Jamf Nation Community

Do they all live in /Users? Or could they be anywhere?

--missing content--

It's easy enough with

dscl . -delete /Groups/admin GroupMembership <<username>>

However, I'd like to build in some error checking because deploy techs will be doing this. Basically, I'd like to take the output of:

dscl . -read /Groups/admin GroupMembership | sed -e 's/
GroupMembership://'

and check to see that the username given (passed in at $1) is present in that list. I've tried a case statement, but the problem with that is that it's not matching exact strings. So for instance, if ja12345 was in the admin group, but the command had ja1234 passed in at $1, it would come back ok. That should fail. If it's successfully matched, go ahead and run the dscl . -delete command.

You should know: there's no standard username convention (though we're slowly moving towards one). Usernames may be short, may be long, may contain upper and lowers.

Any ideas?

thanks!
---
Jared F. Nichols
Desktop Engineer, Infrastructure & Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

True, but that could potentially be more than 1 account.

I've got a bit of a work around until I can put in some proper error checking:

#! /bin/sh

admins=""
admins=dscl . -read /Groups/admin GroupMembership | sed -e 's/GroupMembership://'

echo
echo ""
echo "* BE VERY CAREFUL WITH THIS UTILITY *"
echo ""
echo
echo "To quit without making changes, press Ctrl-C"
echo
echo "Current admins: $admins"
echo
echo "Please enter an admin to remove (CASE SENSITIVE!): "
read username

echo "Removing $username"
dscl . -delete /Groups/admin GroupMembership $username
admins=""
admins=dscl . -read /Groups/admin GroupMembership | sed -e 's/GroupMembership://'
echo "Current admins: $admins"
echo "Goodbye!"

exit

j

---
Jared F. Nichols
Desktop Engineer, Infrastructure & Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

--missing content--

It's easy enough with

dscl . -delete /Groups/admin GroupMembership <<username>>

However, I'd like to build in some error checking because deploy techs
will be doing this. Basically, I'd like to take the output of:

dscl . -read /Groups/admin GroupMembership | sed -e 's/
GroupMembership://'

and check to see that the username given (passed in at $1) is present
in that list. I've tried a case statement, but the problem with that
is that it's not matching exact strings. So for instance, if ja12345
was in the admin group, but the command had ja1234 passed in at $1, it
would come back ok. That should fail. If it's successfully matched,
go ahead and run the dscl . -delete command.

You should know: there's no standard username convention (though
we're slowly moving towards one). Usernames may be short, may be
long, may contain upper and lowers.

Any ideas?

thanks!
---
Jared F. Nichols
Desktop Engineer, Infrastructure & Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Here is my script, obviously the echos are for testing you would need to
replace them with the proper dscl commands but this is a proof of
concept that can help you in this

#!/bin/bash

for a in `ls /Users | sed -E` ; do

admincheck=dscl . read /Groups/admin | grep $a -c

if [ $admincheck = 1 ]

then echo "$a is in admin group"

else echo "$a is NOT in admin group"

fi

done exit 0

If you run this script as is, it will echo out who is in the admin group
and who is not in the admin group. Simply change one of the echo
statements to remove group membership of the loop, like this

then dscl . -delete /Groups/admin GroupMembership $a

that would delete that user from the admin group, however please test
this first with the echo statements