UNIX command required to elevate end user Admin privs on  mac

Similar Messages

• End user control panel for Mac OS X server

  I have searched and searched, then I read and read. It has been 4 days now and I have found no answer to my question. Is there an end-user control panel for the OSX server? I host many sites and I am trying to set up a server then swich over to it.
  I would like to offer my customers a control panel so they can look at logs, add e-mail addresses, access an overview of the domains they have on the server, access (or add) folders to the webspace and set up FTP access to those folders.
  I can admin the server just fine. The customers will not be able to do these things with the tools provided. I have looked a cPanel, plesk, webmin, etc. etc. There is just no straight answer if these products will work on my software. Does any one here have an answer or possibly provide a link?
  MacBookPro, macMini, iMac, Xserve, macBook   Mac OS X (10.4.8)  

  How about iTools from Tenon ? As far as I read in their documentation, they offer the ability to get a web-based end user control panel for your users (see their manual at http://www.tenon.com/products/itools-osx/iTools8Manual.pdf page 83 and further).
  The product website is at http://www.tenon.com/products/itools-osx/
  I can't say much about their software, I just shortly considered them as a replacement of SA and WGM, but it may what you look for.

• End User Requirement

  Hi,
  I tried to find out this requirement of my end user, can you suggest me.
  Requirement-
  Through project system in single or multiple report or transaction
  1) Total value of the PO including duties & taxes
  2) Total qty recd & balance to deliver
  3) Vendor name (though the field is there, the name is not displayed)
  Rgds,
  Nitish

  Dear Sir
  Thanks a lot for your immediate reply.
  I need your help to config all this fields as they are already their in T_CODE: ME2J and ME5J.
  Rgds,
  Nitish

• AppleScripting unix commands appears to break in ARD 3.5.

  AppleScripts that involve drawing information using the "execute" unix command task appear to be broken in Apple Remote Desktop 3.5.x. Attempting to execute the command results in a "variable not defined" error.
  tell application "Remote Desktop"
            set sel to the selection
            repeat with s in sel
                      set ux to make new send unix command task with properties {script:"users", showing output:false, user:"root"}
                      set myUx to execute ux on s
                      return myUx
            end repeat
  end tell
  Result:
  error "The variable myUx is not defined." number -2753 from "myUx"
  This might be related to the previously reported issue involving reports, as documented here, because downgrading to ARD 3.4 seems to fix the issue. The instuctions for effectively downgrading as written by the user cathy fasano worked for me. However, this is only a workaround that forces you to use a version of ARD that may or may not work with Lion clients or on Lion systems.
  Under ARD 3.4, the script returns something similar to
  {status:"Succeeded on all", computerStatuses:{{|id|:"(computer ID number)", results:"(username)", output:"(username)", address:"(ip address)"}}}
  Is anyone else suffering?

  It appears the new 3.5.1 update, which claims to fix reporting, does not address this issue.

• Unix security and privacy setting unix command via apple remote desktop

  Could someone guide me on the unix command to set System Preferemces Security & Privacy to xx minutes [see screenshot please] via Apple Remote Desktop.
  https://dl.dropbox.com/u/5485939/osx_screenshots/sys%20pref%20security%20privacy .png
  Thank you,

  Pereference tend to be stored for the computer as a whole
  /Library/Preferences/
  or specifcally for the user
  /Users/USERNAME/Library/Preferences/
  well when I set required password for XX minutes... I see that
  /Users/USERNAME/Library/Preferences/com.apple.screensaver.plist modfication date & time changes to the current time & date... hMMM maybe the setting we want is stored here? Can we test this?
  If I check require password and then do the terminal command:
  defaults read ~/Library/Preferences/com.apple.screensaver
  I see
      askForPassword = 1;
      askForPasswordDelay = 0;
      tokenRemovalAction = 0;
  turn it off
  run the terminal command;
  defaults read ~/Library/Preferences/com.apple.screensaver
  I see:
      askForPassword = 0;
      askForPasswordDelay = 0;
      tokenRemovalAction = 0;
  so I can turn it on with
  defaults write ~/Library/Preferences/com.apple.screensaver askForPassword -bool TRUE
  and I can turn it off with
  defaults write ~/Library/Preferences/com.apple.screensaver askForPassword -bool FALSE
  So if a user is logged into a computer. I could send unix command as current console user.
  defaults write ~/Library/Preferences/com.apple.screensaver askForPassword -bool TRUE
  BUT what if the user is logged out? or there are more then one user on the computer?
  then I could run unix command as user root and send
  defaults write /Users/USERNAME/Library/Preferences/com.apple.screensaver askForPassword -bool TRUE
  (replace USERNAME with the user's short name.)
  but what if I don't know the user name? or names
  send unix command as root
  ls -al /Users/
  get back a list of folders
  bob
  surely
  shares
  and then do
  send unix command as root
  defaults write /Users/bob/Library/Preferences/com.apple.screensaver askForPassword -bool TRUE
  defaults write /Users/surely/Library/Preferences/com.apple.screensaver askForPassword -bool TRUE
  you could also do some thing like
  defaults write ~/Library/Preferences/com.apple.screensaver askForPasswordDelay -integer 5
  if you want to change the period of time to lock to 5 seconds
  or
  defaults write ~/Library/Preferences/com.apple.screensaver askForPasswordDelay -integer 900
  (900 seconds  / 60 seconds = 15 minutes)

• Email notification to end-user only when both resources are provisioned

  Hello Gurus,
  My client has a requirement where the end-user needs to be sent an email notification as soon as his account gets created in OID and EBS.
  So the next time when the user logs in; he should be able to access both his accounts. But the email should be sent only when the 2 accounts are succesfully created.
  How can we do that by means of process tasks and adapters?
  Can anybody give an idea about how can we provide this functionality in the best way OOTB or custom way (code snippet) ?
  Thanks,
  - JHB.

  Hi
  If you are using OOTB connectors for OID and EBS then this requirement can be achieved by using OIM API.
  On successful response of 'Create user' in OID or EBS call a custom adapter and check for the provisioned status of other RO i.e. on completion of Create User task of OID, check for prov status of EBS and send the mail accordingly.
  If the user is not provisioned to the other resource, then do not send the mail. Otherwise if the user is already provisioned to the other resource, send the mail to the user. This approach is based on the assumption that there is no link between the provisioning to OID and provisioning to EBS.
  Correct me if I missed something.
  Hope this helps.

• What role is required to 'nominate' a user using BPM API's?

  I see an exception while nominating a user using SAP API's. Log as below:
  Caused by: com.sap.bpem.tm.exception.InvalidAuthorizationException: User Test1 is not allowed to perform action NOMINATE on task 3v67h898881811e4bae5000000ddc0f1
  Nominate works fine if the user is assigned "Administrator" role. Is there an alternative role which can be assigned as we cannot give end user admin access.
  Thanks in advance
  Regards
  Vidya

  There is a standard user 'SAP_BPM_Service'. You can assign the 'SAP_BPM_SuperAdmin' role to perform all possible actions related to BPM.
  what you are trying to do is nominate a user for a particular task For this, you will have to assign roles to the person who is currently logged-in. So standard user does not come into picture.
  Refer this link for details of Task Delegation.
  Refer this link for all possible roles and authorizations related to BPM processes and tasks.
  API or no API, assign 'SAP_BPM_SuperAdmin' to the user.

• Help with 2 UNIX Commands using ARD

  Hello All,
  Can someone help me with 2 UNIX commands I would like to set up? The first one... how to delete a range of users within /Users by date (i.e. the oldest user who last logged in "Mar 22 09:40 00796216" to "Mar 25 17:01 01036773"). Currently, I'm using "sudo rm -r " followed by each home directory name separated by a space. It works but to save time, it would be nice to do this all within 1 UNIX command.
  Second, is there a UNIX command where I can delete a range of users by ID numbers? (We have users assigned with an 8 digit ID number. Is there a UNIX command where I can delete users from 12345678 to 23456781?) Again, I'm using "sudo rm -r " followed by each home directory name separated by a space.
  Thank you in advance!
  Mike

  This happens with or without SIM card, with and without wifi... with and without SD card as well-- even bought a new 32GB class 10 SanDisk-- but it still crashed.
  Just an update: Went to the Nokia Care Center yesterday, they reflashed the firmware and I got back the phone within the day... when I went back home to try the phone again... again it kept hanging... in a period of 5 minutes, I had 5 hangs... right from startup, went straight to the cam, took some pics then pinched zoom... and phone simply crashed-- had no SD car, no sim card then.
  So today I went back to Nokia Care Center... they said they will do some more tests and see... but they insist its a software problem, we'll see in a day or 2.

• How to allow multiple users login to a MAC PRO without interruption?

  I have a mac pro, which runs Yosemite, (2013 module) to be used as a server. However, I have difficult to let multiple users to use the mac simultaneously.
  Objective:
      One person uses the mac directly on his desktop, while the others to login remotely though VNC from PC (win 7/Linux).
      The users have their own workspace, and they will not interrupt each other.
  What I tried:
      I created two mange accounts on the MAC.
      Account 1 was used to directly login on the mac desktop.
      Account 2 was used to login to the mac from a PC though VNC. (I also tried this from a Centos workstation with the Tiger VNC viewer)
  Problem:
  When account 2 is login, the location monitor will automatically change to that account as well. Both accounts shared exactly the same screen, mouse & keyboard actions. It is impossible to let multiple users to use the MAC pro simultaneously without interruptions.
  If I use "hdiutil attach" to mount a dmg file though SSH with account 2, the folder will automatically show in the local desktop login with account 1.
  Question:
  I read something about the "Per-user screen sharing". It says, "You can remotely log into a Mac with any user account on that computer and control it, without interrupting someone else who might be using the computer under a different login." Is it possible to do this from a PC or Linux client?
  If the problem is simply due to the poor functionality of the build-in VNC service in Yosemite, I appreciate your help to suggest some other decent VNC server for Yosemite. I know the Vine Server (OSXvnc), but I failed to install it on the mac because it is incompatible with the Yosemite.
  Does the SSH is supposed to work in this way in OSX? I mean the local account can see the folder mounted by another account though SSH.
  If any specific version of Yosemite is required to allow multiple users to access a mac simultaneously? Just as the win 7 professional allow only one user to login in at each time. But with the remote desktop server of windows, multiple users are able to use the same computer at the same time without any problem.
  If you familiar with any of the above questions, please help. Any comments and suggestions are appreciated.
  I know the best way to get the solution is to direct call the apple support. However, it is really not easy to call them. Because it always results with long waiting time and then the people pick up the phone will transfer my call to an expert who will make me to describe the problem again.
  Since I'm not interested in the technique details of all the problems, it is also grateful if you would provide a direct instruction to let me setup the computer for the purpose.
  Thanks you very much for your kindly help.

  I cannot help with the screen sharing, although I have just tried it with a RealVNC client on an iPad and it seemed to work OK.
  However on the disk showing on all users desk tops have you unchecked the "ignore ownership on this volume" check box? You can check the drives permissions with CMD i command.

• Sharing two iTunes Libraries for different user accounts on one Mac

  How can I upload or share my wife's iTunes library? She is listed as a different end user on the same Mac as I use but we have different libraries. If I sync my iphone to her account, will it erase my existing applications and downloaded songs? Also, she only uses the iTouch. And yes, I have a mobile me account if that matters. (The $99 package)

  See if this support article provides what you need: iTunes: How to share music between different accounts on a single computer, http://support.apple.com/kb/HT1203

• Send a Unix command through ARD that will change a OS X admin user to a standard user.

