Skip to main content
Solved

Getting a "not found" error in my script

howie_isaacks
Forum|alt.badge.img+23

I am in the process of writing a new "make me an admin" script. I know there are others that are available but I wanted to do this myself. Yesterday, I got a version of the script working. It promotes the user to admin, then launches Jamf Helper with a countdown. When the countdown is finished, it reverts the user back to a standard account. That part works perfectly. The next step is to add a function to check if the user is already an admin user. That's where I'm having trouble. If I run this part of the script through CodeRunner, it displays the Jamf Helper with a "Done" button. Obviously, the variables defined are working. My Jamf Helper syntax is correct. The if statement that contains the Jamf Helper configuration works. What will be added later is an "else" to elevate the standard user to admin, then launch Jamf Helper with a countdown. When I have these two steps working, I will go back and add in the ability to demote any additional admin accounts that the user may have added while elevated to an admin user. Jamf Pro keeps reporting an issue on line 20, which is the line where the script checks if the user is an admin user:

if [ "$isAdmin" == "yes" ]; then

It shows "not found". My assumption was that the variable "isAdmin" was not correctly defined. If that was so, then why does CodeRunner run this line without an issue? I am testing in CodeRunner while logged in as an admin user, so what happens is that I see the Jamf Helper window appear telling me that I am already and admin. Only when I test this script in Jamf Pro using a Self Service policy that runs the script do I see this error. I'm including a screenshot. I am only running this portion of the script. The user account on the test Mac is a standard user account. Therefore, the Jamf Helper window should not appear. I added an else to echo that the user is a standard user so I would see that in the Jamf policy log if the script worked. What am I doing wrong that CodeRunner isn't picking up? CodeRunner always finds my syntax errors. Here's the portion of my script that I am testing with.

 

 

#!/bin/zsh # Timer setting tempSeconds=60 # Who is the current logged in user? currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}') # List current admin users adminMembers=($(dscacheutil -q group -a name admin | grep -e '^users:' | sed -e 's/users: //' -e 's/ $//')) #Jamf Helper path jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" # Check if the user is already an admin. isAdmin=$(dseditgroup -o checkmember -m $currentUser admin | awk '{print $1}') echo $isAdmin # If the user is already admin, display a message. if [ "$isAdmin" == "yes" ]; then echo "$currentUser is already an Admin" "$jamfHelper" -windowType utility \\ -windowPosition ur \\ -title "Your company name here" \\ -heading "You are already an admin user" \\ -alignHeading middle \\ -description "You are already an admin user. If you are experiencing trouble please contact support." \\ -alignDescription natural \\ -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/UnlockedIcon.icns" \\ -iconSize 36 \\ -button1 "Done" \\ -defaultButton 1 else echo "User is a standard user." fi

 

Best answer by mm2270

It's a zsh script, so it should be

if [ "$isAdmin" = "yes" ]; then

Only a single = mark, not a double. Bash uses double, but zsh does not when talking about tests like that. It's one of the things I needed to adjust myself when I began to switch over to Z Shell scripts.

View original
    Did this topic help you find an answer to your question?

    3 replies

    mm2270
    Forum|alt.badge.img+16
    • mm2270
    • Legendary Contributor
    • 7880 replies
    • Answer
    • July 26, 2023

    It's a zsh script, so it should be

    if [ "$isAdmin" = "yes" ]; then

    Only a single = mark, not a double. Bash uses double, but zsh does not when talking about tests like that. It's one of the things I needed to adjust myself when I began to switch over to Z Shell scripts.

    howie_isaacks
    Forum|alt.badge.img+23
    • howie_isaacks
    • Author
    • Esteemed Contributor
    • 773 replies
    • July 26, 2023
    mm2270 wrote:

    It's a zsh script, so it should be

    if [ "$isAdmin" = "yes" ]; then

    Only a single = mark, not a double. Bash uses double, but zsh does not when talking about tests like that. It's one of the things I needed to adjust myself when I began to switch over to Z Shell scripts.


    THANK YOU!!!! 

    This was driving me nucking futs! I need to look up all of the other things that I may need to change if I use zsh in scripts. I tested the script just now with the change you suggested and Jamf Pro reports exactly as it should have. I use "echo" statements a lot to help track if all of the steps of a script are completing. I will continue on with my progress getting this script written and share it once I have it working fully.

    howie_isaacks
    Forum|alt.badge.img+23
    • howie_isaacks
    • Author
    • Esteemed Contributor
    • 773 replies
    • July 26, 2023

    Here's the full script. This works perfectly now. I like to add recon to the end of some of my scripts and I chose to do that in this one. Later, I will add a check for new admin accounts that the user may have created while they were an admin so that these new admin accounts can be demoted to standard or deleted. I have tested this over and over again and it works every time. Use parameter 4 to define the time in seconds that the user will have as an admin.

    #!/bin/zsh # Timer setting tempSeconds="$4" # Who is the current logged in user? currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}') # Jamf Helper path jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" # Check if the user is already an admin. isAdmin=$(dseditgroup -o checkmember -m "$currentUser" admin | awk '{print $1}') echo "Is "$currentUser" an admin? "$isAdmin"." # If the user is already admin, display a message. if [ "$isAdmin" = "yes" ]; then echo "$currentUser is already an Admin" "$jamfHelper" -windowType utility \\ -windowPosition ur \\ -title "YOUR TITLE HERE" \\ -heading "You are already an admin user" \\ -alignHeading middle \\ -description "You are already an admin user. If you are experiencing trouble please contact support." \\ -alignDescription natural \\ -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/UnlockedIcon.icns" \\ -iconSize 36 \\ -button1 "OK" \\ -defaultButton 1 else # Elevating user to admin. echo ""$currentUser" is not an admin user" echo "Elevating "$currentUser" to admin" /usr/sbin/dseditgroup -o edit -a "$currentUser" -t user admin # Display a window showing how much time is left as an admin using Jamf Helper. echo "Displaying Jamf Helper window with timer." "$jamfHelper" -windowType utility \\ -windowPosition ur \\ -title "YOUR TITLE HERE" \\ -heading "Temporary Admin Rights Granted" \\ -alignHeading middle \\ -description "Please perform your required tasks. Admin rights will be removed when the timer below ends." \\ -alignDescription natural \\ -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/UnlockedIcon.icns" \\ -iconSize 36 \\ -button1 "Done" \\ -defaultButton 1 \\ -timeout "$tempSeconds" \\ -countdown \\ -countdownPrompt "Admin rights will be removed in " \\ -alignCountdown center # Removing admin rights. echo "Timer has ran out. Removing admin rights and running recon" /usr/sbin/dseditgroup -o edit -d "$currentUser" -t user admin /usr/local/jamf/bin/jamf recon fi exit 0

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings