spacebar/macos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow azwdevice and admin as filevault users

Browse Source
This commit is contained in:
T. R. Bernstein
2025-08-31 20:23:39 +02:00
parent 2f80bcb7ff
commit ece6a9b3b2
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
bin/azw-set-filevault-users Executable file
View File

@@ -0,0 +1,40 @@
#!/usr/bin/env zsh
# vi: set ft=zsh tw=80 ts=2
function main {
local username="$1"
function doesFilevaultUserExist() {
dscl . -list /Users | grep ${username} >&! /dev/null
}
function isFilevaultUserEnabled() {
fdesetup list | grep ${username} &> /dev/null
}
function isFilevaultEnabled() {
fdesetup status | grep On &> /dev/null
}
function allowOnlyFilevaultUserToUnlock() {
local fdeuser
for fdeuser in $(fdesetup list | cut -d',' -f1); do
[[ ${fdeuser} != ${username} && ${fdeuser} != "admin" ]] && fdesetup remove -user "${fdeuser}"
done
return 0
}
function disableUser() {
pwpolicy -u ${username} -disableuser
}
[[ $(id -un) == 'root' ]] || { lop -- -e 'This script needs to be run by root. Aborting.'; return }
isFilevaultEnabled || { lop -- -e 'FileVault is disabled. Aborting.'; return }
doesFilevaultUserExist && isFilevaultUserEnabled && allowOnlyFilevaultUserToUnlock && disableUser
}
if [[ "${ZSH_EVAL_CONTEXT}" == toplevel || "${ZSH_EVAL_CONTEXT}" == cmdarg ]]; then
_DIR="${0:A:h}"
source autoload-zshlib
main "$@"
fi