21 February 2007 @ 13:16Recovering from Stupid Users
Today I received a call from one of our stores. The guy told me that all the applications were missing on the video surveillance server except for System Preferences.app. So, the first thing I did was to connect via Remote Desktop to take a look and of course change the admin password. Very odd indeed. I looked in the trash and saw some files that definitely shouldn’t be there, but none of the applications were in there. This led me to believe that a Stupid User™ was responsible for this. Since practically every application was missing, I could not poke around with the Terminal or look at log files with the Console, so the next step was to remotely log into this computer via ssh.
Once I had surveyed the damaged and was satisfied that it was merely superficial, I pulled out my OS X Install disc and launched Pacifist. I was then able to extract all the needed files from the Essentials.pkg to my Desktop. I then deleted the unnecessary items from the folder of extracted file and created a compressed disk image of this folder.
I then opened another Terminal window on my local computer and used sftp to upload the disk image to the computer. when the upload was complete, I proceeded to mount the disk image with
dittoed the Applications folder from the mounted image to the Applications folder of the boot drive. Using ditto preserves the permissions.
ditto -rsrc -V /Volumes/Essentials\ Folder/Applications/ /Applications/
and then I unmounted the disk image
hdiutil unmount -force /Volumes/Essentials\ Folder/
Now the computer is back to a somewhat normal state. Since this particular machine simply sits there recording video, and doesn’t need any other interaction, I needed a way for it to be locked but logged in. A password protected screensaver would be the obvious solution, correct? Well, if you take a look at the times allowed for starting the screensaver, you will see that the minimum is 3 minutes. That’s not good enough. The solution is to put the ScreenSaverEngine.app into this account’s login items. This file can be found here: System -> Library -> Frameworks -> ScreenSaver.framework -> Versions -> A -> Resources -> ScreenSaverEngine.app
Now, whenever this computer is restarted (and this user is set to auto-login), it will immediately go to a locked screensaver in order to keep out the Stupid User™.