Add dseditgroup to temporary sudoers

Darkomen78 · Jun 25, 2021 · bb6c44c · bb6c44c
1 parent 3b33b0c
commit bb6c44c
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ Some stuff to facilitate enrollment, major system update and full erase for non-
 * [Packages](http://s.sudre.free.fr/Software/files/Packages.dmg) if you want to make custom installs or add pkg files in EraseMe. 
 
 ## Usage & Tips
-You can split these functions into different items for Munki. EraseMe must be an optional install for self-service or scoped on "wipeable" computer only. <br/>The IT folder can be relocated (change ITFOLDER variable in both post-install scripts), but beware of the folder access confidential limitation. <br/>__Warning ! Theses tools can easily destroy all data on your computer, please test them and understand how it's work before use.__
+You can split these functions into different items for Munki. EraseMe must be an optional install for self-service or scoped on "wipeable" computer only. <br/>The IT folder can be relocated (change ITFOLDER variable in both post-install scripts), but beware of the folder access confidential limitation. <br/>__Warning ! These tools can easily destroy all data on your computer, please test them and understand how it's work before use.__
 
 ## Packages content
 

diff --git a/Users/Shared/IT/enrollme/enrollme.sh b/Users/Shared/IT/enrollme/enrollme.sh
@@ -11,10 +11,10 @@ done
 macos_vers=$(sw_vers -productVersion | awk -F. '{ print $1; }')
 os_maj_vers=$(sw_vers -productVersion | awk -F. '{ print $2; }')
 os_min_vers=$(sw_vers -productVersion | awk -F. '{ print $3; }')
+USRSHORTNAME="$(ls -la /dev/console | awk '{print $3}')"
 
 function trigger_nag {
 
-
 	if [[ $macos_vers -ge 11 ]]
 	then
 		/usr/bin/profiles renew -type enrollment
@@ -29,14 +29,12 @@ function trigger_nag {
 	fi
 }
 
-
-
 if [[ $clear_previous_profiles -eq 1 ]]
 then
 	yes | /usr/bin/profiles -D
 fi
 
-dseditgroup -o checkmember -m "$SUDO_USER" admin
+dseditgroup -o checkmember -m $USRSHORTNAME admin
 if [[ $? -ne 0 ]]
 then
 	need_to_update_rights=1
@@ -46,7 +44,7 @@ fi
 
 if [[ $need_to_update_rights -eq 1 ]]
 then
-	dseditgroup -o edit -t user -a "$SUDO_USER" admin
+	sudo dseditgroup -o edit -t user -a $USRSHORTNAME admin
 fi
 
 if [[ -f /var/db/ConfigurationProfiles/.noActivationRecord ]]
@@ -66,9 +64,13 @@ then
 	trigger_nag
 fi
 
+sleep 90
+
 if [[ $need_to_update_rights -eq 1 ]]
 then
-	dseditgroup -o edit -t user -d "$SUDO_USER" admin
+	sudo dseditgroup -o edit -t user -d $USRSHORTNAME admin
 fi
 
+rm /etc/sudoers.d/com-github-darkomen78-enrollme-sudoers
+
 exit 0
diff --git a/etc/sudoers.d/com-github-darkomen78-enrollme-sudoers b/etc/sudoers.d/com-github-darkomen78-enrollme-sudoers
@@ -1 +1 @@
-%everyone ALL=(ALL) NOPASSWD: /Users/Shared/IT/enrollme/enrollme.sh
+%everyone ALL=(ALL) NOPASSWD: /Users/Shared/IT/enrollme/enrollme.sh,/usr/sbin/dseditgroup
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		%everyone ALL=(ALL) NOPASSWD: /Users/Shared/IT/enrollme/enrollme.sh
		%everyone ALL=(ALL) NOPASSWD: /Users/Shared/IT/enrollme/enrollme.sh,/usr/sbin/dseditgroup