Skip to content

Instantly share code, notes, and snippets.

@gregneagle
Created March 9, 2020 18:57
Show Gist options
  • Save gregneagle/6d8732ed2cd14eb899551505551dd376 to your computer and use it in GitHub Desktop.
Save gregneagle/6d8732ed2cd14eb899551505551dd376 to your computer and use it in GitHub Desktop.
Guess what this can be used for? (Hint: read the comments)
#!/bin/bash
# This script is designed to be run as root, perhaps by a management tool
# It takes one argument, a path to an app to be launched (or a name of an app,
# if you don't mind LaunchServices deciding which if any app to launch)
#
# If the current console user is not a member of the admin group, the user will
# be added to to the group. The app will then be launched in the console user's
# context.
# When the app exits (or this script is killed via SIGINT), if we had promoted
# the user to admin, we demote that user once again.
#
# Possible use: to open "Install macOS.app" with admin rights for the user so
# they can use Apple's GUI tools to upgrade macOS
export PATH=/usr/bin:/bin:/usr/sbin:/sbin
function fail {
echo "$@" 1>&2
exit 1
}
function demote_user {
# demote CONSOLEUSER from admin
dseditgroup -o edit -d ${CONSOLEUSER} -t user admin
}
CONSOLEUSER=$(stat -f %Su /dev/console)
if [ "${CONSOLEUSER}" == "root" ] ; then
fail "Not going to do this as root!"
fi
USER_UID=$(id -u ${CONSOLEUSER})
if [ $? -ne 0 ] ; then
# failed to get UID, bail
fail "Could not get UID for ${CONSOLEUSER}"
fi
APP=$1
if [ "${APP}" == "" ] ; then
# no application specified
fail "Need to specify an application!"
fi
# check if CONSOLEUSER is admin
dseditgroup -o checkmember -m ${CONSOLEUSER} admin > /dev/null
if [ $? -ne 0 ] ; then
# not currently admin, so promote to admin
dseditgroup -o edit -a ${CONSOLEUSER} -t user admin
# make sure we demote the user at the end or if we are interrupted
trap demote_user EXIT SIGINT SIGTERM
fi
# launch $APP as $USER_UID and wait until it exits
launchctl asuser ${USER_UID} open -W "${APP}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment