Jamf Nation Community

Can you just use sed -i 's/<tab>//g' (replacing <tab> with an actual tab?

That being said, visudo would be best as I believe it does error checking to avoid catastrophes!

@davidacland I've tried putting an actual tab in there and it didn't work. As far as visudo I'm not aware of a method to script it.

@jhuls have a look at @rtrouton's response in this thread. It seems like some folks are editing the file then backing up the original and dropping in the edited version. Maybe that method would work for you.

@mpermann Thanks...I've considered that but then from what I can see I lose any customizing per machine. We're looking to automate that the change above happens which would be the account needed for Casper to operate and then on various machines we might need to customize particular users who have access to root.

While typing this though it occurred to me that maybe I could create a standard sudoers file without the tabs and then run a script after it that customizes it as needed. That seems like an option but was really hoping to learn of a method to address the tab purely via scripting.

I'm sure there's a far better way around doing this but this is what I had to do testing it just now. Using control+v and then a tab insert output to a file.

In Terminal with a random tabbed file in a tmp folder.

sed 's/^V<tab>//g'

So doing something like this to output it:

echo "cat /private/tmp/test.txt | sed 's/ //g'" > test.sh

This is what was output to the shell file, worked fine removing tabs in the text file when ran as a script.

cat /private/tmp/test.txt | sed 's/ //g'

Copy pasting it from within Atom seemed to work fine. Pasting into Terminal did not. Didn't test any other areas or too much more out of it. I'm sure someone has a better way of using a tab from a script, \t did not seem to work, and I didn't notice any other ways of inserting a special character.

Use a regex to replace any character between "%admin" and "ALL" with a space, anchoring with "%" and "=".

#!/bin/sh
cat /private/tmp/test.txt | sed 's/%admin.*ALL=/%admin ALL=/g'

@jholland Thanks! Early testing of this looks good. I was hoping there was a way to do that.

I've got a lot to learn with scripting again but at least it's fun working my way through it. I've done more scripting on Windows and Amiga than Mac and Linux and that was 5 years ago on Windows(command line) and almost 25 on Amiga(arexx and I remember nothing of it now other than how to spell it). Now if there just weren't deadlines attached to these projects. lol

You don't need to worry about the tab, you are only trying to replace the text:

# echome="%admin	ALL=(ALL) ALL"; echo $echome | sed 's/%admin/specificAccountName/g'
specificAccountName ALL=(ALL) ALL

The tab is preserved

To answer the question though,

# echome="Hello there" ; echo $echome | sed 's/ /'$'	''/g'
Hello   there

and yes, in theory visudo should be used to edit this file, since if you get it wrong you've kind of got an issue.

Have to ask though, why not just remove people from being admins, rather than making them admins and then try and prevent them from being admins?

@sean Thanks...I'll be sure to look through what you have there but jholland's is working perfectly thus far.

To answer your question about removing admin from our users. I would love to but there are politics involved. Our new CIO requested that I pursue this for now so I'm following orders. This came about after I noticed how easy it is for an admin level user to access mounted drives of another user if they get root access. This isn't a perfect solution by any means but it's a roadblock of sorts for now. Due to the loose nature on security here(which is now being worked on) our CIO was concerned about this so this was the direction he wanted to go until we can accomplish removing admin from most if not all users.