Generally speaking I manage my MAC OS X High Sierra and Mojave systems using very basic script(s) that I remotely send and apply to the entire Mac OS X system, that means all these script(s) are applied to all the users of the system. But now I have an harder challange. Each of my MAC OS X system has 3 user accounts. :(Admin Account) User1 (Admin Account) User2 and (Local Standard Account) User3.
Generally speaking if I want to send a script that only apply to the (Local Standard Account) User3 how can I do it? I was thinking with the The principle of least privilege. I know for sure that (Local Standard Account) User3 is not an admin. So, how can I tell at the beginning of the script to look and execute the script only to the (Local Standard Account) User3?
Of course (Local Standard Account) User3 (username) always change. I have more than 400 Mac OS X systems that I manage. Instead (Admin Account) User1 (Admin Account) User2 are always the same username.
All my MAC OS X systems have an agent installed. This is how I am able to execute scripts on my systems. Every time the script run thanks to the agent, it runs as ROOT.
Let's do an example scenario.
I want to create a simple text file and place this text file on the desktop of 3 Mac OS X system but just inside the (Local Standard Account) User3 Desktop
Hostname: tsmith-mac
Username: administrator
Username: administrator_backup
Username: tsmith
Hostname: jreed-mac
Username: administrator
Username: administrator_backup
Username: jreed
Hostname: fmontana-mac
Username: administrator
Username: administrator_backup
Username: fmontana
Best Answer
My understanding is that you send a script to your remote systems. You then run the script. I'm not sure what user id the script will be run under. I don't know what you want to do for that user.
You could put the following header code in a script. It figures out if the user is an admin user or a non admin user.
There are many ways to check for admin. Note: Some of the methods shown don't work. See:
https://superuser.com/questions/279891/list-all-members-of-a-group-mac-os-x
This bash script lists all members of the group admin.
Distilling it down.
finding if current user is an admin