Skip to content

Clean up script #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Clean up script #8

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 33 additions & 26 deletions MakeMeAnAdmin.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/sh

###############################################
# This script will provide temporary admin #
Expand All @@ -18,53 +18,56 @@
# find the logged in user and let them know #
#############################################

minutes_to_allow_admin=30

currentUser=$(who | awk '/console/{print $1}')
echo $currentUser
echo ${currentUser}

osascript -e 'display dialog "You now have administrative rights for 30 minutes. DO NOT ABUSE THIS PRIVILEGE..." buttons {"Make me an admin, please"} default button 1'
try osascript -e 'display dialog "You now have administrative rights for 30 minutes. DO NOT ABUSE THIS PRIVILEGE..." buttons {"Make me an admin, please"} default button 1'

#########################################################
# write a daemon that will let you remove the privilege #
# with another script and chmod/chown to make #
# sure it'll run, then load the daemon #
# with another script and chmod/chown to make #
# sure it'll run, then load the daemon #
#########################################################


#Create the plist
sudo defaults write /Library/LaunchDaemons/removeAdmin.plist Label -string "removeAdmin"
try sudo defaults write /Library/LaunchDaemons/removeAdmin.plist Label -string "removeAdmin"

#Add program argument to have it run the update script
sudo defaults write /Library/LaunchDaemons/removeAdmin.plist ProgramArguments -array -string /bin/sh -string "/Library/Application Support/JAMF/removeAdminRights.sh"
try sudo defaults write /Library/LaunchDaemons/removeAdmin.plist ProgramArguments -array -string /bin/sh -string "/Library/Application Support/JAMF/removeAdminRights.sh"

#Set the run inverval to run every 7 days
sudo defaults write /Library/LaunchDaemons/removeAdmin.plist StartInterval -integer 1800
# start the daemon after the specified time
admin_seconds=$(expr ${minutes_to_allow_admin} \* 60)
try sudo defaults write /Library/LaunchDaemons/removeAdmin.plist StartInterval -integer ${admin_seconds}

#Set run at load
sudo defaults write /Library/LaunchDaemons/removeAdmin.plist RunAtLoad -boolean yes
try sudo defaults write /Library/LaunchDaemons/removeAdmin.plist RunAtLoad -boolean yes

#Set ownership
sudo chown root:wheel /Library/LaunchDaemons/removeAdmin.plist
sudo chmod 644 /Library/LaunchDaemons/removeAdmin.plist
try sudo chown root:wheel /Library/LaunchDaemons/removeAdmin.plist
try sudo chmod 644 /Library/LaunchDaemons/removeAdmin.plist

#Load the daemon
launchctl load /Library/LaunchDaemons/removeAdmin.plist
try launchctl load /Library/LaunchDaemons/removeAdmin.plist
sleep 10

#########################
# make file for removal #
#########################

if [ ! -d /private/var/userToRemove ]; then
mkdir /private/var/userToRemove
echo $currentUser >> /private/var/userToRemove/user
else
echo $currentUser >> /private/var/userToRemove/user
rm -f /private/var/userToRemove
mkdir -p /private/var/userToRemove
fi
echo ${currentUser} >> /private/var/userToRemove/user

##################################
# give the user admin privileges #
##################################

/usr/sbin/dseditgroup -o edit -a $currentUser -t user admin
try /usr/sbin/dseditgroup -o edit -a ${currentUser} -t user admin

########################################
# write a script for the launch daemon #
Expand All @@ -73,14 +76,18 @@ fi
########################################

cat << 'EOF' > /Library/Application\ Support/JAMF/removeAdminRights.sh
if [[ -f /private/var/userToRemove/user ]]; then
userToRemove=$(cat /private/var/userToRemove/user)
echo "Removing $userToRemove's admin privileges"
/usr/sbin/dseditgroup -o edit -d $userToRemove -t user admin
rm -f /private/var/userToRemove/user
launchctl unload /Library/LaunchDaemons/removeAdmin.plist
rm /Library/LaunchDaemons/removeAdmin.plist
log collect --last 30m --output /private/var/userToRemove/$userToRemove.logarchive
#!/bin/sh
date=$(date +%Y-%m-%d_%H-%M-%S)
if [ -f /private/var/userToRemove/user ]; then
for userToRemove in $(cat /private/var/userToRemove/user); do
echo "Removing ${userToRemove}'s admin privileges"
/usr/sbin/dseditgroup -o edit -d ${userToRemove} -t user admin
log collect --last 30m --output /private/var/userToRemove/${userToRemove}-${date}.logarchive
done

rm -f /private/var/userToRemove/user
launchctl unload /Library/LaunchDaemons/removeAdmin.plist
rm /Library/LaunchDaemons/removeAdmin.plist
fi
EOF

Expand Down