Help

Adding specific user (not everyone) to lpadmin Group

Go to solution
MisterDeeds99
New Contributor II

Posted on ‎08-09-2024 08:43 AM

Hello everyone, My company and I are looking to allow our users access to the print options on the mac with out full admin credentials. These users have local accounts on their computer, not domain based.

I know the following script that most people have used on the forms is below, however, it uses the term everyone

/usr/sbin/dseditgroup -o edit -a everyone -t group lpadmin

I know that if I replace everyone with the specific user, e.g. Charlie, then Charlie would get access to the Printer group but not Anthony, even though they share the same computer. However, this would require me to replace the name every time I give the script to another user or run it in Jamf.

 

Is there a way to specify that you only want the current logged in user to be added to this group? I have tried the following in replace of everyone but I end up with the error Record was not found:

  • whoami
  • `whoami`
  • $USER
  • $LoggedInUser

 

Thanks in Advance

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
jamf-42
Valued Contributor II
In response to MisterDeeds99

Posted on ‎08-09-2024 10:40 AM

sorry, typo in that.. just tested and it seems to work adding to _lpuser .. 

so.. the variable name needs to be the same.. you can encapsulate it with "$foo" if the user name has funky chars.. 

dseditgroup -o edit -a "$loggedinuser" -t user _lpadmin

 

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
jamf-42
Valued Contributor II

Posted on ‎08-09-2024 08:47 AM

many ways to skin this cat.. here is one:

loggedinuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

0 Kudos

Go to solution
MisterDeeds99
New Contributor II
In response to jamf-42

Posted on ‎08-09-2024 09:49 AM

Am I doing something wrong with how I am entering it in because it still does not want to work for me. I was able to confirm that the loggedinuser code works, however when I try to enter it into the code it doesn't.

sh-3.2# loggedinuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
sh-3.2# echo $loggedinuser
Charlie
sh-3.2# /usr/sbin/dseditgroup -o edit -a $loggedinuser -t group lpadmin
Record was not found.
sh-3.2# /usr/sbin/dseditgroup -o edit -a loggedinuser -t group lpadmin
Record was not found.
0 Kudos

Go to solution
jamf-42
Valued Contributor II
In response to MisterDeeds99

Posted on ‎08-09-2024 09:55 AM

try

dseditgroup -o edit -a $loggedInUser -t user _lpadmin
0 Kudos

Go to solution
MisterDeeds99
New Contributor II
In response to jamf-42

Posted on ‎08-09-2024 10:35 AM

Still nothing. tried variations such as 

$loggedinUser

"loggedinUser"

'loggedinUser'

`loggedinUser'

 

Still getting Record was not found.

The only difference in error message I get is when I do echo $loggedinuser I get the following message: Group was not found

0 Kudos

Go to solution
jamf-42
Valued Contributor II
In response to MisterDeeds99

Posted on ‎08-09-2024 10:40 AM

sorry, typo in that.. just tested and it seems to work adding to _lpuser .. 

so.. the variable name needs to be the same.. you can encapsulate it with "$foo" if the user name has funky chars.. 

dseditgroup -o edit -a "$loggedinuser" -t user _lpadmin

 

0 Kudos

Go to solution
MisterDeeds99
New Contributor II
In response to jamf-42

Posted on ‎08-09-2024 10:55 AM

Looks like changing group to user is what did the trick. Thank you for your help 🙏

 

The working script compiled :

loggedinuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

dseditgroup -o edit -a "$loggedinuser" -t user lpadmin