Command Line Help

kadams
Contributor

Hey everyone, I hope all is well with you. Im working on this huge project with automating backups to a network attached storage. I was able to write a script by testing and adding certain several commands. . Im stuck right now with assigning a password to an encrypted sparsebundle. The sparsebundle is encrypted but it asks me to issue a password to it when created. I need to be able to assign that password but bypass the prompts for it. For example, somehow write the password in the command so that it doesn't ask me to enter one. These passwords need to be unique for every user. The way the script works is that it connects to our NAS server, creates an encrypted sparsebundle on the NAS folder, mounts the sparesebundle to /Volumes, and uses that as a time machine backup destination. I would like to assign each user their own password for the sparsebundle. Also, I need the user to not have to manually enter that password themselves.

9 REPLIES 9

k3vmo
Contributor II
  1. To confirm - you're looking for a password - separate - from their network password?
  2. Could you post what you have?

mm2270
Legendary Contributor III

According to the hdiutil manpage, here is what you need to do. I tested this and it works

printf "MyPassword" | hdiutil create -size <size> -encryption -type SPARSEBUNDLE -fs <file_system_type> -volname <volume_name> /path/to/image -stdinpass

I originally tried using echo "MyPassword" and it was working to create the disk image, but it would not accept the password later to decrypt/mount it. Turns out printf is the trick. I'm not sure why, but it works. You also have to include -stdinpass in there so it knows to expect the password directly on the command line.

Edit: Forgot to include that, later, to mount the volume and not be prompted for that password, you would do this:

 printf "MyPassword" | hdiutil attach /path/to/diskimage.sparsebundle -stdinpass

kadams
Contributor

@mm2270 2270, i ended up figuring it out but im glad that you posted. I do have another question. I have an issue with permissions i guess? The sparsbundle keeps saving itself as root.sparesbundle. I scripted it out to save itself as account username.sparsbundle by using $(whoami). Does this mean I have to find a way to run these commands as another user. Jamf seems to run everything as root. This is causing other commands after that to not work. For instance, I wrote a command that mounts that sparsebundle from the NAS to /Volumes. The command cant find that mount because its saving the sparsebundle as root.sparsbundle instead of account username.sparsebundle

mm2270
Legendary Contributor III

You shouldn't need to run the commands as another user, but using whoami in a script run by a Jamf Pro policy will almost always result in root, for the reason you already mentioned. What you want to do is get the logged in user, I assume. You didn't mention the context of when this would be running, but assuming for a moment it runs when the actual user of the machine is logged in, then something like this will get you the current console user name:

LOGGED_IN_USER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

For a much shorter command, I still tend to use this one below, which is reliable as long as you don't have multiple users logging into a single machine, such as a remote console session or something

LOGGED_IN_USER=$(stat -f%Su /dev/console)

Whichever one you end up using, just replace the variable in your hdiutil command to use that as the name for the sparse bundle and it should work.

kadams
Contributor

@mm2270 here is part of the script that im trying to complete

LOGGED_IN_USER=$(stat -f%Su /dev/console)

Creates encrypted sparsebundle on Synology that gives itself a name based on account username

printf 'password' | hdiutil create -size 200g -volname $LOGGED_IN_USER -encryption AES-256 -type SPARSEBUNDLE -fs "HFS+J" -stdinpass /Volumes/QTimeMachineBackups/$LOGGED_IN_USER

I also have a command that mounts that sparsbundle to hdiutil attach /Volumes/LOGGED_IN_USER

The command that creates the sparse bundle works just fine locally.. For some reason it does not work when i run it in jamf. I get an error that says Script result: hdiutil: create failed - No such file or directory
hdiutil: attach failed - No such file or directory

ryan_ball
Valued Contributor

What about this with proper quotes:

#!/bin/bash

LOGGED_IN_USER=$(stat -f%Su /dev/console)

# Creates encrypted sparsebundle on Synology that gives itself a name based on account username
/usr/bin/printf 'password' | 
/usr/bin/hdiutil create -size 200g -volname "$LOGGED_IN_USER" -encryption AES-256 -type SPARSEBUNDLE -fs "HFS+J" 
-stdinpass "/Volumes/QTimeMachineBackups/$LOGGED_IN_USER"

exit 0

mm2270
Legendary Contributor III

@kadams What I'd recommend doing to start is putting some echoes throughout your script, so you can get some more information about what's being captured in the policy log.

For example, echo back the $LOGGED_IN_USER variable, to be sure it's getting some value to use.
I'd also maybe echo back the "/Volumes/QTimeMachineBackups/$LOGGED_IN_USER" string, to be sure that the path is showing up as you expect.
Lastly, try double quoting items, like the logged in user variable when used in the hdiutil command for -volname, and maybe that path to where to create the disk image too.

I don't have a TimeMachine backup volume like you do, but I tested the following against an attached external drive partition, called BACKUP, and it worked for me. I ran this as root, not as me, but I did not test this from a Jamf Pro policy, so I suppose there could still be a difference.

#!/bin/bash

LOGGED_IN_USER=$(stat -f%Su /dev/console)

PASS="MyPassword"

printf "$PASS" | hdiutil create -size 2m -volname "$LOGGED_IN_USER" -encryption AES-256 -type SPARSEBUNDLE -fs "HFS+J" -stdinpass "/Volumes/BACKUP/${LOGGED_IN_USER}"

Edit: Looks like @ryan.ball beat me to it while I was typing up my response, but yes, put quotes around those variables and it should work.

kadams
Contributor

@mm2270

Here are the commands that i've written. I still cant get it to work

cd $HOME

LOGGED_IN_USER=$(stat -f%Su /dev/console)

Creates encrypted sparsebundle on Synology that gives itself a name based on machine name

/usr/bin/printf 'password' | /usr/bin/hdiutil create -size 200g -volname "$LOGGED_IN_USER" -encryption AES-256 -type SPARSEBUNDLE -fs "HFS+J" -stdinpass "/Volumes/QTimeMachineBackups/$LOGGED_IN_USER"

Mounts the NAS sparsebundle based on specific user

/usr/bin/printf 'password' | /usr/bin/hdiutil attach -stdinpass /Volumes/QTimeMachineBackups/$LOGGED_IN_USER.sparsebundle

Sets specific users sparse bundle as a time machine destination

tmutil setdestination /Volumes/$LOGGED_IN_USER

Makes Backup Speed Increase

sysctl debug.lowpri_throttle_enabled=0

Enables automatic backups

tmutil enable

Starts backups

tmutil startbackup

kadams
Contributor

It seems like whenever I connect to the server, it creates another QTimeMachineBackups Folder.