gregneagle · March 9, 2020 18:57
diff --git a/adminopen.sh b/adminopen.sh
 #!/bin/bash

 # This script is designed to be run as root, perhaps by a management tool
 # It takes one argument, a path to an app to be launched (or a name of an app,
 # if you don't mind LaunchServices deciding which if any app to launch)
 # 
 # If the current console user is not a member of the admin group, the user will
 # be added to to the group. The app will then be launched in the console user's
 # context.
 # When the app exits (or this script is killed via SIGINT), if we had promoted
 # the user to admin, we demote that user once again.
 #
 # Possible use: to open "Install macOS.app" with admin rights for the user so
 # they can use Apple's GUI tools to upgrade macOS

 export PATH=/usr/bin:/bin:/usr/sbin:/sbin

 function fail {
    echo "$@" 1>&2
    exit 1
 }

 function demote_user {
    # demote CONSOLEUSER from admin
    dseditgroup -o edit -d ${CONSOLEUSER} -t user admin
 }


 CONSOLEUSER=$(stat -f %Su /dev/console)
 if [ "${CONSOLEUSER}" == "root" ] ; then
    fail "Not going to do this as root!"
 fi

 USER_UID=$(id -u ${CONSOLEUSER})
 if [ $? -ne 0 ] ; then
    # failed to get UID, bail
    fail "Could not get UID for ${CONSOLEUSER}"
 fi

 APP=$1
 if [ "${APP}" == "" ] ; then
    # no application specified
    fail "Need to specify an application!"
 fi

 # check if CONSOLEUSER is admin
 dseditgroup -o checkmember -m ${CONSOLEUSER} admin > /dev/null
 if [ $? -ne 0 ] ; then
    # not currently admin, so promote to admin
    dseditgroup -o edit -a ${CONSOLEUSER} -t user admin
    # make sure we demote the user at the end or if we are interrupted
    trap demote_user EXIT SIGINT SIGTERM
 fi

 # launch $APP as $USER_UID and wait until it exits
 launchctl asuser ${USER_UID} open -W "${APP}"
	#!/bin/bash

	# This script is designed to be run as root, perhaps by a management tool
	# It takes one argument, a path to an app to be launched (or a name of an app,
	# if you don't mind LaunchServices deciding which if any app to launch)
	#
	# If the current console user is not a member of the admin group, the user will
	# be added to to the group. The app will then be launched in the console user's
	# context.
	# When the app exits (or this script is killed via SIGINT), if we had promoted
	# the user to admin, we demote that user once again.
	#
	# Possible use: to open "Install macOS.app" with admin rights for the user so
	# they can use Apple's GUI tools to upgrade macOS

	export PATH=/usr/bin:/bin:/usr/sbin:/sbin

	function fail {
	echo "$@" 1>&2
	exit 1
	}

	function demote_user {
	# demote CONSOLEUSER from admin
	dseditgroup -o edit -d ${CONSOLEUSER} -t user admin
	}


	CONSOLEUSER=$(stat -f %Su /dev/console)
	if [ "${CONSOLEUSER}" == "root" ] ; then
	fail "Not going to do this as root!"
	fi

	USER_UID=$(id -u ${CONSOLEUSER})
	if [ $? -ne 0 ] ; then
	# failed to get UID, bail
	fail "Could not get UID for ${CONSOLEUSER}"
	fi

	APP=$1
	if [ "${APP}" == "" ] ; then
	# no application specified
	fail "Need to specify an application!"
	fi

	# check if CONSOLEUSER is admin
	dseditgroup -o checkmember -m ${CONSOLEUSER} admin > /dev/null
	if [ $? -ne 0 ] ; then
	# not currently admin, so promote to admin
	dseditgroup -o edit -a ${CONSOLEUSER} -t user admin
	# make sure we demote the user at the end or if we are interrupted
	trap demote_user EXIT SIGINT SIGTERM
	fi

	# launch $APP as $USER_UID and wait until it exits
	launchctl asuser ${USER_UID} open -W "${APP}"