Skip to main content
Solved

script to determine if the current user is a standard user


TheCrusher4Real
Forum|alt.badge.img+4

We have an application, Coginiti Pro, that requires a user to have elevated rights before installing on the Mac, or else the install doesn't work correctly.

We use Jamf Pro, and currently I've added some text to the Self-Service installation page telling users they need to elevate their rights before running the install. We use the Privileges app for temporary rights elevation.

I was wondering if I could script this. The current Coginiti Pro install we use is a script rather than a PKG. I'd like to add some code to the script that says "check if the current user is running as a standard user". If so, I'd display a message reminding the user to elevate their rights before proceeding.

Is something like that possible?

 

Best answer by daniel_behan

Sorry, I misread the original post.  You'd want something like this:

#!/bin/sh user=$(/usr/bin/who | /usr/bin/awk '/console/{ print $1 }') adminneeded=$(/usr/bin/dsmemberutil checkmembership -U "$user" -G admin) #Temporarily Grant Admin Rights to Standard User for App Install if [[ "$adminneeded" == *not* ]]; then /usr/sbin/dseditgroup -o edit -a $user -t user admin <<Do Work here>> /usr/sbin/dseditgroup -o edit -d $user -t user admin else <<Do Work here>> fi exit 0
View original
Did this topic help you find an answer to your question?

7 replies

Forum|alt.badge.img+11
  • Valued Contributor
  • 196 replies
  • January 22, 2024

Here's the Extension Attribute I use:

 

#!/bin/bash # Script to detect if a computer has a local admin account on it with an UID of above 500 # Initialize array list=() # generate user list of users with UID greater than 500 for username in $(dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'); do # Checks to see which usernames are reported as being admins. The # check is running dsmemberutil's check membership and listing the # accounts that are being reported as admin users. Actual check is # for accounts that are NOT not an admin (i.e. not standard users.) if [[ $(dsmemberutil checkmembership -U "${username}" -G admin) != *not* ]]; then # Any reported accounts are added to the array list list+=("${username}") fi done # Prints the array's list contents echo "<result>${list[@]}</result>"

jamf-42
Forum|alt.badge.img+17
  • Esteemed Contributor
  • 744 replies
  • January 22, 2024

as Self Service runs as root, why can't it be installed via Self Service? 


Forum|alt.badge.img+20
  • Valued Contributor
  • 732 replies
  • January 22, 2024
jamf-42 wrote:

as Self Service runs as root, why can't it be installed via Self Service? 


Remove the <results> and just have it echo the variable. The <results> field is for extension attributes only.


Forum|alt.badge.img+11
  • Valued Contributor
  • 196 replies
  • Answer
  • January 22, 2024

Sorry, I misread the original post.  You'd want something like this:

#!/bin/sh user=$(/usr/bin/who | /usr/bin/awk '/console/{ print $1 }') adminneeded=$(/usr/bin/dsmemberutil checkmembership -U "$user" -G admin) #Temporarily Grant Admin Rights to Standard User for App Install if [[ "$adminneeded" == *not* ]]; then /usr/sbin/dseditgroup -o edit -a $user -t user admin <<Do Work here>> /usr/sbin/dseditgroup -o edit -d $user -t user admin else <<Do Work here>> fi exit 0

TheCrusher4Real
Forum|alt.badge.img+4
jamf-42 wrote:

as Self Service runs as root, why can't it be installed via Self Service? 


The Coginiti Pro install runs as a script rather than a package. Our original Jamf packager stated this was done because of ongoing rights issues with the installer. 

If a standard user runs the install from Self Service, they end up with a question mark icon for the application in their dock, and the dmg file doesn't get mounted and the application doesn't get installed into /Applications folder.

Everything works correctly if user has elevated their rights prior to the install.

 


jamf-42
Forum|alt.badge.img+17
  • Esteemed Contributor
  • 744 replies
  • January 22, 2024
TheCrusher4Real wrote:

The Coginiti Pro install runs as a script rather than a package. Our original Jamf packager stated this was done because of ongoing rights issues with the installer. 

If a standard user runs the install from Self Service, they end up with a question mark icon for the application in their dock, and the dmg file doesn't get mounted and the application doesn't get installed into /Applications folder.

Everything works correctly if user has elevated their rights prior to the install.

 


looks like its just a DMG from the vendor.. what happens if you use composer? just start composer.. modified.. start... then bin all the content, make an Applications folder, drag the app from the DMG to the Applications folder and make pkg from that? or use simple package creator? 

 


TheCrusher4Real
Forum|alt.badge.img+4
daniel_behan wrote:

Sorry, I misread the original post.  You'd want something like this:

#!/bin/sh user=$(/usr/bin/who | /usr/bin/awk '/console/{ print $1 }') adminneeded=$(/usr/bin/dsmemberutil checkmembership -U "$user" -G admin) #Temporarily Grant Admin Rights to Standard User for App Install if [[ "$adminneeded" == *not* ]]; then /usr/sbin/dseditgroup -o edit -a $user -t user admin <<Do Work here>> /usr/sbin/dseditgroup -o edit -d $user -t user admin else <<Do Work here>> fi exit 0

Thanks for your explanation, Daniel. Wound up using code like this, based on your initial info:

#!/bin/sh # Get user user=$(/usr/bin/who | /usr/bin/awk '/console/{ print $1 }') # check membership adminneeded=$(/usr/bin/dsmemberutil checkmembership -U "$user" -G admin) # If user not elevated, display notification. # If user is elevated, perform the installation. if [[ "$adminneeded" == *not* ]]; then # User NOT elevated; show them the message # user is a standard user and needs to be notified to elevate before running the install. jh='/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper' jh_args=(\\ -windowType hud \\ -title "TITLE" \\ -heading "Elevated user rights required" \\ -icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/com.apple.pro-display-xdr.icns \\ -alignHeading left \\ -button1 "OK" \\ -defaultButton 1 \\ -description \\ ) message="Coginiti Pro requires elevated rights to install." # display message to user and exit the script "$jh" "${jh_args[@]}" "$message"; exit 1; else # run the install fi exit 0

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings