Issue demoting users

Question

I used to have a pretty basic script that would revoke admin privileges to the logged in user but I noticed that it is no longer working. Here is what I've been using:

if [[ `/usr/bin/dscl . read /Groups/admin GroupMembership | /usr/bin/grep -c $3` == 0 ]]
    then /bin/echo "$3 is NOT the admin group, exiting"
        exit 0
    else /bin/echo "$3 is an admin, demoting.." 
fi    
/usr/sbin/dseditgroup -o edit -d $3 -t user admin

Here is what I am seeing in the logs since last week:

Executing Policy RevokeAdminRights
Running script RevokeAdminPriviledges...
Script exit code: 64
Script result: usage: grep [-abcDEFGHhIiJLlmnOoqRSsUVvwxZ] [-A num] [-B num] [-C[num]]
    [-e pattern] [-f file] [--binary-files=value] [--color=when]
    [--context[=num]] [--directories=action] [--label] [--line-buffered]
    [--null] [pattern] [file ...]
 is an admin, demoting..
Group not found.
Error running script: return code was 64.

Can anybody help me with this?

gabester · Answer

Looking at the output it's pretty clear that somehow $3 (the logged in user) isn't getting passed. Is this script somehow running when user is NOT logged on? The key is the grep output, same as you'd get for running grep -c and the line " is an admin, demoting.."

I like to ensure my parameters are not empty with a leadin test like this

if [ -z "${3}" ]; then
  echo "user parameter was empty."
  userName=$(/bin/ls -la /dev/console | cut -d " " -f 4)
  if [ -z "$userName" ]; then
    echo "No user logged on."
  fi
else
  userName="${3}" # Why the brackets you ask? To properly use parameters 10 and 11 
fi

Can't give you a good answer for why $3 would be null when a user is logged on... but maybe try a different way to capture the user, a vague rattling in my memory suggests $3 is not always reliable - like if one user is logged on but a different user is logged into Self Service?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded