Mac Terminal Promote User to admin group while User - macos

How do I promote UserB to be an admin while I am logged in as that user?
I have tried:
Machine:~ UserB$ su UserAdmin /usr/bin/dscl . -append /Groups/admin GroupMembership UserB
Password: UserAdminsPassword
/usr/bin/dscl:6: parse error near `)'
Machine:~ UserB$
I have also tried a ton of other things with other quotes or prens or creating a bash script and calling.
This is on a Mac running Catalina.

Try the following:
su UserAdmin -c 'sudo dscl . -append /Groups/admin GroupMembership UserB'
If your UserAdmin has a normal admin account it is not allowed to use dscl directly. So after switching to the UserAmin account with su UserAdmin another sudo is required for that UserAdmin to call dscl as root.
In your example there is also a -c missing as the rest of the command line is a command to execute and not additional arguments for the shell of the user you are switching to.

Related

How to add username and password at command prompt using shell script

I have logged in to a host i.e 10.54.***.*** . Also I have executed a command as bdrun sa -u root but it asks for password to enter. How can I perform it using shell script ?
you can use redirect option to provide a password in run time in a shell script like below ( You might need to add your user account in sodo user config, check with your Unix system admin for detail ):-
echo "yourpassword" | sudo -S ls
So in your case you can use like below:-
echo "yourpassword" | sudo -S bdrun sa
Or if your password is in a file for example pass.txt
cat pass.txt | sudo -S bdrun sa
Hope this will help your. Good Luck!!

how can i switch user in shell script by using sudo and password

I'm working on a script in which I need to change the user, i have sudo access, i tried something like below but without success.
echo $passwd | sudo -S su - oracle
I even tried installed ssshpass but no success with that either. Is that even possible or do I need to install something else to make this work?
Any idea
If you will run your script with root account, you can just
message="The cake is a lie"
su username -c 'echo $message'
If you will run your script with another user you have two ways to do that,
1) Configuring pam like bellow so when you run su user2 -c 'command' logged with user1, linux will not ask for password.
Add the following lines right below the pam_rootok.so line in your /etc/pam.d/su:
auth [success=ignore default=1] pam_succeed_if.so user = user2
auth sufficient pam_succeed_if.so use_uid user = user1
The first line makes sure the target user is user2. If it is, the next line will take control and succeed authorization if the calling user is user1.
If the target user is something else, the second line will be ignored and the usual authentication steps will be performed.
2) Write your script using expect as here

Create user for running a daemon, on MacOS X?

What is the right way to create a user on MacOS X, from the command line, which will be used only for running a sever application? For example, there is already the '_www' user for Apache httpd, but for the new application I want it to be using its own account.
There is no "adduser" command. The Mac approach is to use the dscl command, which is the "Directory Service Command Line Utility". Directory Services is similar in notion to LDAP, but is a different solution.
The examples below will use 'mydaemon' as the intended account, though typically you would use a value matching the name of your daemon application.
All daemon users are prefixed with an underscore, such as _www.
To list the attributes on an existing entry:
sudo dscl . -read /Users/_www
Before creating a user, create a group choosing an unused group id (here we chose 300):
sudo dscl . -create /Groups/_mydaemon
sudo dscl . -create /Groups/_mydaemon PrimaryGroupID 300
Once done, we create a new user (we use the same id as we did for the group, that won't be using a shell:
sudo dscl . -create /Users/_mydaemon UniqueID 300
sudo dscl . -create /Users/_mydaemon PrimaryGroupID 300
sudo dscl . -create /Users/_mydaemon UserShell /usr/bin/false
The above is based on reading up on various information sources and verifying the process myself. One reference, that I found useful is:
http://minecraft.gamepedia.com/Tutorials/Create_a_Mac_OS_X_startup_daemon
Note, there is also GUI version of dscl (location based on MacOS X 10.10):
/System/Library/CoreServices/Applications/Directory\ Utility.app/

How to use Terminal, launched from OSX setup screen, to create new user?

I need to create a new user account on a system drive (10.10.1) because I am unable to log in to the only existing one. I can however get into the OSX setup from a prepared USB flash drive, and launch Terminal there.
I guess it would be possible to add the user account "testuser" with the following method:
dscl . create /Users/testuser
dscl . create /Users/testuser UserShell /bin/bash
dscl . create /Users/testuser RealName "Test User"
dscl . create /Users/testuser UniqueID 503
dscl . create /Users/testuser PrimaryGroupID 1000
dscl . create /Users/testuser NFSHomeDirectory /Local/Users/testuser
dscl . passwd /Users/testuser PASSWORD
dscl . append /Groups/admin GroupMembership testuser
Now entering
-bash-3.2# dscl . create /Users/testuser
what I get from Terminal is this:
-bash: dscl: command not found
I am not the most experienced with command line tools, and am clueless on how to get it to work.
Any help is greatly appreciated.
I'm not sure how you prepared the USB drive, but it looks like it doesn't include dscl. You can use the copy of dscl from the regular startup volume, but it'd still be trying to create a user on the USB disk. To fix that, you'd need to use dscl's -f option to point it to the user database you actually wanted to edit (see here for something similar).
"/Volumes/Macintosh HD/usr/bin/dscl" -f "/Volumes/Macintosh HD/var/db/dslocal/nodes/Default" localonly -create /Local/Target/Users/testuser
...etc. But even then, I'm not sure it'll handle setting the user's password correctly (there used to be a bug relating to that, but I think it got fixed).
There's a much easier way. Just delete the file /var/db/.AppleSetupDone from your regular volume (not the USB disk):
rm "/Volumes/Macintosh HD/var/db/.AppleSetupDone"
... then reboot normally and it'll run through the Setup Assistant, including letting you create a new admin account (note that existing accounts will be preserved). You can use the new admin to clean up whatever needs to be fixed (reset PW on old admin account?), then delete it when everything is back to normal.

Give same access to folders/files for multiple users

I need to manage multiple ssh users for different Heroku accounts, explained here. I've created different users and logging in to Heroku with those works fine. These are the users I have:
computer_owner (admin rights)
user1 (admin rights)
user2 (admin rights)
But I want user1 and user2 to share the same files and folders as computer_owner, i.e. all folders/files. Is this possible and if so, how do I do this?
OS X is a UNIX compliant operating system. If you set the rights on files and folders correctly, you can provide access to all of the users. There's a tutorial here on how to manage the access rights and many more around if you search for something like "Unix Permissions"
Ideally, create a separate group using dscl and add the required members. Next, set the files to be owned by that group and each will have access to those files
So, an example would be something like this: -
# create the group
sudo dscl . create /Groups/heroku_ssh
# add members
sudo dscl . append /Groups/heroku_ssh GroupMembership computer_owner
sudo dscl . append /Groups/heroku_ssh GroupMembership user1
sudo dscl . append /Groups/heroku_ssh GroupMembership user2
Assuming a directory called testDirectory: -
# set full permissions for the owner and group
# 770 is read, write and execute for owner and group
sudo chmod -R 770 testDirectory
# set ownership of a file
sudo chown -R computer_owner:heroku_ssh testDirectory
This sets the owner to be the user computer_owner and the group heroku_ssh, so the owner and any member in the group can access the files in testDirectory

Resources