Menu
Zero One Labs
  • Home
  • About
  • Scripts
  • Snippets
Zero One Labs

Give your Mac users temporary admin

Posted on December 18, 2017January 13, 2019 by Zan

Lately I saw a post on JAMF’s user forums with someone wanting to give temporary admin access to their users for a set amount of time. This reminded me that I had such a script and that I should share it with the world. So here you go!

The script basically takes an argument with numbers only, where it gives the currently logged-in user admin powers for a set amount of time. It even has an “exit trap” to detect that, if the script is stopped prematurely, the user will be removed from the admin group (if the computer shuts, down, etc). This is in case the user tries to exploit this script in order to keep their admin access.

 

#!/bin/bash
if [[ ! $(whoami) = "root" ]];then echo "Must be root.";exit 1;fi
curUser="$(ls -l /dev/console | awk '{ print $3 }')"
retval=9001
_x=9001
numtest='^[0-9]+

 

arg=$1
# For JAMF Users you'll want to capture the 3rd argument instead.
# uncomment the following line to do that
#arg=$3
if ! [[ -z $arg ]];then
  if [[ $arg =~ $numtest ]];then 
    sleeptimer=$arg
  else 
    sleeptimer=40
  fi
else 
  sleeptimer=40
fi
isUserAnAdmin () {
  if [[ $(dscl . read /Groups/admin GroupMembership | grep -oq "${curUser}";echo $?) -eq 0 ]];then
    true
  else
  	false
  fi
}
grant_admin () {
  dscl . append /Groups/admin GroupMembership "${curUser}"
}
deny_admin () {
  dscl . delete /Groups/admin GroupMembership "${curUser}" >/dev/null 2>&1
}
exit_script () {
  if isUserAnAdmin;then
    deny_admin
  fi
}
if isUserAnAdmin;then
  exit
else
 grant_admin
 trap exit_script SIGINT SIGTERM
 sleep ${sleeptimer}
 deny_admin
fi
exit $?

 

  • admin access
  • bash
  • jamf
  • mac management
  • script
  • self service
  • Leave a Reply Cancel reply

    You must be logged in to post a comment.

    Login with your Social ID

    Categories

    • Articles
    • Bash
    • Mac
    • PackageMaker
    • Python
    • Scripts
    • Terminal
    • Uncategorized
    My LinkedIn
    ©2023 Zero One Labs | Powered by WordPress & Superb Themes