Go Back   The macosxhints Forums > OS X Help Requests > UNIX - General



Reply
 
Thread Tools Rating: Thread Rating: 4 votes, 5.00 average. Display Modes
Old 03-30-2012, 04:01 PM   #1
Mattie Num Nums
Prospect
 
Join Date: Apr 2009
Posts: 8
If Statements and unary operator expected

I have a script I am building to move Network Admin users (leveraging Active Directory) to the /Groups/admin Local Admin group, since users lose Admin rights once they are off the network.

#!/bin/sh

user=`ls -l /dev/console | cut -d " " -f 4`
group=`dseditgroup -o read -n /Local/Default admin | grep -a $user`

if [ $user = $group ] ; then
echo "Yes"
else
echo "No"
fi


The following script gets me the results I am looking for however, when the result is No (a null value) the script reports the following error:

/bin/bash: line 6: [: username: unary operator expected
No


Was wondering if anyone had any tips for this error.
Mattie Num Nums is offline   Reply With Quote
Old 03-31-2012, 06:06 AM   #2
ganbustein
MVP
 
Join Date: Apr 2008
Location: Berkeley CA USA
Posts: 1,193
Put quotes around $group in the if expression. That way, even if it's the empty string (because grep didn't find any matching lines), the shell will still see a parameter there.

Code:
user=$(stat -f%Su /dev/console)
group=$(dseditgroup -o read -n /Local/Default admin | grep $user)
if [ "$user" = "$group" ] ; then
    echo Yes
else
    echo No
fi
That having been said, using grep to search for the user's name in the output of dseditgroup is unreliable. What if the user's name is "admin"? That word will always appear in the output, even if user admin is not in group admin. Instead of futzing around with grep, why not just use the checkmember operation of dseditgroup. That's what it's for.

(In similar vein, if you want to know who owns /dev/console, just ask. No need to bring in ls and cut and hope the owner will always be in the fourth field. Whenever you can, ask for the precise information you want, rather than asking for much more and then trying to winnow out the irrelevant chatter.)

Code:
user=$(stat -f%Su /dev/console)
if dseditgroup -o checkmember -n /Local/Default -m $user admin >/dev/null
then echo Yes
else echo No
fi
ganbustein is offline   Reply With Quote
Old 03-31-2012, 01:55 PM   #3
dmacks
All Star
 
Join Date: Dec 2004
Posts: 678
Is your pipe even working? For me on 10.6, dseditgroup spews its output to STDERR whereas | only propagates STDOUT to the next command.
dmacks is offline   Reply With Quote
Old 03-31-2012, 03:40 PM   #4
tlarkin
League Commissioner
 
Join Date: Mar 2003
Location: Bay Area, CA
Posts: 11,352
Hmm, this script looks familiar, haha....

Here is my take on it, but my take is specific to my preferred methods, so this is like my opinion man!

Code:
#!/bin/bash

# generate list of users that have UID grater than 500

userList=$(dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }')

for u in ${userList} ; do

dseditgroup -o read -n /Local/Default admin | awk '/${u}/ { print $1 }'

#test to see if it was successful

if [[ `echo "$?"` == 0 ]]
 
  then echo "${u} is in the admin group"
  else echo "${u} is not in the admin group"
fi
done
exit 0
__________________
sudo make me a sammich
tlarkin is offline   Reply With Quote
Old 03-31-2012, 05:00 PM   #5
ganbustein
MVP
 
Join Date: Apr 2008
Location: Berkeley CA USA
Posts: 1,193
Quote:
Originally Posted by dmacks
Is your pipe even working? For me on 10.6, dseditgroup spews its output to STDERR whereas | only propagates STDOUT to the next command.

Yes. For me on 10.7, dseditgroup sends its output to stdout, for both the read and the checkmember operations. I tested that both of the scripts I posted work. (That is, the OP's script with quotes around "$group", and mine which pipes dseditgroup's stdout to /dev/null.)

Just for completeness, I tested under 10.6. dseditgroup -o read sends its output to stderr; dseditgroup -o checkmember sends a superfluous message to stdout. (Superfluous, in the sense that it merely rephrases the exit status.)
ganbustein is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 02:02 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.