Skip to main content
Question

Ext. Attribute - List Users/Groups with Remote Access capability

  • February 27, 2013
  • 3 replies
  • 0 views

Forum|alt.badge.img+4

Hey guys -
Has anyone built an extension attribute or a shell script to identify users w/ Remote Access capability? I've started on the script below:

#!/bin/bash

#returns com.apple.access_ssh or com.apple.access_ssh-disabled
SSH_users=$(dscl . list /groups | grep -i "com.apple.access_ssh")

#if SSH_users equals com.apple.access_ssh-disabled then all users have access
if [ "$SSH_users" = "com.apple.access_ssh-disabled" ]; then
  echo "All users have SSH access"
else
   #Identify all users in the 
fi;

3 replies

Forum|alt.badge.img+4
  • Author
  • Contributor
  • 21 replies
  • February 28, 2013

No thoughts?


mm2270
Forum|alt.badge.img+16
  • Legendary Contributor
  • 7880 replies
  • February 28, 2013

I don't know that there's a way to list a groups membership. Perhaps, but I'm not sure. You may need to get a list of all user accounts on the system and loop through each with a dseditgroup -checkmember type command or with dsmemberutil. If it finds any it would then need to add the account name into an array which would be the result that got echoed back when it finishes the loop.

Edit: here's a simple script example to show you what I mean, in case you needed that. In this example, I'm pulling a list of local accounts, minus the System level ones that start with underscore, since I don't think you really care about those, and echoing back each one that is a member of the group "staff" You can of course use it to look at any group available on the system.

#!/bin/sh

userList=$(dscl . list /Users | grep -v "^_")
Group="staff"

echo "$userList" | while read user; do
    if [[ $(dsmemberutil checkmembership -U "$user" -G "$Group") =~ "is a member" ]]; then
        echo "User $user is a member of staff"
    fi
done

Forum|alt.badge.img+7
  • Contributor
  • 93 replies
  • March 26, 2013

This one works great for me:

Extension Attribute:
Display Name: SSH Enabled Users
Description: All SSH-enabled Users
Data Type: string
Input Type: Populated by Script
OS X Script:

groupmember=`dscl . -read /groups/com.apple.access_ssh | grep GroupMembership | cut -d: -f2-`
echo "<result>$groupmember</result>"

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings