Jump to content
InsanelyMac Forum
Kosta88

Applescript + Keychain password

Recommended Posts

Hello everyone,

 

I searched myself crazy on the net, reading the man page about security(1) and being quite a beginner, can't really pinpoint how to do this.

I want to mount my NAS drive to a folder: a movies folder on the NAS to my Movies folder on the OSX drive in the Users/Kosta. It asks for the password in the Terminal when I script that. I can however type in the password in text and save the app as run only (Option 1).

 

However, I would prefer to learn how to script a keychain password into the Applescript, without it really showing. I mean, not even sure if it makes sense, security-wise… should I just save the app as run only, or should I even bother with entering the keychain access, as in, if it's even more secure?

 

Any help would be appreciated!

Share this post


Link to post
Share on other sites
Advertisement

If you just want it to mount on login, just add the folder to your login items under System Preferences>Users and Groups and it can use your existing keychain credentials to mount it automatically every time you login. Then you can have alias in Movies, or make Movies the alias. Symbolic link is also option if you want any automated content management to be done at this location i.e. Plex/Sickbeard. Also since it ties into a previous post you made, if you were to ever include a Username and Password in a script, make a new non-admin user with different password and give them permission to only those items your trying to access and use that username/password. Also when doing via shell script, whatever UNIX command is involved, if it's nothing that can cause too much havoc you can copy it from say usr/bin to /Users/You/Applications and change it's permissions in that location, then just use that location in your script. i.e. want to run nsupdate, once copied to alternate location just use the full path instead of only the command. If bulding script into an app, you can also copy same way directly into an app's resources and have your app/script use it from there.

 

Another thing, when scripting in an app, since the path to it's resources can change if you move the application to another location, you don't want to use absolute paths. Here's an expert of one I did as part of a much larger app, but it's a means to launch a shell scrpt via applescript all in self contained app. When run via applescript editor vs built in Xcode, (path to me) will change from the folder containing the script to the full script path, this is why in example "container of" is used, but testing this via script editor only it will fail.

tell application "System Events"
set Foo to (path to me) as alias
set Bar to container of Foo
set BarFoo to (POSIX path of Bar & "myshellscript.sh")
set FooBar to quoted form of BarFoo
do shell script "open " & FooBar
end tell

Share this post


Link to post
Share on other sites

I am aware of putting the folder into Login Items, however this is not what I want to do. I have couple of similar folders and for some reason OSX will mix them up if I do it via Login Items. I needs to mount them, by their correct paths and to correct folders in my User folder.

 

Rest is quite Greek to me. What I did understand is I can make a normal user, but how do I give it permission only to use those folders?

 

Is it correct to understand that a shell script is simply written text document beginning with a #!/bin/sh and then having normal terminal commands, like mount, route etc? Those are the commands I am trying to automate right now (as a learning process of OSX and UNIX), and I guess those can't cause too much havoc, right? Rest I don't get, how can I copy directly into app's resources??

 

This script you wrote, what is it doing? What is a self contained app?

 

Sorry to be so blunt, I see you have taken yourself time, but I understand very little of what you wrote really.

Share this post


Link to post
Share on other sites
I am aware of putting the folder into Login Items, however this is not what I want to do. I have couple of similar folders and for some reason OSX will mix them up if I do it via Login Items. I needs to mount them, by their correct paths and to correct folders in my User folder.

Create a symbolic link to the folder and place that link in your user folder where you want it, then add that symbolic link to your login items. OSX treats symbolic links different than an alias (shortcut) and sees them as if they were physical folder locations

 

Rest is quite Greek to me. What I did understand is I can make a normal user, but how do I give it permission only to use those folders?

If they are OSX folders, set custom permissions via File Sharing preferences. If they are on a remote server (NAS), access permissions would be handled there

 

Is it correct to understand that a shell script is simply written text document beginning with a #!/bin/sh and then having normal terminal commands, like mount, route etc?
Kinda. It needs to be set as executable. Also carriage returns and other hidden aspects of text formatting can cause issues, use TextWrangler as it plays nicer for script writing. The shebang (#!/bin/sh) is actually #!/path/to/shell, the #! is the important part and after that whatever shell your using which could be Bourne (#!/bin/sh), Bash (#!/bin/bash) or Korn (#!/bin/ksh) or any other shell your using. The commands available and how the script is written/behaves will vary depending on the shell used. Commands that are part of the shell language can't be copied/moved, but additional UNIX ones that have their own executable file can (Sorry I'm not explaining that better, you could technically move the shell to alt path, but lets not go there)

 

This script you wrote, what is it doing? What is a self contained app?
Xcode aside, any apple script can be saved as a .app via AppleScriptEditor, which will look and work like any other application. A shell script cannot be an application but can be part of one. If you RT click and show contents, inside you'll see /Contents/Resources/ and additional files and scripts that are needed to make the application work can be stored here. The script I wrote would be saved as an application, and it simply grabs another shell script from inside it's resource folder and runs it. In
set BarFoo to (POSIX path of Bar & "myshellscript.sh")

"myshellscript.sh" Can be whatever you want to run that's inside the apps resource folder. It could be another application, a package installer, whatever. In most cases here are a many different ways to accomplish the same tasks with scripting being only one of a few, and then there are a million different ways to script something. Granted I don't know all the exact details of what your doing and how all it's set up, but don't see anything that would "require" the command line every time, and therefore shouldn't require a script to accomplish. Other options would be a launch agent or daemon which is in plist format (brief explanation here) (which can also run scripts if needed) , Automator workflow, or even via Finder's login settings as mentioned earlier. Find the different ways, exact step by step, to accomplish your task manually, then based on that process, you'll be better able to decide the best and easiest way to automate it. Anything that can be done by clicking around in OSX can also be done via Applescript, even simulating keyboard presses or clicking different buttons in a window or on the menubar. If you can find a manual way of doing something that doesn't require you type username and password every single time, you can script it without need to use password there too.

 

 

Sorry to be so blunt, I see you have taken yourself time, but I understand very little of what you wrote really.
Sorry, it's really not possible to go into the level of detail that might be needed on a forum, there's very big books on this stuff :) I'm no expert compared to many others, know just enough to get by (or get myself into trouble)

Share this post


Link to post
Share on other sites

Alright, I'll try it with the symbolic links, looks interesting, but makes me wonder: why do people say then that OSX is easier than Windows? :)

 

Sharing: I can give a single user a single sharing folder, that is true, but if I turn on Samba, all folders are going to be shared for some reason... I mean, I didn't try it yet, but when I go to the windows PC, and try to access my shares, even if I don't share ANY folders in the Sharing, it will show me all drives. I logged in from windows PC with my username/pwd that I set up. As I said, didn't try it yet, but is the sharing behaviour of a sharing account or normal account so, that it only shows the shared folders?

 

What really annoys me is that I can connect to the router-disk via smb://x.x.x.x via CMD+K, but it won't connect via route_smbfs command. To my understanding, these two are two same things. Or not?

 

"Sorry, it's really not possible to go into the level of detail that might be needed on a forum, there's very big books on this stuff :) I'm no expert compared to many others, know just enough to get by (or get myself into trouble)"

 

Ohh, yeah, very big books, lol. Not really sure I want to go THAT far. OSX is more or less "fun" for now. I installed it primarily for Logic, as it has been lost to me since they moved from PC -> MAC. And it was my all time favorite program. I was thinking of moving to OSX completely, but right now can't get one thing to work properly:

Accessing my shares under OSX from my QNAP NMP-1000P. This is the only thing holding me back. The QNAP denies any shares I access. Those same shares are accessed with same preferences under windows though! I don't really know who to blame, Qnap or Apple. However, can't go to Apple, since not really bought a mac :wallbash:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Posts

