My current environment is currently set up so the end users are local admins and the Administrator account is hidden. I am testing our Jamf Connect deployment and demoting my users to standard. I have come across an issue that If I am working on a standard users machine I can't run sudo commands in terminal. Is there a workaround for this??
Page 1 / 1
When you demote a user from admin to standard it removes their sudo privileges. This is a good thing since you don't want a non-admin account to still have admin abilities. What I do in situations when I'm working while logged in as a standard account is run this command in terminal: su adminusername
"adminusername" is the short name of your admin account. You will be prompted to fill in this user's password. Once you do that, Terminal switches to running commands as this admin account. You will then have full sudo privileges. When you're done, type exit and then return to exit the admin user's Terminal session.
If you later want to promote someone's account to admin, you can use this script to do it. You need to add the user to the sudoers group after they become an admin.
#! /bin/bash
##Get the current user who is logged into this Mac.
currentuser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
echo $currentuser
##Promote the current user to admin
dscl . -append /groups/admin GroupMembership $currentuser
##Add the current user to the sudoers group
echo "$currentuser ALL=(ALL) ALL" >> /etc/sudoers
Completely forgot about the su - AdminUserName command. I did this to solve my issue.
When you demote a user from admin to standard it removes their sudo privileges. This is a good thing since you don't want a non-admin account to still have admin abilities. What I do in situations when I'm working while logged in as a standard account is run this command in terminal: su adminusername
"adminusername" is the short name of your admin account. You will be prompted to fill in this user's password. Once you do that, Terminal switches to running commands as this admin account. You will then have full sudo privileges. When you're done, type exit and then return to exit the admin user's Terminal session.
If you later want to promote someone's account to admin, you can use this script to do it. You need to add the user to the sudoers group after they become an admin.
#! /bin/bash
##Get the current user who is logged into this Mac.
currentuser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
echo $currentuser
##Promote the current user to admin
dscl . -append /groups/admin GroupMembership $currentuser
##Add the current user to the sudoers group
echo "$currentuser ALL=(ALL) ALL" >> /etc/sudoers
This would not work 100% in my environment. Jamf Connect uses Azure AD. If a user gets promoted with a script it will revert back to what they are set up to be in Azure AD and that is a standard user. We will have a list of developers and such that will retain local admin rights.
Completely forgot about the su - AdminUserName command. I did this to solve my issue.
I'm happy I was able to help!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.