pkg that works when I use ARD. But I can't get bootstrappr to get it to go.

#!/bin/bash
defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "http://mymunkiserver/munki_repo"
defaults write/Library/Preferences/ManagedInstalls ClientIdentifier "Elementary_Laptops"
/usr/local/munki/managedsoftwareupdate --installonly
exit 0

I tried it with the $3 variable in consideration of the issues with postinstall scripts and absolute paths (maybe this is where I don't understand?)

#!/bin/bash
defaults write $3/Library/Preferences/ManagedInstalls SoftwareRepoURL "http://mymunkiserver/munki_repo"
defaults write $3/Library/Preferences/ManagedInstalls ClientIdentifier "Elementary_Laptops"
$3/usr/local/munki/managedsoftwareupdate --installonly
exit 0

Don't try to run managedsoftwareupdate on the target! That's crazy. Even if it ran (it won't) Munki has no idea how to install software on anything other than the current boot volume (which would be the read-only Recovery volume, so even if Munki knew how it would fail. So many layers of failure here...)

$3 could easily have spaces: "Macintosh HD" is a very common volume name.
I'd try

#!/bin/bash
/usr/bin/defaults write "$3/Library/Preferences/ManagedInstalls" SoftwareRepoURL "http://mymunkiserver/munki_repo"
/usr/bin/defaults write "$3/Library/Preferences/ManagedInstalls" ClientIdentifier "Elementary_Laptops"

and don't exit 0 as that is hiding the errors from you! Let the script exit with its real exit code. Note also the full path to the defaults tool -- when running as root in Recovery we can't assume that the command search path is the same as for our own user account in "normal" boot.

But I'd consider not configuring Munki at all:

Make sure your Munki server is reachable at http://munki.your.domain/munki_repo and make a copy of Elementary_Laptops named "site_default" and you need not install any config. Consider also adding a Munki bootstrapping package to your packages you install with bootstrappr...


Stephen Silbert

unread,
Aug 22, 2018, 11:42:57 AM8/22/18
to munki-...@googlegroups.com
Everything works! Munki bootstrapping package kicks butt! Awesome support. THANK YOU SO MUCH!!!!

Stephen Silbert
Senior Technology Specialist
Swampscott Public Schools
********************************************
This email may contain confidential material that is the sole property of
Swampscott Public Schools. If you were not the intended recipient, please
notify the sender and delete all copies. Thank you
********************************************
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/6DE825BB-D358-4C18-A6F5-55DCE8E00CA1%40mac.com.

Kris Lou

unread,
Aug 23, 2018, 2:43:26 PM8/23/18
to munki-...@googlegroups.com
To clarify, packages created with the Luggage don't need to have $3 references to deliver their payloads correctly, but postinstall scripts _should_ reference $3 as the target volume?

For example, my munki_postinstall package delivers a preflight to ${WORK_D}/usr/local/munki, but the postinstall script touches /Users/Shared/.com.googlecode.munki.checkandinstallatstartup .  This should instead touch $3/Users/Shared/.com.googlecode.munki.checkandinstallatstartup, but I don't need to do anything to the package Makefile?

Thanks,
-Kris


On Wed, Aug 22, 2018 at 8:42 AM, Stephen Silbert <sil...@swampscott.k12.ma.us> wrote:
Everything works! Munki bootstrapping package kicks butt! Awesome support. THANK YOU SO MUCH!!!!

Stephen Silbert
Senior Technology Specialist
Swampscott Public Schools
********************************************
This email may contain confidential material that is the sole property of
Swampscott Public Schools. If you were not the intended recipient, please
notify the sender and delete all copies. Thank you
********************************************

To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/b8f8e725-a69f-4b16-ac48-0ead277583c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/6DE825BB-D358-4C18-A6F5-55DCE8E00CA1%40mac.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/CAPQodOVQW5sxEqbBMYP6x_kCxFqo1Tg6rYxQ56oDshVMO1MePw%40mail.gmail.com.

Gregory Neagle

unread,
Aug 23, 2018, 2:47:57 PM8/23/18
to 'Gregory Neagle' via munki-discuss
Might be a better question for a TheLuggage support group/maillist/discussion forum.

Independently of how TheLuggage behaves:

Packages have payloads (files) which are installed to a target volume. This target can be chosen at install time. Package scripts need to be informed about that target volume. The mechanism used is to pass the path to the install volume as the third positional parameter to the script. In shell/bash that can be retrieved as $3.

Does that clarify anything?

-Greg

To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.

Kris Lou

unread,
Aug 23, 2018, 3:17:29 PM8/23/18
to munki-...@googlegroups.com
It does, but I'll follow up on the Luggage group.  

Thanks.

-Kris


On Thu, Aug 23, 2018 at 11:47 AM, 'Gregory Neagle' via munki-discuss <munki-...@googlegroups.com> wrote:
Might be a better question for a TheLuggage support group/maillist/discussion forum.

Independently of how TheLuggage behaves:

Packages have payloads (files) which are installed to a target volume. This target can be chosen at install time. Package scripts need to be informed about that target volume. The mechanism used is to pass the path to the install volume as the third positional parameter to the script. In shell/bash that can be retrieved as $3.

Does that clarify anything?

-Greg

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/830CE0F8-9FDA-4BA3-9208-0DB4987BE8CA%40mac.com.

Gregory Neagle

unread,
Aug 23, 2018, 6:44:23 PM8/23/18
to munki-...@googlegroups.com

On Aug 23, 2018, at 11:42 AM, 'Kris Lou' via munki-discuss <munki-...@googlegroups.com> wrote:

To clarify, packages created with the Luggage don't need to have $3 references to deliver their payloads correctly, but postinstall scripts _should_ reference $3 as the target volume?

For example, my munki_postinstall package delivers a preflight to ${WORK_D}/usr/local/munki, but the postinstall script touches /Users/Shared/.com.googlecode.munki.checkandinstallatstartup .  This should instead touch $3/Users/Shared/.com.googlecode.munki.checkandinstallatstartup, but I don't need to do anything to the package Makefile?

BTW you could avoid all this confusion by _not_ creating the /Users/Shared/.com.googlecode.munki.checkandinstallatstartup in a script, but instead adding it to your payload!

To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.

To post to this group, send email to munki-...@googlegroups.com.

Kris Lou

unread,
Aug 23, 2018, 6:56:44 PM8/23/18
to munki-...@googlegroups.com
Yes, I saw that as well (I'm looking at an old package I created for Imagr workflows a  year ago?).  

There's a bunch of other "defaults write" things I do to pre-configure Munki as well, so I think I just threw it all into a postinstall.  But regardless, it's still good for me to wrap my head around it.




On Thu, Aug 23, 2018 at 3:43 PM, 'Gregory Neagle' via munki-discuss <munki-...@googlegroups.com> wrote:

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to munki-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/854EECEE-5510-49DF-8DC4-ADEA8B48F080%40mac.com.
Reply all
Reply to author
Forward
0 new messages