Casper Imaging root user or LaunchDaemon on NetBoot?

bentoms
Release Candidate Programs Tester

Hi All,

Does Casper Imaging need to be run as the root user?

Or can it be running it under root via a LaunchDaemon?

I'm possibly looking at recreating something like the NetBoot Image Creator.. Something that will spit out a .nbi from an AutoDMG image, but am not sure how to enable root on a non-booted volume.

3 REPLIES 3

perrycj
Contributor III

@bentoms][/url I believe that Casper Imaging does need to run as root and does when launched, whether on a .nbl image or normal desktop.

As far as enabling root on a non-booted volume, I don't think you can without booting at least once to enable root via script.

ega
Contributor III

So yes for full automation Casper Imaging does need to be run as root when root is logged into the GUI as best I can tell.
That being said you can use a LaunchDaemon in /var/root/Library/LaunchDaemons to run Casper Imaging just like any other user. That can be added to a NBI set using the "add packages" feature of System Image Utility. Enabling root and forcing the machine to login might be possible but I have not had any luck using the System Image Utility add user feature. Might be able to enable with a script which is my next try. Looks like in theory it is 3 steps a) dsenableroot -u someadmin -p some password -r newrootpass b) set root to autologin like defaults write /Library/Preferences/.GlobalPreferences com.apple.userspref.DisableAutoLogin 0
defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser root defaults write /Library/Preferences/com.apple.loginwindow autoLoginUserUID 0
and set the autologin password by copying in a known good /private/etc/kcpassword to the same place on the target dmg. This is all theory and needs testing. One thing I don't know is how to get dsenableroot to target the DMG and not the currently booted volume.

cstout
Contributor III
Contributor III

@bentoms, I'm unsure about modifying the NBI to enable root, but I just wanted to share my two cents on this. I use the root account for my NBI for one main reason: You are not prompted to locally authenticate when Casper Imaging opens. Our technicians don't need to know the local admin password on the NBI. My NBI is extremely locked down and it serves one main purpose with two applications installed on it. I set up a launchdaemon to have it load up Casper Imaging and keep it alive in case someone accidentally closes it. Finder is disabled, dock is disabled, and all you can do in the booted environment is move forward with using Casper Imaging or open Disk Utility. That's it.

The daemon was tricky for me to set up, but I got it working with plenty of help at:
https://jamfnation.jamfsoftware.com/discussion.html?id=10145

I hope this helps a bit.