How to apply a bash script just to one user account

bash

Generally speaking I manage my MAC OS X High Sierra and Mojave systems using very basic script(s) that I remotely send and apply to the entire Mac OS X system, that means all these script(s) are applied to all the users of the system. But now I have an harder challange. Each of my MAC OS X system has 3 user accounts. :(Admin Account) User1 (Admin Account) User2 and (Local Standard Account) User3.

Generally speaking if I want to send a script that only apply to the (Local Standard Account) User3 how can I do it? I was thinking with the The principle of least privilege. I know for sure that (Local Standard Account) User3 is not an admin. So, how can I tell at the beginning of the script to look and execute the script only to the (Local Standard Account) User3?

Of course (Local Standard Account) User3 (username) always change. I have more than 400 Mac OS X systems that I manage. Instead (Admin Account) User1 (Admin Account) User2 are always the same username.

All my MAC OS X systems have an agent installed. This is how I am able to execute scripts on my systems. Every time the script run thanks to the agent, it runs as ROOT.

Let's do an example scenario.

I want to create a simple text file and place this text file on the desktop of 3 Mac OS X system but just inside the (Local Standard Account) User3 Desktop

Hostname: tsmith-mac
Username: administrator
Username: administrator_backup
Username: tsmith

Hostname: jreed-mac
Username: administrator
Username: administrator_backup
Username: jreed

Hostname: fmontana-mac
Username: administrator
Username: administrator_backup
Username: fmontana

Best Answer

My understanding is that you send a script to your remote systems. You then run the script. I'm not sure what user id the script will be run under. I don't know what you want to do for that user.

You could put the following header code in a script. It figures out if the user is an admin user or a non admin user.

There are many ways to check for admin. Note: Some of the methods shown don't work. See:

https://superuser.com/questions/279891/list-all-members-of-a-group-mac-os-x

This bash script lists all members of the group admin.

group=admin;
for i in $(dscl . list /users);
  do [[ $(id -nG $i | grep $group) ]] && echo $i;
done;rc=0

Distilling it down.

#!/bin/bash
# ideas from:
# https://www.symantec.com/connect/articles/mac-commands-directory-editor-dscl-and-custom-inventory
# https://superuser.com/questions/279891/list-all-members-of-a-group-mac-os-x
#
# Please note this is prototype.
#
#       THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR  
#       IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,  
#       FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE  
#       AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER  
#       LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,  
#       OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE  
#       SOFTWARE.

group=admin;
for i in $(dscl . list /users);
  do
    echo "process user ${i}"
    uniqueID=$(dscl  /Local/Default -read /Users/${i} UniqueID | awk '{ print $2 }')

    # exclude system-created users, which have IDs below 500
    if [ "${uniqueID:-0}" -ge 500 ]; then
      if  [[ $(id -nG $i | grep $group) ]]; then 
        #echo "${i} is a member of ${group}"
        #-- plan english
        echo "${i} is an admin user."
      else
        echo
        #echo "${i} isn't a member of ${group}"
        #-- plan english
        echo "${i} is a regular user..."
        # print the user's home folder
        homeDirectory=$(dscl  /Local/Default -read /Users/${i} NFSHomeDirectory | awk '{ print $2 }')
        echo "Home directory is ${homeDirectory}"
        echo
     fi
    fi
done
# leave a good impression on the caller
rc=0

finding if current user is an admin

  echo "Current user is " ${USER}
    if [[ $(id -nG ${USER} | grep "admin" ) ]]; then
      echo "admin user"
    else
      echo "regular user"
    fi

Related Solutions

Find logged on user and network home directory with a bash script

This script:

#!/bin/bash
w -h | sort -u -t' ' -k1,1 | while read user etc
do
  homedir=$(dscl . -read /Users/$user NFSHomeDirectory | cut -d' ' -f2)
  echo =$user= =$homedir=
done

will do the following:

find all users logged in (via ssh too!) w -h or can use the who command too
sort and find unique users sort -u -t' ' -k1,1
for each logged user
- read username
- find his home directory from the DirectoryService daemon via the command dscl
- print out username and his home directory

MacOS – AppleScript vs. Bash script

Both shell- and AppleScripts can be used just about anywhere either is appropriate.

AppleScripts work better when talking to apps and user-level system facilities. (For instance, you can say tell app "iTunes" to play and it will, or tell app "Finder" to open the first file of the second window.)

Shell scripts (you referred to bash) work better when talking to low-level system objects and Unixy stuff.

They're both interoperable: you can call a shell command from AppleScript with do shell script "command here" and you can call AppleScript code from the shell with osascript -e "AppleScript". Further, there's quite a bit of overlap between the two (especially when it comes to file system operations).

There are certainly more resources for learning shell scripting online than AppleScript and it doesn't help that AppleScript has a reputation for being a "read-only" language (i.e., harder to write than read).

In any case, the most modern way to do scripting is with Automator, where you can use either shell- or AppleScripting (or both) along with pre-built modules from various apps you have installed.

Best Answer

Related Solutions

Find logged on user and network home directory with a bash script

MacOS – AppleScript vs. Bash script

Related Question