    • HWMonitor2 v2.1.0rc3:  
    • There are new Bios updates that came out. I think these were to address the security defects in the kernel?   I updated both my 790 and 990 without issue.
    • Crack download software petromod v2016.2 GeoTeric v2017 paleoscan v2016.1 Leica CloudWorx v6.2 techlog v2016.1
      ttmeps#gmail.com ----- change "#" to "@"
      Anything you need,You can also check here: ctrl + f
        midas civil 2018 v1.2
      symmetre r410
      CP-Studio
      kepware 5.20
      saia PG5 2.1
      Motocom32 dx200 plus
      procon-win 3.5
      midas soilworks 3.5
      geostudio 2012
      technet GMbH PreDesigner 2017
      framecad structure v8
      csi preform 3d v6
      geogiga seismic pro 8.3
      citect 7.2
      3dbody 7.0
      3shape convince
      plastycad
      hypermill 2018
      deswik suite 2017.1
      Scania XCom 2.30
      tebis 4.0
      3shape implant studio 2017
      Cape pack V2.15
      Prinect Signa Station 2017
      exoplan 2017.03
      MagiCAD 2018 
      ExoCad 2017.12
      MillBox 2016
      GOM ARAMIS 6.15
      Blue Sky Plan v3 x64
      Maestro 3D Dental Studio 4
      Sirona InLab 4.2.5
      Maestro Ortho Studio Build 2.8
      Zirkonzahn 2017
      Dolphin Imaging 11.9
      Digital Smile System 1.9.8
      PlastyCAD 1.7
      3Diagnosys 4.1
      ArKaos MediaMaster 5.0.3
      smile designer pro v2.6.1 
      GEO5 2017
      TRUSS4 v10
      exocad Partial Framework 2017
      OnDemand3D Application 1.0.10.5385
      Dental Master 2016 
      Dental Wings (DWOS) 2016
      Ekahau Site Survey 8.6.1
      HYPACK 2016
      Dental Shaper
      Orcaflex 10.0e
      AQWA
      MOSES
      NAPA 2017
      offpipe
      maxsurf
      DNV GL AS PHAST
      DNV safty offshore 7.2
      aveva bocad suite 2.2.0.3
      AVEVA Engineering v14.1 SP1
      Aveva everything3D (E3D) v2.1
      napa ship designer
      numeca fine
      marine 3.1
      Veristar Hull, Stability, Homer, Optimise
      Hydrostar, ariane7
      AVEVA Marine 12.1 SP4.29
      sacs 11.0
      DNV Sesam all moduels
      Leica GEOMOS v5.0
      Rocscience RS3
      3shape orthodontic 2017
      Onyx ProductionHouse v12.1
      pc-dmis 2018
      exocad DentalCAD 2.2 Valletta
      exocad 2018
      frontline genflex 3.2c1
      frontline genesis 10.02
      ez-fixture 9.6.4
      ezgrid 9.5
      ucam 10.2
      em-test expert v8
      3shape design system 2017 2.17.3.0
      PC-DMIS 2018R1 x64
      Motor-CAD/Motorcad 11.1.5
      Synopsys Synplify FPGA 2017.09 Win&Linux FPGA
      Golden Software Strater 5.4.948
      Golden Software MapViewer 8.6.651
      Waterloo Visual MODFLOW Flex 2018.v5.1
      Cype 2017m
      Intergraph SmartPlant Spoolgen Isometrics 2014.v08
      Intergraph SmartSketch 2014.v08.00.00 R1
      Intergraph CAESAR II 2018 v10.00.00 x64
      Intergraph SmartPlant P&ID 2014 R1
      IHS QUE$TOR 2017 Q1
      Intergraph SmartPlant Review 2017 v12.00.00.0501
      ANSYS Apache Totem 14.1 Linux64
      Crosslight Csuprem 2018 x64
      Ensoft LPile 2018.10.02
      AnyBody Modeling System 7.1
      Antenna Magus 2018.0.v8.0 x64
      CGERisk BowTieXP 9.0.1
      PDI GRLWEAP Offshore Wave 2010-7
      NI AWR Design Environment with Analyst 13.03 x64
      Rock Flow Dynamics RFD tNavigator 2017.v17.3 x64
      CMG (Computer Modelling Group) Suite 2017.10
      PHDwin2.10.3
      meyer 12 2017.12
      Schlumberger petrel 2017
      HampsonRussell Suite 10.3 
      geoview 10.3 HRS 10.3
      Midland Valley move 2018.1
      jason 9.7
      Schlumberger CoilCADE 6.0
      Schlumberger StimCADE 4.0
      crystal 2018.1
      gohfer 9.0.1.6
      omni 2017.1
      tesseral pro 5.0.3b
      ERDAS IMAGINE 2018
      Waypoint Inertial Explorer 8.7
      Deswik suite 2017
      FAROBox PointSense plant 18.5
      EyeRadar 2.0
      Leica Xpro 6.4
      Trimble EdgeWise_v5.0.2SP1
      Trimble Business Center 4.0
      3DReshaper 2017 x64
      Amberg Tunnel 2
      virtual surveyor 3.6
      cloudworx for revit
      socet set 5.6
      socet GXP 4.1
      OrbitGT
      Riscan PRO 2.0 x64
      JAR reconstrucer 3.3.0 x64
      Materialise E-stage v6.6
      Virtual Surveyor 3.5
      CARIS HIPS and SIPS 10.2
      DP-moderler
      APS 7.6
      Imagestation SSK 2015
      Deswik 2017.2.1234
      EnterVol 2017.4 for ArcGis
      Geochemist Workbench 11.0.8
      Maptek Vulcan 10.1.4
      Tesseral Pro 5.0.3
      Tesseral 2D 7.2.8
      Global Mapper 19.0.2
      GEOVIA Surpac 6.8
      Ventsim 4.8
      MineSched 9.1.0 x64
      Paradigm 17
      VUMA3D-NETWORK 2018
      MineSight 12.0
      Maptek Eureka 4.1
      whittle 4.7.0.1
      Leapfrog Geo 4.0
      Leapfrog Geothermal 3.2
      Leapfrog Hydro 2.6
      OptiSPICE 5.2
      VPI transmission maker 9.8 x64
      VPI photonics Analyzer 9.8 x64
      VPI componentMaker 9.8 x64
      socet gxp 4.3
      GEOVIA GEMS 6.8.1
      GamaPrintPro
      PosterShop
      RipCente
      ProductionHouse 12
      neoStampa 8.1.5
      Fiery XF v6.5
      ORIS COLOR TUNER WEB 3.1
      ORIS PRESS MATCHER WEB 1.4
      FlexiSIGN & PRINT 12
      PhotoPrint 12 Cloud
      ColorGate V10
      neo Textil
      ACRORIP 9.03
      ErgoSoft RIP 15
      3shape trios 1.4.7.4
      OptiSystem 15
      plaxis 2D 2017
      plaxis 3D 2017
      Rocscience SLIDE3 V2017.010
      Rocscience SLIDE V7.029
      Rocscience RocData v5.008
      Rocscience RS3 v2.005
      Rocscience RS2 phase2 v9.023
      ITASCA 3DEC v5.20.250
      ITASCA Griddle v1.0.1
      ITASCA UDEC v6.0.323
      ITASCA PFC v5.0.32
      ITASCA Flac3D V6.0.48
      ITASCA Flac v8.0.443


×