sootman's Journal: Changes in 'screencapture' from Tiger to Leopard

OS X ships with a great little command-line utility called 'screencapture.' It is a command-line interface to OS X's screen capture tool, which is activated from the desktop by pressing shift-command-3. If you want to monitor a computer you're not sitting at (10.4 or earlier--see below) just ssh in and say something like

screencapture -x screen.png

and then view the file--scp it to the computer you're sitting at, or use FTP, or whatever. It's a standard unix-style command, simple as can be--'screencapture' does just what you'd expect it to, the '-x' means "don't play the 'click' sound" and then you specify the output file, 'screen.png' in this example. (This worked in earlier versions of OS X with some changes. 10.3, for example, saved screen caps as PDFs so you'd say 'screen.pdf' instead.)

You have to run that as the logged-in user or as root. One of the things I used it for was to monitor some conference rooms that I'm in charge of by running this script and saving the file to a web-viewable directory. To do this on a stock 10.4 machine, just create a file called 'screen.pl' in /Library/WebServer/CGI-Executables/ with these contents:

#!/usr/bin/perl
use CGI;
$cgi = CGI->new();
print $cgi->header;
print qq~<html>\n<head>\n<title>View Screen</title>\n</head>\n<body>\n~;
my $step1 = qx!screencapture -x /Library/WebServer/Documents/screen.png!;
print qq~<img src='/screen.png' border='1'>\n~;
print qq~</body>\n</html>\n~;
1;

It's a Perl script, so 'chmod 755' it, and there should be a blank line at the end, IIRC. Make sure the user this script will be running as can write to /Library/WebServer/Documents/. Then, edit your httpd.conf file (sudo pico /etc/httpd/httpd.conf) and change the user that the server runs as to either a) the user who is always logged in or b) root. (Yes, I know this is a potential security risk. I do not recommend running this on a box that is viewable to the Internet at large.) In my case, monitoring computers in the conference room where everyone logged into an account named 'conference', I changed these lines in httpd.conf from

User www
Group www

to

User conference
Group conference

(Remember to restart the webserver for these changes to take effect. (sudo apachectl graceful) Also note that dpending on various things, the group name may or may not be the same as the user name. ls /Users/ for a hint.) Once you've done that, you can see the screen by visiting http://ip.address.goes.here/cgi-bin/screen.pl . Very useful little tool.

So everything was going along fine until 10.5 came out. They seem to have slammed the door on running screencapture in any way remote way. Even if you ssh in as the user who is currently logged in it won't let you. But you can then log in locally, press 'up' one time to call the same command out of .bash_history, and it works just fine. And, of course, my perl script above no longer works. (Note that 10.5 has Apache's config file stored in /etc/apache2/httpd.conf.) Well, it kind of works, but all you see is a black image (the same size as your desktop) and not the actual screen. But it's definitely a remote-vs-local issue: you can run say screencapture -x screen.pngfrom a locally-spawned Terminal session and it works--creates a file in whatever directory you're in--but ssh in and run it or visit /cgi-bin/screen.pl and it doesn't. The question is, does anyone know why, and can anyone find a way around this? I've tried some things with Automator but I really want this to run invisibly so it doesn't bother whoever's using the machine.

Rootkit potential must have killed it

[illumin8]

That's a really cool feature that I never knew OS X had. My guess is that Apple killed the remote ability to take screenshots because of the rookit and spying potential. That's too bad because it sounds like a cool way to monitor remote servers.

fix straight from the man page

[zn0k]

Straight from the man page:

SECURITY CONSIDERATIONS
To capture screen content while logged in via ssh, you must launch screencapture in the same mach bootstrap hierarchy as loginwindow:

PID=pid of loginwindow
sudo launchctl bsexec $PID screencapture [options]

So as a user with adminstrator rights, something like this does well enough:

sudo launchctl bsexec `ps ax | grep "[l]oginwindow" | awk '{ print $1 }'`

Re:

[sootman]

*Smacks forehead* Of course! The man page! The last place I would *ever* think to look! Seriously, Apple does so much stuff behind the scenes, sometimes small, sometimes large, sometimes prominently documented, sometimes not... changing the default shell from tcsh to bash, changing the screenshot format from tiff to pdf to png, moving to launchd... sometimes it's really hard to find out why they made a change and what is different.

Thanks for the example, it worked perfectly. The only downside is that this w

Re:

[zn0k]

Rather than change user permissions all over the place, why don't you just either edit /etc/sudoers (man sudoers for examples) to allow that specific user to sudo your script without a password? That will allow it to be non-interactive while giving the least necessary permissions, and making the least necessary changes.

Also, to set up a repetitive task under OS X I think you should rather set up a LaunchAgent than use an old school cronjob. I'm more of a Linux/BSD person myself and still learning about OS X

Re:

[alextmqazwsx]

you could do what i did for a different purpose. edit the sudoers file so it looks like somewhat like this:
"# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Runas alias specification

# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
www ALL=(ALL) NOPASSWD: ALL

# Uncomment to

Re:

[sootman]

Thanks for the info. I've never done much with Perl, this was adapted from a script that a friend wrote for me ages ago. Originally it had stuff like

my $up = qx!uptime!;
print qq~<b>This computer's uptime: </b> $up<br>~;

and all I knew was that it was one way to run commands and that it worked. :-) Actually, the full script that I'm using still does have stuff like that--above the screenshot it shows the date, uptime, who's logged in, etc. I just stripped out everything non-essential for

pty problem?

[multipartmixed]

You need to strace the binary and figure out how it's telling that you're not local.

My best guess is that they are looking are your pseudo-tty. If that's the case, you may be able to create a creative chroot jail for the screen cap program, which rejigs the label your pty is every time you log in from remote.

If it's a deeper check, you may need to start wrapping some dylibs in a very creative way.