Skip to main content

I'm trying to write a script that will pull the local username for a given UID so I can reset the password for an account without knowing the username. The goal is to reset all local user passwords (except a specific admin account) on a device. I'm trying to assign the username to a variable by using id but it isn't working. Any thoughts are appreciated.



# HARDCODED VALUES

newPassword="12345"



# CHECK FOR VALUE PASSED FROM JSS IN PARAMETER 4 AND, IF SO, ASSIGN TO "newPassword"

if [ "$4" != "" ] && [ "$newPassword" == "" ]; then

    newPassword=$4

    echo "New password will be passed from JSS policy"

fi



# VARIABLES

user501=[[ id -F 501 | tr -d ' ' | tr '[:upper:]' '[:lower:]']]

user502=[[ id -F 502 | tr -d ' ' | tr '[:upper:]' '[:lower:]']]



# display info for testing purposes

echo "501 = " $user501

echo "502 = " $user502



# change password for 501 user



# check if user is rsu9 account

if [ "$user501" != "rsu9" ] && [ "$user501" != "" ];then



# check if user account has a local home folder then change password if found

    if [[ -e "/Users/$user501/" ]];then



# change user password

dscl . passwd /Users/$user501 $newPassword



# delete the users Login keychain

rm -r /Users/$user501/Library/Keychains/

printf "Password successfully changed."

exit 0

else

printf "user account not found"

exit 1

    fi

fi


In the code above, the lines echo "501 = " $user501 and echo "502 = " $user502 displays no content. I assume that the id command is simply displaying information and not actually providing it as something that can be assigned to a variable.

If you already know the UUID of the account, you're probably better off just using DSCL. This command should return the accounts short name:



user501=$(dscl . -list /Users UniqueID | grep 501 | awk '{print $1}')

Edit: Nevermind the below. It should work as is. Not sure why it would not be echoing back the usernames though.



Plus the echo lines have the closing quote in the wrong location. Change echo "501 = " $user501 to echo "501 = $user501" and it should echo out the names.



Edit 2: Ok, I see why now. These commands:



user501=[[ id -F 501 | tr -d ' ' | tr '[:upper:]' '[:lower:]']]

user502=[[ id -F 502 | tr -d ' ' | tr '[:upper:]' '[:lower:]']]


are not actually assigning variables. You don't use double brackets for that, which is performing a test, not assigning a variable. Change these to



user501=$(id -F 501 | tr -d ' ' | tr '[:upper:]' '[:lower:]')

user502=$(id -F 502 | tr -d ' ' | tr '[:upper:]' '[:lower:]')


and the echo lines should work, as well as the rest of the script I assume.



Also, you shouldn't need the first tr command that I can see. I'm not sure why that's included. And awk has a print tolower (and print toupper) command that is simpler to use than tr for changing the case, which also doesn't seem like it should be needed here



user501=$(id -F 501 | awk '{print tolower}')
Terms & ConditionsCookie settings