Created
February 19, 2019 05:38
-
-
Save dolfly/16d2c25e32bb4b8258e5febe3fc79042 to your computer and use it in GitHub Desktop.
Mac User Account Create & Delete
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mac user account create and delete |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # cf. Adding a User From the Command Line, | |
| # http://developer.apple.com/documentation/Porting/Conceptual/PortingUnix/additionalfeatures/chapter_10_section_9.html | |
| if [[ "$(/usr/bin/whoami)" != "root" ]]; then printf '/nMust be run as root!/n/n'; exit 1; fi | |
| OPATH=$PATH | |
| export PATH=/usr/bin:/usr/sbin:/bin:/sbin | |
| OIFS=$IFS | |
| export IFS=$' /t/n' | |
| declare sudo=/usr/bin/sudo dscl=/usr/bin/dscl | |
| printf "/e[1mEnter first name/e[m: " | |
| read firstname | |
| # no spaces in names | |
| if [[ -z "$(printf -- "$firstname" | /usr/bin/grep -Eo "^[^[:space:]]+$")" ]]; then | |
| printf '/nUse a name without spaces! /nPlease, try again!/n/n' | |
| exit 1 | |
| fi | |
| # name must not begin with a number | |
| if [[ -n "$(printf -- "$firstname" | /usr/bin/grep -E "^[[:digit:]]")" ]]; then | |
| printf '/nName must not begin with a number! /nPlease, try again!/n/n' | |
| exit 1 | |
| fi | |
| # make sure the user name is unique | |
| new_user="$(/usr/bin/dscl . -search /Users name "$firstname" 2>/dev/null)" | |
| if [[ -z "$new_user" ]]; then | |
| new_user="$firstname" | |
| else | |
| printf "/nUser name already exists: $firstname /nPlease, modify your name and try it again/x21/n/n" # cf. man ascii for /x21 | |
| exit 1 | |
| fi | |
| # make sure the user's primary group name is unique | |
| # note: the user's primary group name is also based on the first name! | |
| new_group="$(/usr/bin/dscl . -search /Groups name "$firstname")" | |
| if [[ -z "$new_group" ]]; then | |
| new_group="$firstname" | |
| else | |
| printf "/nThe user's primary group name already exists: $firstname/x21 /nPlease, try again/x21/n/n" | |
| exit 1 | |
| fi | |
| # make sure there is no (file or) home directory of the same name already | |
| if [[ -e "/Users/$new_user" ]]; then | |
| printf "/nUser $new_user already exists at /Users/$new_user/x21 /nPlease, try again/x21/n/n" | |
| exit 1 | |
| fi | |
| # last name | |
| printf "/e[1mEnter last name/e[m: " | |
| read lastname | |
| # no spaces in names | |
| if [[ -z "$(printf -- "$lastname" | /usr/bin/grep -Eo "^[^[:space:]]+$")" ]]; then | |
| printf '/nUse a name without spaces! /nPlease, try again!/n/n' | |
| exit 1 | |
| fi | |
| # name must not begin with a number | |
| if [[ -n "$(printf -- "$lastname" | /usr/bin/grep -E "^[[:digit:]]")" ]]; then | |
| printf '/nName must not begin with a number! /nPlease, try again!/n/n' | |
| exit 1 | |
| fi | |
| # enter password | |
| printf "/e[1mEnter password/e[m: " | |
| stty_orig=$(/bin/stty -g) | |
| pass='' | |
| blank='false' | |
| while [[ "$blank" != "true" ]]; do | |
| /bin/stty -icanon -echo | |
| c=$(/bin/dd bs=6 count=1 2> /dev/null) | |
| # Check for a CR. | |
| if [[ -z "$(printf -- "$c" | /usr/bin/tr -d "/r/n")" ]]; then | |
| blank='true' | |
| else | |
| /bin/stty echo | |
| printf "*" | |
| pass="$pass$c" | |
| /bin/stty -echo | |
| fi | |
| done | |
| /bin/stty icanon echo | |
| /bin/stty "$stty_orig" | |
| passwd1="$pass" | |
| printf "/n" | |
| # check minimum password length: 6 | |
| if [[ -z "$(printf -- "$passwd1" | /usr/bin/grep -Eo "^([[:alnum:]]|[[:punct:]]){6,}$")" ]]; then | |
| printf '/nUse at least 6 characters (alphanumeric, punctuational) for your password! /nPlease, try again!/n/n' | |
| exit 1 | |
| fi | |
| # confirm password | |
