bash script for dseditgroups in OSX

stop.the.stupid · January 11, 2011, 11:54pm

Hi there,

Hope this isn't too complex of a script to try to make but this is what I'm trying to do.

Create a new group and add local users that aren't admin to the group.

So let's say the new group is 'cats' and 'dog' is the only admin on the machine. Let's say most machines only have one or two users but they're going to be different on each machine.

Since the name of the non-admin username(s) on each machine is a variable, I'm thinking the best way to add users to the 'cats' group is to go by Group ID but the only groups I know of are Wheel, Staff and Admin. All users on the Mac are a member of Staff by default so is there an identifier that represents a non-admin user which I can use to add them to the 'cats' group?

Hope that makes sense.

Here's what I have so far but it isn't much and I'll be honest, I can't figure from the dseditgroup man pages to do this.

"!/bin/bash
sudo dseditgroup -o create -n . cats
dscl -u <username/gid> . -append /Groups/cats GroupMembership <username/groupID>

Should I use dscl to append the group or continue to use dseditgroup?

If you happen to be one of those whizzo's that can just whip one of these from the hip, be prepared, I'll probably ask 'why' you decided to do something a certain way so I can learn. I'm not just looking for someone to write it out so I don't have to think.

I really have been googling all over trying to figure this out. Just seems like a little coaching from you experts would sure help.

Is this even a do-able thing? I've been trying to figure it out but bash scripting is new to me but something I'd like to learn. Seems like a very powerful way of getting a lot of repetitive tasks done.

Thanks in advance!

Stop

---------- Post updated at 09:54 PM ---------- Previous update was at 09:52 PM ----------

I guess another way would be to create the group and add all users only tell it to somehow ignore 'dog'.

Not sure if that's possible. I didn't see a way to 'ignore' users.

Also saw dsimport but that seems a bit excessive.

Thanks again,

Stop

vbe · January 12, 2011, 8:29am

I would suppose admins have admin rights in the sudoers file in order to use sudo as root (like you) I would look there for a start...
Compare with your account in what groups are you the other users arent? If not pertinent look at the sudoers file

stop.the.stupid · January 13, 2011, 11:36pm

After reading around and talking to a friend who's done some bash scripting. I think I'm going to have to write a 'for' loop to define the variables after creating the group.

If/when I get this figured out I'll come back and share.

/stop

---------- Post updated at 09:36 PM ---------- Previous update was at 09:33 AM ----------

Well, here's what I've got. Probably way off but what do you think? Where have I gone wrong the most?

#!/bin/bash
#this is my attempt at writing a bash script which creates a non-admin group called 'cats'
#the script should add all users except the DOG and Shared users to the script
#this is my first attempt at writing a bash script and likely has errors
#don't run this script unless you know how to fix it first as it will likely cause your Mac to do odd things



# Change to the directory you want to use to parse though
cd /Users/

# Create a non-admin group using dseditgroup. Staff? what else would indicate it's to be a non-admin group?
# a group ID could be specified for more control

dseditgroup -o create cats -t staff
# not sure if this should have a -n included to indicate the node instead of using the default directory.

# This will loop though the directory specificed above and set each file and folder to variable a
for a in *;do
    # Looks to see if $a is a directory, if it is, then it continues, else it goes to done
    if [[ -d $a ]]; then
        # Excludes the Shared directory
        if [[ $a != "Shared" ]]; then
            # Excludes the dog directory
            if [[ $a != "dog" ]]; then
                # Excludes the DOG directory
                if [[ $a != "DOG" ]]; then
                    
                    dscl -u $a . -append /Groups/cats GroupMembership
                    # this is using dscl instead of dseditgroup to add all users indicated by the $a variable (excluding DOG and Shared above)
                    echo $a
                fi
            fi
        fi
    fi
done


dseditgroup -o checkmember . cats
#attempting to check the membership of the new group and have it print to verify it worked

echo $checkmember


exit

thanks for your feedback.

/stop

_MA_Flying_Meat · January 18, 2011, 3:16pm

Just a tip on nested if statements:

if [ $a != "Shared" ] || [ $a != "dog" ] || [ $a != "DOG" ]; then

Should do the same thing (process anything other than Shared, dog or DOG), and is a little easier to look at. "||" equals "or".
There are other ways to pare down these types of statements, but I have used this construct successfully in a few scripts in the past...

tlarkin · January 24, 2011, 4:41am

I think you posted this on the Macworld forums, as I remember reading this.

in case anyone else is reading this I will just link the forum post as Hal Itosis wrote a pretty nice script that does this.

Help with a dseditgroup script - The macosxhints Forums