macOS 脚本设置用户开机自动登录

最新推荐文章于 2025-11-11 02:47:17 发布

原创最新推荐文章于 2025-11-11 02:47:17 发布 · 1.1k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#macos #linux #运维

本文介绍了如何在macOS系统中通过脚本设置开机自动登录，以解决批量设备处理时的效率问题。通常手动设置需要在‘系统偏好设置’中操作，但通过脚本可以更便捷地处理。关键涉及到/etc/kcpassword文件，该文件存储了加密后的密码。提供了一个名为enableAutoLogin.sh的shell脚本，执行该脚本并输入用户名和密码即可实现自动登录。

每次macOS开机后，都需要手工登录，对于用于执行后台任务的Mac mini或者只是用来打包的iMac或者对于没有键盘鼠标的设备来说，确实比较麻烦。

一般我们可以通过手动来设置，在 ‘系统偏好设置’/'用户与群组'/'登录选项'，在 ‘自动登录’选择要登录的账号，输入一下账号对应的密码即可。

如果是批量的设备需要处理，手工必然需要花费大量的人力和时间。

我们通过脚本来完成，通过脚本来设置，主要会遇到/etc/kcpassword的处理。

我们可以通过以下脚本来处理。

#!/bin/bash
: <<-LICENSE_BLOCK
setAutoLogin (20210911) - Copyright (c) 2021 Joel Bruner (https://github.com/brunerd)
Licensed under the MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
LICENSE_BLOCK

#############
# VARIABLES #
#############

#this can be blank if that is the password, it will be verified
USERNAME="${1}"

#this can be blank if that is the password
PW="${2}"

#############
# FUNCTIONS #
#############

#given a string creates data for /etc/kcpassword
function kcpasswordEncode {

	#ascii string
	local thisString="${1}"
	local i

	#macOS cipher hex ascii representation array
	local cipherHex_array=( 7D 89 52 23 D2 BC DD EA A3 B9 1F )

	#converted to hex representation with spaces
	local thisStringHex_array=( $(echo -n "${thisString}" | xxd -p -u | sed 's/../& /g') )

	#get padding by subtraction if under 12 
	if [ "${#thisStringHex_array[@]}" -lt 12  ]; then
		local padding=$(( 12 -  ${#thisStringHex_array[@]} ))
	#get padding by subtracting remainder of modulo 12 if over 12 
	elif [ "$(( ${#thisStringHex_array[@]} % 12 ))" -ne 0  ]; then
		local padding=$(( (12 - ${#thisStringHex_array[@]} % 12) ))
	#otherwise even multiples of 12 still need 12 padding
	else
		local padding=12
	fi	

	#cycle through each element of the array + padding
	for ((i=0; i < $(( ${#thisStringHex_array[@]} + ${padding})); i++)); do
		#use modulus to loop through the cipher array elements
		local charHex_cipher=${cipherHex_array[$(( $i % 11 ))]}

		#get the current hex representation element
		local charHex=${thisStringHex_array[$i]}
	
		#use $(( shell Aritmethic )) to ^ XOR the two 0x## values (extra padding is 0x00) 
		#take decimal value and printf convert to two char hex value
		#use xxd to convert hex to actual value and append to the encodedString variable
		local encodedString+=$(printf "%02X" "$(( 0x${charHex_cipher} ^ 0x${charHex:-00} ))" | xxd -r -p)
	done

	#return the string without a newline
	echo -n "${encodedString}"
}

########
# MAIN #
########

#quit if not root
if [ "${UID}" != 0 ]; then
	echo "Please run as root, exiting."
	exit 1
fi

#if we have a USERNAME
if [ -n "${USERNAME}" ]; then 

	#check user
	if ! id "${USERNAME}" &> /dev/null; then
		echo "User '${USERNAME}' not found, exiting."
		exit 1
	fi

	if ! /usr/bin/dscl /Search -authonly "${USERNAME}" "${PW}" &> /dev/null; then
		echo "Invalid password for '${USERNAME}', exiting."
		exit 1
	fi

	#encode password and write file 
	kcpasswordEncode "${PW}" > /etc/kcpassword

	#ensure ownership and permissions (600)
	chown root:wheel /etc/kcpassword
	chmod u=rw,go= /etc/kcpassword

	#turn on auto login
	/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser -string "${USERNAME}"

	echo "Auto login enabled for '${USERNAME}'"
#if not USERNAME turn OFF
else
	[ -f /etc/kcpassword ] && rm -f /etc/kcpassword
	/usr/bin/defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser &> /dev/null
	echo "Auto login disabled"
fi

exit 0

以上的脚本会用shell处理kcpassword这个文件，这个文件是密码加密后的密文，macOS会在启动时，检查该文件是否存在，如果存在，会调用此文件用来登录。

我们将上面的文件为一个脚本，比如enableAutoLogin.sh , 然后 chmod u+x enableAutoLogin.sh,

再执行以下，比如我想启用DEMO这个账号，可以在enableAutoLogin.sh <DEMO>,输入用户名密码即可。

重新启动后会自动登录。