| printf "/e[1mConfirm password/e[m: " | |
| stty_orig=$(/bin/stty -g) | |
| pass='' | |
| blank='false' | |
| while [[ "$blank" != "true" ]]; do | |
| /bin/stty -icanon -echo | |
| c=$(/bin/dd bs=6 count=1 2> /dev/null) | |
| # Check for a CR. | |
| if [[ -z "$(printf -- "$c" | /usr/bin/tr -d "/r/n")" ]]; then | |
| blank='true' | |
| else | |
| /bin/stty echo | |
| printf "*" | |
| pass="$pass$c" | |
| /bin/stty -echo | |
| fi | |
| done | |
| /bin/stty icanon echo | |
| /bin/stty "$stty_orig" | |
| passwd2="$pass" | |
| printf "/n" | |
| if [[ "$passwd1" != "$passwd2" ]]; then | |
| printf '/nPasswords do not match. /nPlease, try again!/n/n' | |
| exit 1 | |
| else | |
| printf '/nPassword confirmation was successful!/n/n' | |
| fi | |
| # get unique id numbers (uid, gid) that are greater than 500 | |
| unset -v i new_uid new_gid idvar | |
| declare -i new_uid=0 new_gid=0 i=500 idvar=0 | |
| while [[ $idvar -eq 0 ]]; do | |
| i=$[i+1] | |
| if [[ -z "$(/usr/bin/dscl . -search /Users uid $i)" ]] && [[ -z "$(/usr/bin/dscl . -search /Groups gid $i)" ]]; then | |
| new_uid=$i | |
| new_gid=$i | |
| idvar=1 | |
| #break | |
| fi | |
| done | |
| if [[ $new_uid -eq 0 ]] || [[ $new_gid -eq 0 ]]; then printf 'Getting unique id numbers (uid, gid) failed!/n'; exit 1; fi | |
| # old version | |
| # get unique id numbers (for uid, gid) by increasing the highest id number already in use by 1 | |
| #new_uid=$(($(/usr/bin/dscl . -list /Users uid | /usr/bin/awk '{print $NF;}' | /usr/bin/sort -n | /usr/bin/tail -n 1) + 1)) | |
| #new_gid=$(($(/usr/bin/dscl . -list /Groups gid | /usr/bin/awk '{print $NF;}' | /usr/bin/sort -n | /usr/bin/tail -n 1) + 1)) | |
| # make sure $new_uid and $new_gid are equal | |
| #if [[ $new_uid -ne $new_gid ]]; then | |
| # if [[ $new_uid -gt $new_gid ]]; then new_gid="$new_uid"; else new_uid=$new_gid; fi | |
| #fi | |
| # check once again ... | |
| if [[ $new_uid -eq $new_gid ]] && [[ "$new_user" == "$firstname" ]] && [[ "$new_group" == "$firstname" ]]; then | |
| # create the user's primary group | |
| $sudo /usr/sbin/dseditgroup -o create -r "$firstname $lastname" -i $new_gid "$new_group" | |
| $sudo $dscl . -append "/Groups/$new_group" passwd "*" | |
| $sudo $dscl . -create "/Users/$new_user" | |
| $sudo $dscl . -append "/Users/$new_user" RealName "$firstname $lastname" | |
| $sudo $dscl . -append "/Users/$new_user" NFSHomeDirectory "/Users/$new_user" | |
| ###$sudo $dscl . -append "/Users/$new_user" NFSHomeDirectory "/Local/Users/$new_user" | |
| $sudo $dscl . -append "/Users/$new_user" UserShell /bin/bash | |
| $sudo $dscl . -append "/Users/$new_user" PrimaryGroupID $new_gid | |
| $sudo $dscl . -append "/Users/$new_user" UniqueID $new_uid | |
| $sudo $dscl . -append "/Users/$new_user" hint "" | |
| $sudo $dscl . -append "/Users/$new_user" comment "user account /"$firstname $lastname/" created: $(/bin/date)" | |
| $sudo $dscl . -append "/Users/$new_user" picture "/Library/User Pictures/Animals/Butterfly.tif" | |
| $sudo $dscl . -append "/Users/$new_user" sharedDir Public | |
| $sudo $dscl . -passwd "/Users/$new_user" "$passwd1" | |
| # add some other properties that are usually set (Mac OS X 10.4) | |
| $sudo $dscl . -append "/Users/$new_user" _shadow_passwd "" | |
| $sudo $dscl . -append "/Users/$new_user" _writers_hint "$new_user" | |
| $sudo $dscl . -append "/Users/$new_user" _writers_real_name "$new_user" | |
| $sudo $dscl . -append "/Groups/$new_group" GroupMembership "$new_user" # add new user to the user's primary group | |
| #$sudo /usr/sbin/dseditgroup -o edit -a "$new_group" -t user "$new_user" | |
| $sudo $dscl . -append /Groups/staff GroupMembership "$new_user" # test: add new user to group staff | |
