Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
MacAdm/tempadm.sh
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
executable file
157 lines (144 sloc)
4.3 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash -e | |
usage() { | |
cat << EOF | |
$(basename $0) only works with 'sudo' or as root | |
-h print Helptext | |
-u username | |
-t time (e.g 1 for 1 day) | |
-s allowed programs for installation (e.g itunes,chrome ) | |
-p Password for tempadm | |
-l language for email de or eng(default) (optional) | |
-m Debug alternative mailadress(username only) (optional) | |
EOF | |
} | |
check=$(whoami) | |
if [ "$check" != "root" ]; then | |
echo "run as root\n" | |
usage | |
exit | |
fi | |
while getopts :hu:t:s:p:l:m: option; do | |
case $option in | |
h) | |
usage | |
exit | |
;; | |
u) | |
mailad=${OPTARG} | |
;; | |
t) | |
time=${OPTARG} | |
;; | |
s) | |
prog=${OPTARG} | |
;; | |
p) | |
password=${OPTARG} | |
;; | |
m) | |
debug=${OPTARG} | |
;; | |
l) | |
lang=${OPTARG} | |
;; | |
*) | |
usage | |
exit | |
;; | |
esac | |
done | |
if [[ "$mailad" == "" || "$time" == "" || "$prog" == "" || "$password" == "" ]];then | |
usage | |
exit | |
fi | |
host=$(hostname |cut -d"." -f1) | |
username="tempadm" | |
realname="Temp Adm" | |
uid=510 | |
gid=20 #staff standard Group | |
path="/Users/${username}" | |
duration="$time days" | |
if sw_vers --productVersion > /dev/null; then | |
version=$(sw_vers --productVersion) | |
elif sw_vers -productVersion > /dev/null ; then | |
version=$(sw_vers -productVersion) | |
fi | |
#Mail RealName | |
if ! dscl . -list /Users UniqueID | grep -i $mailad &> /dev/null ; then | |
echo "Local Users:" | |
ls /Users | |
echo -e "Cannot find correct username for Email.\nEnter username: " | |
read mailad | |
fi | |
time=$(date -v+${time}d) | |
user=$(dscl . -read /Users/${mailad} RealName |grep -v "RealName:"|sed 's/ //') | |
mailad=${mailad}@molgen.mpg.de | |
# Template finden | |
if [ -h $0 ]; then | |
x=$(readlink $0) | |
else | |
x=$0 | |
fi | |
if [[ "$lang" == eng ]];then | |
mail=$( dirname $x )/englishtmp.mail | |
subject="LocalAdminPassword for $host" | |
elif [[ "$lang" == de ]]; then | |
mail=$( dirname $x )/deutschtmp.mail | |
subject="LocalAdminPassword fuer $host" | |
elif [[ "$lang" != de || "$lang" != eng ]]; then | |
lang=eng | |
mail=$( dirname $x )/englishtmp.mail | |
subject="LocalAdminPassword for $host" | |
fi | |
# 10.9 and lower | |
if [[ $(echo ${version} |cut -d'.' -f2) -lt 10 && $(echo ${version} |cut -d'.' -f1) -eq 10 ]];then | |
#check if USer already exists | |
if dscl . -list /Users UniqueID|grep $username &>/dev/null; then | |
dscl . -passwd $path $password | |
dseditgroup -o edit -a $username -t user admin | |
launchctl load -w /System/Library/LaunchDaemons/com.apple.atrun.plist | |
echo "/usr/sbin/dseditgroup -o edit -d $username -t user admin" | at now + ${duration} | |
else | |
while id $uid; do | |
uid=$uid+1 | |
done | |
dscl . -create $path | |
dscl . -create $path UserShell /bin/bash | |
dscl . -create $path RealName "$realname" | |
dscl . -create $path UniqueID "$uid" | |
dscl . -create $path PrimaryGroupID $gid | |
dscl . -passwd $path $password | |
dscl . -delete "/SharePoints/$realname's Public Folder" | |
dseditgroup -o edit -a $username -t user admin | |
launchctl load -w /System/Library/LaunchDaemons/com.apple.atrun.plist | |
echo "/usr/sbin/dseditgroup -o edit -d $username -t user admin" | at now + ${duration} | |
fi | |
#10.10 and higher | |
elif [[ $(echo ${version} |cut -d'.' -f2) -ge 10 || $(echo ${version} |cut -d'.' -f1) -ge 11 ]]; then | |
if dscl . -list /Users UniqueID|grep $username &>/dev/null; then | |
dscl . -passwd $path $password | |
dseditgroup -o edit -a $username -t user admin | |
launchctl load -w /System/Library/LaunchDaemons/com.apple.atrun.plist | |
echo "/usr/sbin/dseditgroup -o edit -d $username -t user admin" | at now + ${duration} | |
else | |
sysadminctl -addUser $username -fullName \ | |
"$realname" -password "$password" -admin | |
dscl . create $path IsHidden 1 # Hides the account (10.10 and above) | |
launchctl load -w /System/Library/LaunchDaemons/com.apple.atrun.plist | |
echo "/usr/sbin/dseditgroup -o edit -d $username -t user admin" | at now + ${duration} | |
fi | |
fi | |
if [[ $debug == "" ]]; then | |
to="helpdesk" | |
elif [[ $debug != "" ]]; then | |
to="${debug}\@molgen.mpg.de" | |
mailad=$to | |
fi | |
#Check mail conf | |
if ! grep "harry.molgen.mpg.de" /etc/postfix/main.cf &> /dev/null ;then | |
echo "relayhost = harry.molgen.mpg.de" >> /etc/postfix/main.cf | |
echo 'myorigin = molgen.mpg.de' >> /etc/postfix/main.cf | |
fi | |
sed -e "s/@USER@/$user/" -e "s/@PASSWORD@/$password/" -e "s/@DATE@/$time/" \ | |
-e "s/@SOFTWARE@/$prog/" $mail | REPLYTO=${to}@molgen.mpg.de \ | |
mailx -s "$subject" -c $to $mailad |