[Casper] JSS user reporting user as admin dscl says no?

Miles Leacy miles.leacy at themacadmin.com
Wed Dec 10 13:06:26 PST 2008 

I don't know if I'm misunderstanding your message, but it sounds like you're
saying that membership in admin (80) is inherited by membership in staff
(20).
I don't believe that's the case.  All accounts are members of staff by
default.  Only admin users are members of admin.  An account can be a member
of staff but not be a member of admin.

The output is showing you the following:
uid=<the account's user ID> gid=<the account's "primary group ID", as seen
in Workgroup Manager, Groups tab> # What follows is a list of all of the
groups that the account in question belongs to, including the "primary
group".  This is why you see "staff" appear twice in the command's output.
 The first instance lets you know what the account's "primary group" is, and
it appears again when listing all groups that the account is a member of.

My apologies if I misunderstood your message.

----------
Miles A. Leacy IV

 Certified System Administrator 10.4
 Certified Technical Coordinator 10.5
 Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/10 Ryan Harter <rharter at uwsp.edu>

> _lpadmin is the CUPS account that correlates to the lpadmin command you
> find in the terminal.  I can't tell you why this account is showing up
> twice, but since it is a member for the staff group that should make it
> admin.  Our local amdinistrator account is uid=501(adm) gid=20(staff) ...
> AFAIK the user is not directly a member of the admin group, but staff is,
> so it's like embedded groups.
> *
> Ryan Harter*
> UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu
>
> On Dec 10, 2008, at 2:08 PM, Thomas Larkin wrote:
>
> everyone,
>
> So a user has a true flag under their account in the JSS for the inventory
> of that machine, I will just copy/paste an example, sorry if it doesn't
> format correctly.
>
> User in the JSS shows this:
> Username
> Real Name
> UID
> Home Directory
> Home Directory Size
> Admin
> File Vault Enabled
> Mia Green 22221 /Users/11miagre 5.28 GB true false
> 11miagre Mia Green 22221 /Users/11miagre 5.28 GB false false
> student KCK Student 505 /Local/Users/student N/A false false
>
> For some reason it shows the user name twice and on the top one it says
> True False, the First True being the admin flag
>
> Now, when I ssh into said client machine and do some digging I find this:
>
>  id 11miagre
> uid=22221(11miagre) gid=20(staff)
> groups=20(staff),98(_lpadmin),101(com.apple.sharepoint.group.1),104(com.apple.sharepoint.group.2),1042(allstudents),1053(washington_2011)
>
> GID 98 shows as _lpadmin what the heck is that?  Google says it configures
> the print system, so I must assume it is a daemon from the OS?
>
> Anyone else see this stuff?  Also dscl does not list this user under
> /Groups/admin either
>
> Thanks
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
>
>
>
>
>
> <ATT00001.txt>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/477d75cd/attachment.html

More information about the Casper mailing list