| # add the new user to the admin group (Mac OS X 10.4) | |
| # This should be part of a separate admin user account shell script or | |
| # at least require an additional user input prompt at the beginning! | |
| #$sudo $dscl . -append /Groups/admin GroupMembership "$new_user" | |
| #$sudo $dscl . -append /Groups/appserverusr GroupMembership "$new_user" | |
| #$sudo $dscl . -append /Groups/appserveradm GroupMembership "$new_user" | |
| # log out after running the script to see the new user account has been created | |
| $sudo /usr/sbin/createhomedir -l -u "$new_user" | |
| else | |
| printf "/nConfiguration of user account: $firstname failed/x21 /nPlease, try again/x21/n/n" | |
| exit 1 | |
| fi | |
| printf "/nUser account: $firstname successfully created/x21 /nYou can now log in to your new user account/x21/n/n" | |
| export IFS=$OIFS | |
| export PATH=$OPATH | |
| exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # cf. http://www.macos.utah.edu/documentation/authentication/dscl.html | |
| if [[ "$(/usr/bin/whoami)" != "root" ]]; then printf '/nMust be run as root!/n/n'; exit 1; fi | |
| OPATH=$PATH | |
| export PATH=/usr/bin:/usr/sbin:/bin:/sbin | |
| OIFS=$IFS | |
| export IFS=$' /t/n' | |
| declare sudo=/usr/bin/sudo | |
| printf "/e[1mDelete user account/e[m: " | |
| read user | |
| if [[ -z "$user" ]]; then printf '/nNo user specified! Please, try again!/n/n'; exit 1; fi | |
| # make sure the user exists | |
| usertest="$(/usr/bin/dscl . -search /Users name "$user" 2>/dev/null)" | |
| if [[ -z "$usertest" ]]; then printf "/nUser does not exist: $user/n/n"; exit 1; fi | |
| # get user's group memberships | |
| groups_of_user="$(/usr/bin/id -Gn $user)" | |
| if [[ $? -eq ]] && [[ -n "$(/usr/bin/dscl . -search /Groups GroupMembership "$user")" ]]; then | |
| # delete the user's group memberships | |
| for group in $groups_of_user; do | |
| $sudo /usr/bin/dscl . -delete "/Groups/$group" GroupMembership "$user" | |
| #$sudo /usr/sbin/dseditgroup -o edit -d "$user" -t user "$group" | |
| done | |
| fi | |
| # delete the user's primary group | |
| if [[ -n "$(/usr/bin/dscl . -search /Groups name "$user")" ]]; then | |
| $sudo /usr/sbin/dseditgroup -o delete "$user" | |
| fi | |
| # if the user's primary group has not been deleted ... | |
| if [[ -n "$(/usr/bin/dscl . -search /Groups name "$user")" ]]; then | |
| printf " | |
| /e[1mWarning/e[m: | |
| The group memberships of the user /e[1m$user/e[m have been deleted/x21 | |
| groups_of_user: $groups_of_user | |
| The user's primary group /e[1m$user/e[m, however, has not been deleted/x21 | |
| Please, try again/x21 | |
| Exiting .../n | |
| " | |
| exit 1 | |
| fi | |
| # find the GeneratedUID of the user and remove the password hash file | |
| # from /private/var/db/shadow/hash/<GeneratedUID> | |
| # sudo ls -a /private/var/db/shadow/hash | |
| # sudo ls -l /private/var/db/shadow/hash/<GeneratedUID> | |
| guid="$(/usr/bin/dscl . -read "/Users/$user" GeneratedUID | /usr/bin/awk '{print $NF;}')" | |
| if [[ -f "/private/var/db/shadow/hash/$guid" ]]; then | |
| $sudo /bin/rm -f /private/var/db/shadow/hash/$guid | |
| fi | |
| # delete the user | |
| $sudo /usr/bin/dscl . -delete "/Users/$user" | |
| # make a backup | |
| if [[ -d "/Users/$user" ]]; then | |
| $sudo /usr/bin/ditto -rsrc -c -k "/Users/$user" "/Users/${user}-archive-$(/bin/date).zip" | |
| fi | |
| # remove the user's home directory | |
| if [[ -d "/Users/$user" ]]; then | |
| $sudo /bin/rm -rf "/Users/$user" | |
| fi | |
| export IFS=$OIFS | |
| export PATH=$OPATH | |
| exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment