Hi-
Perhaps an über script geek can lend me a hand... throwing up the bat- signal...
From the command line, I'd like to remove an account's admin privs. It's easy enough with
dscl . -delete /Groups/admin GroupMembership <<username>>
However, I'd like to build in some error checking because deploy techs will be doing this. Basically, I'd like to take the output of:
dscl . -read /Groups/admin GroupMembership | sed -e 's/ GroupMembership://'
and check to see that the username given (passed in at $1) is present in that list. I've tried a case statement, but the problem with that is that it's not matching exact strings. So for instance, if ja12345 was in the admin group, but the command had ja1234 passed in at $1, it would come back ok. That should fail. If it's successfully matched, go ahead and run the dscl . -delete command.
You should know: there's no standard username convention (though we're slowly moving towards one). Usernames may be short, may be long, may contain upper and lowers.
Any ideas?
thanks!
---
Jared F. Nichols
Desktop Engineer, Infrastructure & Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436