Skip to main content
Solved

Adding specific user (not everyone) to lpadmin Group


Forum|alt.badge.img+3

Hello everyone, My company and I are looking to allow our users access to the print options on the mac with out full admin credentials. These users have local accounts on their computer, not domain based.

I know the following script that most people have used on the forms is below, however, it uses the term everyone

/usr/sbin/dseditgroup -o edit -a everyone -t group lpadmin

I know that if I replace everyone with the specific user, e.g. Charlie, then Charlie would get access to the Printer group but not Anthony, even though they share the same computer. However, this would require me to replace the name every time I give the script to another user or run it in Jamf.

 

Is there a way to specify that you only want the current logged in user to be added to this group? I have tried the following in replace of everyone but I end up with the error Record was not found:

  • whoami
  • `whoami`
  • $USER
  • $LoggedInUser

 

Thanks in Advance

Best answer by jamf-42

MisterDeeds99 wrote:

Still nothing. tried variations such as 

$loggedinUser

"loggedinUser"

'loggedinUser'

`loggedinUser'

 

Still getting Record was not found.

The only difference in error message I get is when I do echo $loggedinuser I get the following message: Group was not found


sorry, typo in that.. just tested and it seems to work adding to _lpuser .. 

so.. the variable name needs to be the same.. you can encapsulate it with "$foo" if the user name has funky chars.. 

dseditgroup -o edit -a "$loggedinuser" -t user _lpadmin

 

View original
Did this topic help you find an answer to your question?

6 replies

jamf-42
Forum|alt.badge.img+17
  • Esteemed Contributor
  • 744 replies
  • August 9, 2024

many ways to skin this cat.. here is one:

loggedinuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • 3 replies
  • August 9, 2024
jamf-42 wrote:

many ways to skin this cat.. here is one:

loggedinuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )


Am I doing something wrong with how I am entering it in because it still does not want to work for me. I was able to confirm that the loggedinuser code works, however when I try to enter it into the code it doesn't.

sh-3.2# loggedinuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' ) sh-3.2# echo $loggedinuser Charlie sh-3.2# /usr/sbin/dseditgroup -o edit -a $loggedinuser -t group lpadmin Record was not found. sh-3.2# /usr/sbin/dseditgroup -o edit -a loggedinuser -t group lpadmin Record was not found.

jamf-42
Forum|alt.badge.img+17
  • Esteemed Contributor
  • 744 replies
  • August 9, 2024
MisterDeeds99 wrote:

Am I doing something wrong with how I am entering it in because it still does not want to work for me. I was able to confirm that the loggedinuser code works, however when I try to enter it into the code it doesn't.

sh-3.2# loggedinuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' ) sh-3.2# echo $loggedinuser Charlie sh-3.2# /usr/sbin/dseditgroup -o edit -a $loggedinuser -t group lpadmin Record was not found. sh-3.2# /usr/sbin/dseditgroup -o edit -a loggedinuser -t group lpadmin Record was not found.

try

dseditgroup -o edit -a $loggedInUser -t user _lpadmin

Forum|alt.badge.img+3
  • Author
  • New Contributor
  • 3 replies
  • August 9, 2024
jamf-42 wrote:

try

dseditgroup -o edit -a $loggedInUser -t user _lpadmin

Still nothing. tried variations such as 

$loggedinUser

"loggedinUser"

'loggedinUser'

`loggedinUser'

 

Still getting Record was not found.

The only difference in error message I get is when I do echo $loggedinuser I get the following message: Group was not found


jamf-42
Forum|alt.badge.img+17
  • Esteemed Contributor
  • 744 replies
  • Answer
  • August 9, 2024
MisterDeeds99 wrote:

Still nothing. tried variations such as 

$loggedinUser

"loggedinUser"

'loggedinUser'

`loggedinUser'

 

Still getting Record was not found.

The only difference in error message I get is when I do echo $loggedinuser I get the following message: Group was not found


sorry, typo in that.. just tested and it seems to work adding to _lpuser .. 

so.. the variable name needs to be the same.. you can encapsulate it with "$foo" if the user name has funky chars.. 

dseditgroup -o edit -a "$loggedinuser" -t user _lpadmin

 


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • 3 replies
  • August 9, 2024
jamf-42 wrote:

sorry, typo in that.. just tested and it seems to work adding to _lpuser .. 

so.. the variable name needs to be the same.. you can encapsulate it with "$foo" if the user name has funky chars.. 

dseditgroup -o edit -a "$loggedinuser" -t user _lpadmin

 


Looks like changing group to user is what did the trick. Thank you for your help 🙏

 

The working script compiled :

loggedinuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' ) dseditgroup -o edit -a "$loggedinuser" -t user lpadmin

 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings