jlehikoinen/remove_admin_rights.py

## remove_admin_rights.py
#!/usr/bin/python

"""
# Beef:

/usr/bin/dscl -plist . -read /Groups/admin GroupMembership
/usr/sbin/dseditgroup -o edit -d <shortname> -t user admin
"""

"""
# Plist example:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>dsAttrTypeStandard:GroupMembership</key>
    <array>
        <string>root</string>
        <string>ladmin</string>
        <string>admin_noob</string>
    </array>
</dict>
</plist>
"""

import os
import sys
import plistlib
import subprocess

###

TR00_ADMINS = ['root', 'ladmin']
current_admins = []

###

if os.getuid() != 0:
    sys.exit('Run this script as root. Exiting.')

cmd = ['/usr/bin/dscl', '-plist', '.', 'read', '/Groups/admin', 'GroupMembership']
plist = subprocess.check_output(cmd)
# print plist

try:
    root_object = plistlib.readPlistFromString(plist)
except KeyError:
    print 'Could not read plist'

# Get admins
if root_object['dsAttrTypeStandard:GroupMembership']:
    current_admins = root_object['dsAttrTypeStandard:GroupMembership']
    # for admin in current_admins:
    #	print admin
    super_admins_set = set(TR00_ADMINS)
    admins_to_be_removed = [admin for admin in current_admins if admin not in super_admins_set]
    # print admins_to_be_removed
else:
    sys.exit('GroupMembership key not found')

if current_admins:
    if admins_to_be_removed:
        for unfortunate_admin in admins_to_be_removed:
            print '%s back to being average Joe/Jane' % unfortunate_admin
            cmd2 = ['/usr/sbin/dseditgroup', '-o', 'edit', '-d', unfortunate_admin, '-t', 'user', 'admin']
            # sysadminctl or dscl to delete user
            # temp_var = '/Users/' + unfortunate_admin
            # cmd2 = ['dscl', '.', 'read', temp_var, 'RealName']
            task = subprocess.Popen(cmd2, stdout=subprocess.PIPE)
            # print task.communicate()[0]
    else:
        print 'Everybody gets to be tr00 admin!'
else:
    print 'No admins?'
	#!/usr/bin/python

	"""
	# Beef:

	/usr/bin/dscl -plist . -read /Groups/admin GroupMembership
	/usr/sbin/dseditgroup -o edit -d <shortname> -t user admin
	"""

	"""
	# Plist example:

	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>dsAttrTypeStandard:GroupMembership</key>
	<array>
	<string>root</string>
	<string>ladmin</string>
	<string>admin_noob</string>
	</array>
	</dict>
	</plist>
	"""

	import os
	import sys
	import plistlib
	import subprocess

	###

	TR00_ADMINS = ['root', 'ladmin']
	current_admins = []

	###

	if os.getuid() != 0:
	sys.exit('Run this script as root. Exiting.')

	cmd = ['/usr/bin/dscl', '-plist', '.', 'read', '/Groups/admin', 'GroupMembership']
	plist = subprocess.check_output(cmd)
	# print plist

	try:
	root_object = plistlib.readPlistFromString(plist)
	except KeyError:
	print 'Could not read plist'

	# Get admins
	if root_object['dsAttrTypeStandard:GroupMembership']:
	current_admins = root_object['dsAttrTypeStandard:GroupMembership']
	# for admin in current_admins:
	# print admin
	super_admins_set = set(TR00_ADMINS)
	admins_to_be_removed = [admin for admin in current_admins if admin not in super_admins_set]
	# print admins_to_be_removed
	else:
	sys.exit('GroupMembership key not found')

	if current_admins:
	if admins_to_be_removed:
	for unfortunate_admin in admins_to_be_removed:
	print '%s back to being average Joe/Jane' % unfortunate_admin
	cmd2 = ['/usr/sbin/dseditgroup', '-o', 'edit', '-d', unfortunate_admin, '-t', 'user', 'admin']
	# sysadminctl or dscl to delete user
	# temp_var = '/Users/' + unfortunate_admin
	# cmd2 = ['dscl', '.', 'read', temp_var, 'RealName']
	task = subprocess.Popen(cmd2, stdout=subprocess.PIPE)
	# print task.communicate()[0]
	else:
	print 'Everybody gets to be tr00 admin!'
	else:
	print 'No admins?'