  I would love to send a Unix command through ARD that will change a OS X admin user to a standard user. The only thing I found close is
  sudo dscl . -delete /Groups/admin GroupMembership USERNAME
  which does remove the user from the list of admins, but they are still listed as an admin in the user preference panel, and can still use their account to authenticate for admin privileges.

  I'm not having any problems adding or removing users from the 'admin' group by using the syntax's
  dscl . -delete /Groups/admin GroupMembership ARDusername
  or
  dscl . -append /Groups/admin GroupMembership ARDusername
  What I'm saying is if a user is ticked as an Adminstrator in System Preferences and I run the
  dscl . -delete /Groups/admin GroupMembership ARDusername syntax and remove them from the 'admin' GroupMembership they still have the Administrator box ticked in System Prefs and can administer the machine.
  By the way the '/' doesn't work in the syntax in ARD.
  Thanks

• DPM 2012 still requires put end users into local admin groups for the purpose of end user data recovery?

  On client computers that are protected by DPM 2010 and prior versions, you had to put the end users account in the local administrators group. If you did not add the end user account to the local administrators group you would get this error after opening
  the recovery tab in the DPM client: “DPM found no recovery points which you are authorized to restore on the specified DPM server. You can restore only those recovery points for which you were an administrator at the time the
  backup was taken. To restore other recovery points, contact your DPM administrator, or attempt to restore from another DPM.”  This is not ideal on many networks because the end users are not allowed to have local administrator access.
  Ths fix to this was included in hotfix 2465832 found here: http://support.microsoft.com/kb/2465832.
  This hotfix (a hotfix rollup package for DPM 2010) resolves other issues with DPM 2010 as well. You can find the full list of what this hotfix corrects on that link.
  One would think this issue should have been resolved in DPM 2012, however I am encountering the same exact issue, had to include end-users into the workstation local admin group before they can search for recovery points on the DPM server. This is not acceptable
  practice.
  Is there a new hotfix for the same issue on DPM 2012? I am hesitated to apply KB2465832 since it also includes many other fixes for DPM 2010, which may not appicable for version 2012.
  Please help.
  Thanks,

  This is a hands off solution to allow all users that use a machine to be able to restore their own files.
  1) Make these two cmd files and save them in c:\temp
  2) Using windows scheduler – schedule addperms.cmd to run daily – any new users that log onto the machine will automatically be able to restore their own files.
  <addperms.cmd>
  Cmd.exe /v /c c:\temp\addreg.cmd
  <addreg.cmd>
  set users=
  echo Windows Registry Editor Version 5.00>c:\temp\perms.reg
  echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection]>>c:\temp\perms.reg
  FOR /F "Tokens=*" %%n IN ('dir c:\users\*. /b') do set users=!users!%Userdomain%\\%%n,
  echo "ClientOwners"=^"%users%%Userdomain%\\bogususer^">>c:\temp\perms.reg
  REG IMPORT c:\temp\perms.reg
  Del c:\temp\perms.reg
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This
  posting is provided "AS IS" with no warranties, and confers no rights.
  That's a good one! Thanks for that.
  I've been scripting on KIX for some time, so here is mine, hope it helps to someone... (it's probably not the best, but it works)
  ========================================================================
  $RC=setoption("WOW64AlternateRegView","on") 
  $DPMkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection"
  $uservariable = "%userdomain%\%username%"
  If KeyExist ($DPMkey)
  $Userstring=ReadValue($DPMkey, "ClientOwners")
  If $Userstring == ""
  WriteValue($DPMkey,"ClientOwners", $uservariable, "REG_MULTI_SZ")
  ? "Key created"
  else
  If not instr($Userstring,$uservariable)
  $Userstring = "$Userstring,$uservariable"
  WriteValue($DPMkey,"ClientOwners", $Userstring, "REG_MULTI_SZ")
  EndIf
  Endif
  EndIf
  ==========================================================================
  The problem actually is that you still need to use an admin account to write on the registry, so ensure you configure it properly on the schedule task.
  In case you use a service account on the schedule task... the "$uservariable" will get populated with that account. As a work around to this... I changed it for the following line:
  =========================================================
  $uservariable = ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI", "LastLoggedOnSAMUser")
  =========================================================
  The only problem with that, is that key gets created/updated only if user gets logged phisically on that PC, but will not work for anyone connecting through RDP.

