terminal command policy

New Contributor

Does anyone know of a way to convert a terminal command into a policy?? I'd like to run this command for users when they login: chflags nohidden ~/Library


Not applicable

Edit your policy, go to Advanced, and use the Run Command: field.

New Contributor III

@pete_c is right that you can run a command in the policy (which is part of the policy, rather then a script which is downloaded from the jss and executed ) , however such a command your running would need to know the username of the user as ~ will expand to the root users home directory in the case of a policy as thats the user the policies running under. You can use user $3 in place of a given username when running login policies. So something like

/usr/bin/chflags nohidden "/Users/$3/Library"

or if you have home directories in non standard places then something like this

/usr/bin/chflags nohidden "$(eval echo ~$3)/Library"

However I don't know if commands run get past the same parameters as scripts do top of my head. so it might be easiest to add it as a script and add the script to a login policy.

Or if you don't want to enable login hooks you can just do this on all the current home directories via a script ( rather then a command ) on some kind of a schedule such as every30.

declare chflags="/usr/bin/chflags"
declare basename="/usr/bin/basename"
declare id="/usr/bin/id"
for USERHOME in "/Users/"* ; do
#/usr/sbin/chown -R
declare USER_NAME="$($basename "$USERHOME")"
if [ -d "$USERHOME/Library" ] ; then
    if $id "$USER_NAME" &>/dev/null ; then
        $chflags nohidden "$USERHOME/Library" 
        echo "User: $USER_NAME does not exist but has ~@:$USERHOME"



Or if you did not want to run on all users you could also run for the current console (logged in user) which is not much different then the $3 method above but could be run via an any type policy

declare -x USER_NAME="$(/usr/bin/who | /usr/bin/awk '/console/{print $1;exit}')"
declare -x USER_HOME="$(eval echo ~$USER_NAME)"
if [ ${#USER_NAME} -gt 0 ] ; then
  $chflags nohidden "$USER_HOME/Library"

New Contributor III

Also check out Rich's launch agent to do this with a pre made plist & script


New Contributor

Which one of the above would you recommend is best using with OD accounts?

New Contributor III

@wiltzie the eval variant should work as it will resolve the home directory to whatever path it may be, which typically is the auto mount starting with /Network/...

New Contributor III

I have created a script that could be a run as a policy to create a self contained launch agent that would run each user login to fix this

# This code generates a launchAgent that will unhide the Library
declare -xr cat="/bin/cat"
declare -xr defaults="/usr/bin/defaults"
declare -xr chown="/usr/sbin/chown"
declare -xr chmod="/bin/chmod"
declare -xr plutil="/usr/bin/plutil"

declare -x IDENT_KEY="com.github.acidprime.showLibrary"
declare -x LAUNCH_AGENT="/Library/LaunchAgents/$IDENT_KEY.plist"
declare -xa PROGRAM_ARGS=(/bin/bash -c '/usr/bin/chflags nohidden /Users/$USER/Library')

$defaults write "${LAUNCH_AGENT%%.plist}" Label "${IDENT_KEY:?}"
$defaults write "${LAUNCH_AGENT%%.plist}" ProgramArguments -array "${PROGRAM_ARGS[@]}"
$defaults write "${LAUNCH_AGENT%%.plist}" RunAtLoad -bool YES

$plutil -convert xml1 "${LAUNCH_AGENT:?}"

$chown 0:0 "${LAUNCH_AGENT:?}"
$chmod 744 "${LAUNCH_AGENT:?}"

$cat "${LAUNCH_AGENT:?}"
$plutil "${LAUNCH_AGENT:?}"


inspired by https://github.com/rtrouton/rtrouton_scripts/blob/master/rtrouton_scripts/lion_show_user_library/com...

Would not trigger until the user logs out and logs back in, but would catch all users new and old.