Mac OSX multiple logins on startup

OSX has a useful feature which lets you automatically log a user in when a machine starts up. There is a second useful feature which lets you start applications when a user logs in. Combining the two you can have a solution to the issue of your machine falling over for some reason (e.g. power cuts, people switching it off etc.)

There is one small limitation here though, if you want to have multiple users logged in (using fast user switching) there’s no way by default to have them all log in at startup.

The reason I want to do this is that our Mac Mini is used as both a communal machine for guests etc. to use, and as a machine for downloading things using Bittorrent. I don’t want people to be able to interfere with or have any awareness of the downloads. I also want to be able to lock the guest account down to an extent, e.g. picking what applications can be run via parental controls, and disabling admin rights.

The solution I came up with is a short AppleScript which runs on startup. This activates fast user switching, picks the guest/non-admin account (which is called Photon, same as the machine) and enters the password. The machine then immediately switches over to that account on login.

The downside to this approach is that it means auto-login must be activated for the admin account (my account on the machine). This isn’t a foolproof way to stop malicious activity, and if the machine was doing anything more important than downloading files I would look for a better solution or just not do this at all. As it is though this works well enough.

The script is:

set password_ to "password_of_photon_account"
set idnumber to do shell script "/usr/bin/id -u photon"
do shell script "/System/Library/CoreServices/Menu\\ Extras/User.menu/Contents/Resources/CGSession -switchToUserID " & idnumber
tell application "System Events"
repeat until exists process "SecurityAgent"
delay 0.5
end repeat
keystroke password_
keystroke return
end tell

Simple! This is saved as an application, so it can be put under startup items for my account.

One possible way to make this more secure would be to have the script disable keyboard/mouse input when it starts to run, then re-enable them once the password has been entered. This would prevent someone from alt+tabbing out of the script window and defeating the script.

It’s a shame that there’s no provision for logging in multiple accounts automatically built into OSX, preferably with the ability to pick which one is in the foreground.