If Statements and unary operator expected

[Mattie Num Nums]

I have a script I am building to move Network Admin users (leveraging Active Directory) to the /Groups/admin Local Admin group, since users lose Admin rights once they are off the network.

#!/bin/sh



user=`ls -l /dev/console | cut -d " " -f 4`

group=`dseditgroup -o read -n /Local/Default admin | grep -a $user`



if [ $user = $group ] ; then

   echo "Yes"

else

   echo "No"

fi

The following script gets me the results I am looking for however, when the result is No (a null value) the script reports the following error:

/bin/bash: line 6: [: username: unary operator expected

No

Was wondering if anyone had any tips for this error.

[ganbustein]

Put quotes around $group in the if expression. That way, even if it's the empty string (because grep didn't find any matching lines), the shell will still see a parameter there.

Code:

user=$(stat -f%Su /dev/console)
group=$(dseditgroup -o read -n /Local/Default admin | grep $user)
if [ "$user" = "$group" ] ; then
    echo Yes
else
    echo No
fi

That having been said, using grep to search for the user's name in the output of dseditgroup is unreliable. What if the user's name is "admin"? That word will always appear in the output, even if user admin is not in group admin. Instead of futzing around with grep, why not just use the checkmember operation of dseditgroup. That's what it's for.

(In similar vein, if you want to know who owns /dev/console, just ask. No need to bring in ls and cut and hope the owner will always be in the fourth field. Whenever you can, ask for the precise information you want, rather than asking for much more and then trying to winnow out the irrelevant chatter.)

Code:

user=$(stat -f%Su /dev/console)
if dseditgroup -o checkmember -n /Local/Default -m $user admin >/dev/null
then echo Yes
else echo No
fi

[dmacks]

Is your pipe even working? For me on 10.6, dseditgroup spews its output to STDERR whereas | only propagates STDOUT to the next command.

[tlarkin]

Hmm, this script looks familiar, haha....

Here is my take on it, but my take is specific to my preferred methods, so this is like my opinion man!

Code:

#!/bin/bash

# generate list of users that have UID grater than 500

userList=$(dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }')

for u in ${userList} ; do

dseditgroup -o read -n /Local/Default admin | awk '/${u}/ { print $1 }'

#test to see if it was successful

if [[ `echo "$?"` == 0 ]]
 
  then echo "${u} is in the admin group"
  else echo "${u} is not in the admin group"
fi
done
exit 0

[ganbustein]

Quote: Originally Posted by dmacks Is your pipe even working? For me on 10.6, dseditgroup spews its output to STDERR whereas | only propagates STDOUT to the next command.

Yes. For me on 10.7, dseditgroup sends its output to stdout, for both the read and the checkmember operations. I tested that both of the scripts I posted work. (That is, the OP's script with quotes around "$group", and mine which pipes dseditgroup's stdout to /dev/null.)

Just for completeness, I tested under 10.6. dseditgroup -o read sends its output to stderr; dseditgroup -o checkmember sends a superfluous message to stdout. (Superfluous, in the sense that it merely rephrases the exit status.)