From 5d5426dba1c7986af509c4f981dc2d77d987a2e5 Mon Sep 17 00:00:00 2001 From: Graham Pugh Date: Tue, 23 Nov 2021 09:30:27 +0100 Subject: [PATCH] Fix for #166 --- CHANGELOG.md | 15 ++++++++------- erase-install.sh | 33 ++++++++++++++++----------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ae5cb5..4a7784c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,15 +6,16 @@ No date ## [25.0] -No date +23.11.2021 -- Determine free space better by checking free and purgeable space (partial fix for #152; thanks to Pico in MacAdmins Slack). -- Use exit traps to clean up after all abnormal exits (fixes #140, #141; thanks to @ryangball). -- Add `-nobrowse` to `hdiutil` to prevent mounted images appearing on the deaktop (thanks to @ryangball). -- Allow 5 password attempts (fixes #159). -- Add dialog to show how much time is left in the power check (#144; thanks to @dan-snelson). +- Determines free space better by checking free and purgeable space (partial fix for #152; thanks to Pico in MacAdmins Slack). +- Uses exit traps to clean up after all abnormal exits (fixes #140, #141; thanks to @ryangball). +- Adds `-nobrowse` to `hdiutil` to prevent mounted images appearing on the desktop (thanks to @ryangball). +- Allows 5 password attempts (fixes #159). +- Adds dialog to show how much time is left in the power check (#144; thanks to @dan-snelson). - Some dialog changes, to replace the word "reinstall", which some people have found confusing, with "install" (addresses #149). -- Change log location to the `$workdir` so that it persists after an upgrade, and also so it is wiped if using the `--cleanup-after-use` option (fixes #161). +- Changed log location to the `$workdir` so that it persists after an upgrade, and also so it is wiped if using the `--cleanup-after-use` option (fixes #161). +- Remove check for membership of `staff` group for Apple Silicon Macs, since Volume Ownership is already checked it's not necessary, and was preventing non-admin AD users from proceeding (fixes #166). ## [24.1] diff --git a/erase-install.sh b/erase-install.sh index fd4ce61..849ad47 100755 --- a/erase-install.sh +++ b/erase-install.sh @@ -896,27 +896,13 @@ get_user_details() { fi fi - # check that this user exists and is in the staff group (so not some system user) - if ! /usr/sbin/dseditgroup -o checkmember -m "$account_shortname" staff ; then - echo " [get_user_details] $account_shortname account cannot be used to perform reinstallation!" + # check that this user exists + if ! /usr/sbin/dseditgroup -o checkmember -m "$account_shortname" everyone ; then + echo " [get_user_details] $account_shortname account cannot be found!" user_invalid exit 1 fi - # if we are performing eraseinstall the user needs to be an admin so let's promote the user - if [[ $erase == "yes" ]]; then - if ! /usr/sbin/dseditgroup -o checkmember -m "$account_shortname" admin ; then - if /usr/sbin/dseditgroup -o edit -a "$account_shortname" admin ; then - echo " [get_user_details] $account_shortname account has been promoted to admin so that eraseinstall can proceed" - promoted_user="$account_shortname" - else - echo " [get_user_details] $account_shortname account could not be promoted to admin so eraseinstall cannot proceed" - user_invalid - exit 1 - fi - fi - fi - # check that the user is a Volume Owner user_is_volume_owner=0 users=$(/usr/sbin/diskutil apfs listUsers /) @@ -957,6 +943,19 @@ get_user_details() { fi done + # if we are performing eraseinstall the user needs to be an admin so let's promote the user + if [[ $erase == "yes" ]]; then + if ! /usr/sbin/dseditgroup -o checkmember -m "$account_shortname" admin ; then + if /usr/sbin/dseditgroup -o edit -a "$account_shortname" admin ; then + echo " [get_user_details] $account_shortname account has been promoted to admin so that eraseinstall can proceed" + promoted_user="$account_shortname" + else + echo " [get_user_details] $account_shortname account could not be promoted to admin so eraseinstall cannot proceed" + user_invalid + exit 1 + fi + fi + fi } kill_process() {