Skip to content

gregneagle/pycreateuserpkg

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

Tool for generating packages that create macOS user accounts on 10.8-12.x

macOS and Python notes

pycreateuserpkg requires Python and PyObjC. It also uses several command-line tools available on macOS. There is no support for running it on Windows or Linux.

In macOS 12.3, Apple removed the Python 2.7 install. Out-of-the-box, there is no Python installed. You'll need to provide your own Python and PyObjC to use pycreateuserpkg. It should run under Python 2.7, and Python 3.6-3.9 without issue.

Some options for providing an appropriate Python:

  1. If you also use Munki, use Munki's bundled Python, available at /usr/local/munki/munki-python
  2. Install Python from macadmins-python (https://github.com/macadmins/python).
  3. Install Python from https://www.python.org.
  4. There are other ways to install Python, inlcuding Homebrew (https://brew.sh), my relocatable-python tool (https://github.com/gregneagle/relocatable-python), using the python3 bundled with Xcode, and more.
  5. Notably, if you don't use options 1 or 2 above, and install Python some other way, you'll also need to install PyObjC.

You might ask "Why not change the shebang to #!/usr/bin/env python3 or even #!/usr/bin/python3? That could break many current users of the tool who haven't upgraded to macOS 12.3 and don't have Xcode and/or the Command line development tools installed. If/when you upgrade to macOS 12.3, you'll need to take some action anyway. No need to punish everyone else.

NEW 13-March-2022:

  • Due to the removal of Python 2 in macOS 12.3, the tool has been updated for compatibility with Python 3. There is still a dependency on PyObjC for plist writing, so this won't work out-of-the-box with the Python 3 installed as part of Xcode or the Command Line Development Tools (as these do not include PyObjC). This tool will work with Munki's Python, autopkg's Python, or the MacAdmins Python.
  • Extensive testing has not been done under Python 3; it's possible there are new bugs caused by the changes. Please create issues for any new bugs discovered.
  • "createuserpkg" renamed to "createuserpkg.py" and shebang line removed. Call the tool with the desired Python: for example munki-python createuserpkg.py [options]

NEW 12-Oct-2019:

More changes when updating existing accounts to work better with FileVault-enabled accounts. Existing authentication_authority attributes other than the ShadowHash are now preserved, and the generateduid is not changed/updated. This means when updating existing accounts there are three attributes that will not be changed/updated: uid, home, and generateduid. If you require these to be consistent across all machines you manage, consider deleting the account before installing the new package.

NEW 13-Aug-2019:

The create_user.py tool in the Scripts directory of the expanded package has been replaced by a compiled createuser tool written in Objective-C. (See the createuser directory for the source). This eliminates the dependency on Apple Python for the package itself to work on the current boot volume.

Note:

in 10.14+ when updating an existing account, the following attributes will NOT be updated: uid and home. This is due to new restrictions in Mojave.

$ python ./createuserpkg --help
Usage: createuserpkg [options] /path/to/output.pkg

Options:
  -h, --help            show this help message and exit

  Required User Options:
    -n NAME, --name=NAME
                        User shortname. REQUIRED.
    -u UID, --uid=UID   User uid. REQUIRED.

  Required Package Options:
    -V VERSION, --version=VERSION
                        Package version number. REQUIRED.
    -i IDENTIFIER, --identifier=IDENTIFIER
                        Package identifier. REQUIRED.

  Optional User Options:
    -p PASSWORD, --password=PASSWORD
                        User password. If this is not provided, interactively
                        prompt for password.
    -f FULLNAME, --fullname=FULLNAME
                        User full name. Optional.
    -g GID, --gid=GID   User gid. Optional.
    -G GENERATEDUID, --generateduid=GENERATEDUID
                        GeneratedUID (UUID). Optional.
    -H HOME, --home=HOME
                        Path to user home directory. Optional.
    -s SHELL, --shell=SHELL
                        User shell path. Optional.
    -a, --admin         User account should be added to admin group.
    -A, --autologin     User account should automatically login.
    --hidden            User account should be hidden.

  Optional Package Options:
    -d, --distribution  Creates a distribution-style package for use with
                        startosinstall

Example:

Making a local admin pkg with shortname "localadmin" and uid 501:

$ python ./createuserpkg -n localadmin -u 501 -a -i com.foo.localadminpkg -V 1.0 localadmin.pkg
Password: ********
Password (again): ********
pkgbuild: Inferring bundle components from contents of /var/folders/tc/sd4_mtvj14jdy7cg21m2gmcw000495/T/tmpj0FQ8n/create_user
pkgbuild: Adding top-level postinstall script
pkgbuild: Wrote package to localadmin.pkg

About

Python tool to create macOS packages that create user accounts

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published