diff --git a/MakeMeAnAdmin.sh b/MakeMeAnAdmin.sh index 5c2a54f..a925cac 100644 --- a/MakeMeAnAdmin.sh +++ b/MakeMeAnAdmin.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh ############################################### # This script will provide temporary admin # @@ -18,35 +18,39 @@ # find the logged in user and let them know # ############################################# +minutes_to_allow_admin=30 + currentUser=$(who | awk '/console/{print $1}') -echo $currentUser +echo ${currentUser} -osascript -e 'display dialog "You now have administrative rights for 30 minutes. DO NOT ABUSE THIS PRIVILEGE..." buttons {"Make me an admin, please"} default button 1' +try osascript -e 'display dialog "You now have administrative rights for 30 minutes. DO NOT ABUSE THIS PRIVILEGE..." buttons {"Make me an admin, please"} default button 1' ######################################################### # write a daemon that will let you remove the privilege # -# with another script and chmod/chown to make # -# sure it'll run, then load the daemon # +# with another script and chmod/chown to make # +# sure it'll run, then load the daemon # ######################################################### + #Create the plist -sudo defaults write /Library/LaunchDaemons/removeAdmin.plist Label -string "removeAdmin" +try sudo defaults write /Library/LaunchDaemons/removeAdmin.plist Label -string "removeAdmin" #Add program argument to have it run the update script -sudo defaults write /Library/LaunchDaemons/removeAdmin.plist ProgramArguments -array -string /bin/sh -string "/Library/Application Support/JAMF/removeAdminRights.sh" +try sudo defaults write /Library/LaunchDaemons/removeAdmin.plist ProgramArguments -array -string /bin/sh -string "/Library/Application Support/JAMF/removeAdminRights.sh" -#Set the run inverval to run every 7 days -sudo defaults write /Library/LaunchDaemons/removeAdmin.plist StartInterval -integer 1800 +# start the daemon after the specified time +admin_seconds=$(expr ${minutes_to_allow_admin} \* 60) +try sudo defaults write /Library/LaunchDaemons/removeAdmin.plist StartInterval -integer ${admin_seconds} #Set run at load -sudo defaults write /Library/LaunchDaemons/removeAdmin.plist RunAtLoad -boolean yes +try sudo defaults write /Library/LaunchDaemons/removeAdmin.plist RunAtLoad -boolean yes #Set ownership -sudo chown root:wheel /Library/LaunchDaemons/removeAdmin.plist -sudo chmod 644 /Library/LaunchDaemons/removeAdmin.plist +try sudo chown root:wheel /Library/LaunchDaemons/removeAdmin.plist +try sudo chmod 644 /Library/LaunchDaemons/removeAdmin.plist #Load the daemon -launchctl load /Library/LaunchDaemons/removeAdmin.plist +try launchctl load /Library/LaunchDaemons/removeAdmin.plist sleep 10 ######################### @@ -54,17 +58,16 @@ sleep 10 ######################### if [ ! -d /private/var/userToRemove ]; then - mkdir /private/var/userToRemove - echo $currentUser >> /private/var/userToRemove/user - else - echo $currentUser >> /private/var/userToRemove/user + rm -f /private/var/userToRemove + mkdir -p /private/var/userToRemove fi +echo ${currentUser} >> /private/var/userToRemove/user ################################## # give the user admin privileges # ################################## -/usr/sbin/dseditgroup -o edit -a $currentUser -t user admin +try /usr/sbin/dseditgroup -o edit -a ${currentUser} -t user admin ######################################## # write a script for the launch daemon # @@ -73,14 +76,18 @@ fi ######################################## cat << 'EOF' > /Library/Application\ Support/JAMF/removeAdminRights.sh -if [[ -f /private/var/userToRemove/user ]]; then - userToRemove=$(cat /private/var/userToRemove/user) - echo "Removing $userToRemove's admin privileges" - /usr/sbin/dseditgroup -o edit -d $userToRemove -t user admin - rm -f /private/var/userToRemove/user - launchctl unload /Library/LaunchDaemons/removeAdmin.plist - rm /Library/LaunchDaemons/removeAdmin.plist - log collect --last 30m --output /private/var/userToRemove/$userToRemove.logarchive +#!/bin/sh +date=$(date +%Y-%m-%d_%H-%M-%S) +if [ -f /private/var/userToRemove/user ]; then + for userToRemove in $(cat /private/var/userToRemove/user); do + echo "Removing ${userToRemove}'s admin privileges" + /usr/sbin/dseditgroup -o edit -d ${userToRemove} -t user admin + log collect --last 30m --output /private/var/userToRemove/${userToRemove}-${date}.logarchive + done + + rm -f /private/var/userToRemove/user + launchctl unload /Library/LaunchDaemons/removeAdmin.plist + rm /Library/LaunchDaemons/removeAdmin.plist fi EOF