Jamf Nation Community

Xenophontos · ‎04-07-2013

Working on a script which detects the current logged in userID, tests for UniqueID > 1000.
Problem: my user accounts include white space in their "user name" causing the script to fail.
Could anyone take a look and advise where I am going wrong here please!!

Thank You!

#!/bin/bash
loggedInUser=/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'
accountType=dscl . -read /Users/$loggedInUser 2> /dev/null | grep UniqueID | cut -c 11-

if [[ "$accountType" -gt "1000" ]]; then

echo "demoting mobile account: $loggedInUser"
echo "UniqueID:$accountType"

/usr/sbin/dseditgroup -o edit -d "$loggedInUser" -t user admin

else

echo "Must be local admin account: $loggedInUser"

fi
exit 0

Xenophontos · ‎04-08-2013

I appreciate the quick response from you guys,
correct Mike, users create a mobile account at first login and authentication is done in AD. Good news though, enclosing "$loggedInUser" in quotes made all the difference. Here is what works for me;

#!/bin/bash
loggedInUser=stat -f%Su /dev/console
accountType=dscl . -read /Users/"$loggedInUser" 2> /dev/null | grep UniqueID | cut -c 11-

if [[ "$accountType" -gt "1000" ]]; then

echo "demoting mobile account: $loggedInUser"
echo "UniqueID:$accountType"

/usr/sbin/dseditgroup -o edit -d "$loggedInUser" -t user admin

else

echo "Must be local admin account: $loggedInUser"

fi
exit 0

View solution in original post

franton · ‎04-07-2013

The issue is caused by the IFS (internal field separator) which treats white space as a newline by default. The trick is to temporarily reprogram it.

Append this code to the start of your script:

OLDIFS=$IFS
IFS=$'
'

Then put this at the very end to restore things back to default.

IFS=$OLDIFS

talkingmoose · ‎04-07-2013

Working on a script which detects the current logged in userID

Question: Are you running this script as root or as the user? If you're calling this script as a launchd Launch Agent then it will run as the user himself. You could get your information using the id command line tool.

loggedInUser=$( id -un )
accountType=$( id -u )

That would simplify your script some.

mm2270 · ‎04-07-2013

I'm curious to know how your user accounts include white space in them? OS X account short names are not supposed to be able to have special characters, white space, uppercase characters, etc. At least when using the GUI to create an account, trying to add anything like that, the OS automatically removes it. I'm assuming this is being pulled from your LDAP that way and that's how its getting around this.

Regardless of whether or not this should be happening, you can always just enclose your $loggedInUser variable in quotes. That will handle any spaces in the user name.
Two other things to (possibly) improve your script.
1- There's no need for a grep command to pull the UniqueID. Just call it directly since you're using decl.
2- Just a suggestion, you can use awk to simply pull the second field after dscl displays the unique ID, rather than cut. But your cut command works as well, so use whatever you feel comfortable with. I don't think for a simple script it matters much which one you use.

accountType=`dscl . read /Users/"$loggedInUser" UniqueID | awk '{print $2}' 2> /dev/null

Xenophontos · ‎04-08-2013

I appreciate the quick response from you guys,
correct Mike, users create a mobile account at first login and authentication is done in AD. Good news though, enclosing "$loggedInUser" in quotes made all the difference. Here is what works for me;

#!/bin/bash
loggedInUser=stat -f%Su /dev/console
accountType=dscl . -read /Users/"$loggedInUser" 2> /dev/null | grep UniqueID | cut -c 11-

if [[ "$accountType" -gt "1000" ]]; then

echo "demoting mobile account: $loggedInUser"
echo "UniqueID:$accountType"

/usr/sbin/dseditgroup -o edit -d "$loggedInUser" -t user admin

else

echo "Must be local admin account: $loggedInUser"

fi
exit 0

Jamf Nation Community

Demote mobile managed user from Admin to standard user