Allow azwdevice and admin as filevault users
This commit is contained in:
T. R. Bernstein
@@ -18,8 +18,8 @@ function main {
|
|||||||
|
|
||||||
function allowOnlyFilevaultUserToUnlock() {
|
function allowOnlyFilevaultUserToUnlock() {
|
||||||
local fdeuser
|
local fdeuser
|
||||||
for fdeuser in ${(f)"$(fdesetup list | cut -d',' -f1)"}; do
|
for fdeuser in $(fdesetup list | cut -d',' -f1); do
|
||||||
[[ ${fdeuser} != ${username} ]] && fdesetup remove -user "${fdeuser}"
|
[[ ${fdeuser} != ${username} && ${fdeuser} != "admin" ]] && fdesetup remove -user "${fdeuser}"
|
||||||
done
|
done
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@@ -16,7 +16,7 @@ function createLaunchDaemon() {
|
|||||||
<key>ProgramArguments</key>
|
<key>ProgramArguments</key>
|
||||||
<array>
|
<array>
|
||||||
<string>/usr/local/bin/azw</string>
|
<string>/usr/local/bin/azw</string>
|
||||||
<string>ensure-single-fv-user</string>
|
<string>set-filevault-users</string>
|
||||||
<string>${filevault_username}</string>
|
<string>${filevault_username}</string>
|
||||||
</array>
|
</array>
|
||||||
<key>OnDemand</key>
|
<key>OnDemand</key>
|
||||||
@@ -36,7 +36,7 @@ function enableLaunchDaemon() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function createLaunchdService() {
|
function createLaunchdService() {
|
||||||
local serviceName='de.astzweig.macos.launchdaemons.ensure-single-filevault-user'
|
local serviceName='de.astzweig.macos.launchdaemons.set-filevault-users'
|
||||||
local launchDaemonPath="/Library/LaunchDaemons/${serviceName}.plist"
|
local launchDaemonPath="/Library/LaunchDaemons/${serviceName}.plist"
|
||||||
[[ -f ${launchDaemonPath} ]] || indicateActivity -- 'Create Launch Daemon' createLaunchDaemon
|
[[ -f ${launchDaemonPath} ]] || indicateActivity -- 'Create Launch Daemon' createLaunchDaemon
|
||||||
indicateActivity -- 'Enable Launch Daemon' enableLaunchDaemon
|
indicateActivity -- 'Enable Launch Daemon' enableLaunchDaemon
|
||||||
Reference in New Issue
Block a user