jlehikoinen · May 6, 2017 05:59
diff --git a/remove_admin_rights.py b/remove_admin_rights.py
 #!/usr/bin/python

 """
 # Beef:

 /usr/bin/dscl -plist . -read /Groups/admin GroupMembership
 /usr/sbin/dseditgroup -o edit -d <shortname> -t user admin
 """

 """
 # Plist example:

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
    <key>dsAttrTypeStandard:GroupMembership</key>
    <array>
        <string>root</string>
        <string>ladmin</string>
        <string>admin_noob</string>
    </array>
 </dict>
 </plist>
 """

 import os
 import sys
 import plistlib
 import subprocess

 ###

 TR00_ADMINS = ['root', 'ladmin']
 current_admins = []

 ###

 if os.getuid() != 0:
    sys.exit('Run this script as root. Exiting.')

 cmd = ['/usr/bin/dscl', '-plist', '.', 'read', '/Groups/admin', 'GroupMembership']
 plist = subprocess.check_output(cmd)
 # print plist

 try:
    root_object = plistlib.readPlistFromString(plist)
 except KeyError:
    print 'Could not read plist'

 # Get admins
 if root_object['dsAttrTypeStandard:GroupMembership']:
    current_admins = root_object['dsAttrTypeStandard:GroupMembership']
    # for admin in current_admins:
    #	print admin
    super_admins_set = set(TR00_ADMINS)
    admins_to_be_removed = [admin for admin in current_admins if admin not in super_admins_set]
    # print admins_to_be_removed
 else:
    sys.exit('GroupMembership key not found')

 if current_admins:
    if admins_to_be_removed:
        for unfortunate_admin in admins_to_be_removed:
            print '%s back to being average Joe/Jane' % unfortunate_admin
            cmd2 = ['/usr/sbin/dseditgroup', '-o', 'edit', '-d', unfortunate_admin, '-t', 'user', 'admin']
            # sysadminctl or dscl to delete user
            # temp_var = '/Users/' + unfortunate_admin
            # cmd2 = ['dscl', '.', 'read', temp_var, 'RealName']
            task = subprocess.Popen(cmd2, stdout=subprocess.PIPE)
            # print task.communicate()[0]
    else:
        print 'Everybody gets to be tr00 admin!'
 else:
    print 'No admins?'
	#!/usr/bin/python

	"""
	# Beef:

	/usr/bin/dscl -plist . -read /Groups/admin GroupMembership
	/usr/sbin/dseditgroup -o edit -d <shortname> -t user admin
	"""

	"""
	# Plist example:

	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>dsAttrTypeStandard:GroupMembership</key>
	<array>
	<string>root</string>
	<string>ladmin</string>
	<string>admin_noob</string>
	</array>
	</dict>
	</plist>
	"""

	import os
	import sys
	import plistlib
	import subprocess

	###

	TR00_ADMINS = ['root', 'ladmin']
	current_admins = []

	###

	if os.getuid() != 0:
	sys.exit('Run this script as root. Exiting.')

	cmd = ['/usr/bin/dscl', '-plist', '.', 'read', '/Groups/admin', 'GroupMembership']
	plist = subprocess.check_output(cmd)
	# print plist

	try:
	root_object = plistlib.readPlistFromString(plist)
	except KeyError:
	print 'Could not read plist'

	# Get admins
	if root_object['dsAttrTypeStandard:GroupMembership']:
	current_admins = root_object['dsAttrTypeStandard:GroupMembership']
	# for admin in current_admins:
	# print admin
	super_admins_set = set(TR00_ADMINS)
	admins_to_be_removed = [admin for admin in current_admins if admin not in super_admins_set]
	# print admins_to_be_removed
	else:
	sys.exit('GroupMembership key not found')

	if current_admins:
	if admins_to_be_removed:
	for unfortunate_admin in admins_to_be_removed:
	print '%s back to being average Joe/Jane' % unfortunate_admin
	cmd2 = ['/usr/sbin/dseditgroup', '-o', 'edit', '-d', unfortunate_admin, '-t', 'user', 'admin']
	# sysadminctl or dscl to delete user
	# temp_var = '/Users/' + unfortunate_admin
	# cmd2 = ['dscl', '.', 'read', temp_var, 'RealName']
	task = subprocess.Popen(cmd2, stdout=subprocess.PIPE)
	# print task.communicate()[0]
	else:
	print 'Everybody gets to be tr00 admin!'
	else:
	print 'No admins?'