• Command line for end users

  Hy guys, in order to run the command line below:
  C:\Program Files\Microsoft SQL Server\100\DTS\Binn\DTEXEC.EXE /F
  "G:\SHAREDFOLDER\PIPPO.DTSX"
  Does the user need to have BIDS installed in the local machine?
  My goal is to allow end user to run packages saved in the network shared folders.
  Many Thanks

  Hi DIEGOCTN,
  The SQL Server Data Tools option installs the Integration Services components required to design a package, but the Integration Services service is not installed and you cannot run packages outside of Business Intelligence Development Studio. If we just
  want to run packages outside the design environment, we needn’t install Business Intelligence Development Studio, but we must select Integration Services on the Feature Selection page to install Integration Services.
  The following two articles for your references:
  http://msdn.microsoft.com/en-us/library/ms143731.aspx
  http://stackoverflow.com/questions/14551255/how-do-i-enable-integration-services-ssis-in-sql-server-2008
  If there are any other questions, please feel free to ask.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• Unix command to require password to wake computer from sleep or screensaver

  Yo folks,
  Just as the subject says, is there a Unix command we can send that turns on the option to require password when the computer wakes from sleep or screensaver...which is the first option in System Preferences --> Security?
  I looked through the systemsetup commands and didn't find anything.
  Thanks!

  Run the following AppleScript:
  set items_1 to items -18 thru -2 of (do shell script "ifconfig en0 ether")
  set items_2 to ""
  repeat with this_item in items_1
  if this_item is greater than ":" then
  set items_2 to items_2 & this_item
  end if
  end repeat
  set the_path to "defaults read ByHost/com.apple.screensaver." & items_2
  set old_string to do shell script the_path
  set new_string to (items 1 thru 6 of old_string) & "askForPassword = 1;" & (items 27 thru -1 of old_string) as string
  do shell script "defaults write ByHost/com.apple.screensaver." & items_2 & " '" & new_string & "'"
  The necessary plist key is part of an array, and is in a file which has the computer's Ethernet address in its file name, so the script needs to handle both tasks. This change will not show up in the GUI until the account logs out and back in.
  (24015)

• Umask is wrong running unix command as current console user?

  ARD3.1 Admin on intel mac, Clients all v 3.1 PPCs
  If I ssh to a remote machine or use ARD Unix command as the logged-in console user joeuser and enter 'touch /myfile' the permissions are
  -rw-r--r-- 1 joeuser admin 0 Apr 27 10:40 myfile
  but if i am directly on the machine and do it the result is
  -rw-rw-r-- 1 joeuser admin 0 Apr 27 10:42 myfile
  Is this expected behavior? How about the group membership? If I execute the same commands in ~/ the results are:
  -rw-r--r-- 1 joeuser av 0 Apr 27 10:40 myfile
  and again when i am directly on the machine and do it the result is
  -rw-rw-r-- 1 joeuser av 0 Apr 27 10:42 myfile
  where av is the group as defined in netinfo.
  the NSUmask value in /Library/Preferences/.GlobalPreferences.plist was set to integer 2 in all cases on the client machines.
  I'm new to this board, so my apologies if this question belongs in a different one.

  Please discard the above msg i got a solution by just adding file.delete
  thanx