Hi! In an enterprise setting I need to run an shell script after a (any) user logs in. This shell script needs to know the user name and it needs to be able to do certain root/admin-only tasks, e.g. chown(8), even for non-priveledged users. Loginwindow Hooks are described here and apart from some minor typos in the KB seem to fit the bill: <http://support.apple.com/kb/HT2420> <http://developer.apple.com/mac/library/documentation/MacOSX/ Conceptual/BPSystemStartup/Articles/CustomLogin.html> The only alternative I can think of would be a launchd agent calling a setuid script. While the security would not really be worse than that of a Loginwindow Hook script, I don't like the combination of setuid and shell script. OTOH Loginwindow Hooks are kind of fragile because there can be only one of then. What would be the preferred way to handle something like this for 10.5 + as well as 10.6+? Thanks! Mike -- Mike Fischer Softwareentwicklung, EDV-Beratung Schulung, Vertrieb Web: <http://homepage.mac.com/mike_fischer/index.html> Note: I read this list in digest mode! Send me a private copy for faster responses.