Posted on - last edited on by
JoeyD
I am in the process of writing a new "make me an admin" script. I know there are others that are available but I wanted to do this myself. Yesterday, I got a version of the script working. It promotes the user to admin, then launches Jamf Helper with a countdown. When the countdown is finished, it reverts the user back to a standard account. That part works perfectly. The next step is to add a function to check if the user is already an admin user. That's where I'm having trouble. If I run this part of the script through CodeRunner, it displays the Jamf Helper with a "Done" button. Obviously, the variables defined are working. My Jamf Helper syntax is correct. The if statement that contains the Jamf Helper configuration works. What will be added later is an "else" to elevate the standard user to admin, then launch Jamf Helper with a countdown. When I have these two steps working, I will go back and add in the ability to demote any additional admin accounts that the user may have added while elevated to an admin user. Jamf Pro keeps reporting an issue on line 20, which is the line where the script checks if the user is an admin user:
if [ "$isAdmin" == "yes" ]; then
It shows "not found". My assumption was that the variable "isAdmin" was not correctly defined. If that was so, then why does CodeRunner run this line without an issue? I am testing in CodeRunner while logged in as an admin user, so what happens is that I see the Jamf Helper window appear telling me that I am already and admin. Only when I test this script in Jamf Pro using a Self Service policy that runs the script do I see this error. I'm including a screenshot. I am only running this portion of the script. The user account on the test Mac is a standard user account. Therefore, the Jamf Helper window should not appear. I added an else to echo that the user is a standard user so I would see that in the Jamf policy log if the script worked. What am I doing wrong that CodeRunner isn't picking up? CodeRunner always finds my syntax errors. Here's the portion of my script that I am testing with.
#!/bin/zsh
# Timer setting
tempSeconds=60
# Who is the current logged in user?
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
# List current admin users
adminMembers=($(dscacheutil -q group -a name admin | grep -e '^users:' | sed -e 's/users: //' -e 's/ $//'))
#Jamf Helper path
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
# Check if the user is already an admin.
isAdmin=$(dseditgroup -o checkmember -m $currentUser admin | awk '{print $1}')
echo $isAdmin
# If the user is already admin, display a message.
if [ "$isAdmin" == "yes" ]; then
echo "$currentUser is already an Admin"
"$jamfHelper" -windowType utility \
-windowPosition ur \
-title "Your company name here" \
-heading "You are already an admin user" \
-alignHeading middle \
-description "You are already an admin user. If you are experiencing trouble please contact support." \
-alignDescription natural \
-icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/UnlockedIcon.icns" \
-iconSize 36 \
-button1 "Done" \
-defaultButton 1
else
echo "User is a standard user."
fi
1 ACCEPTED SOLUTION
THANK YOU!!!!
This was driving me nucking futs! I need to look up all of the other things that I may need to change if I use zsh in scripts. I tested the script just now with the change you suggested and Jamf Pro reports exactly as it should have. I use "echo" statements a lot to help track if all of the steps of a script are completing. I will continue on with my progress getting this script written and share it once I have it working fully.
