Yes, files flagged as executable will still be executable under Single User Mode.
opendirectoryd is just for handling logins/authentication and using root doesn't require that, and you don't need to launch it if you just intend to manage files.
I found what looks like a workable route, but it's indelicate:
Kill the 'loginwindow' process for a user (as root - the user can't kill its own process(!)) (note, the [n] prevents the regex matching itself), then use kill -9 -1 to catch the remaining mess:
$ for i in $users; do
echo $pword |
ssh $i@localhost '
sudo -S kill -9 $(
ps -axf | awk "/^ *$(id -u '$i') .*logi[n]window/{ print \$2 }"
);
kill -9 -1
';
done
It leaves two processes around
- /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Versions/A/Support/mdworker -s mdworker -c MDSImporterWorker -m com.apple.mdworker.shared
- /usr/sbin/cfprefsd agent
...which various mac pages claim are normal OS X weirdness.
I don't particularly like this solution, because it's so abrupt and I'm concerned about leaving things like iOS phone simulators or other files in inconsistent states, but the the absence of another answer, it seems I have little other choice.
At least I can use this as an emergency back-up for when the Applescript route fails, and the kill -9 -1
tidies up what Apple's normal but shoddy logout process leaves hanging around anyway.
I'll also note that doing anything with multiple desktop users messes up network connectivity for me, apparently due to Apple not bothering to think through how authenticated networks should behave.
Best Answer
The only way I know how is to modify the System's "User Template". Here's the steps I used to test on Lion.
Copy the current account's com.apple.desktop.plist file to the user template: