Efficient wipe of information off a specific user

smithdr
New Contributor III

Hi All,

I'm working on a script to remove content from the documents, downloads, desktop, and trash from a specific user. We have training laptops that we would like to refresh periodically. The first draft of my script is well intentioned, but it doesn't work because of two reasons:

  1. Script obviously runs as root, so the 'id -un' portion breaks right away.
  2. Even if I were to collect the correct username, the previous tech contractors at the company named the user home folders something different then the account name.

Here's what my script is currently comprised of:

#!/bin/sh
#
#
#
user=`id -un`

rm -rfv /Users/$user/Documents/*
rm -rfv /Users/$user/Downloads/*
rm -rfv /Users/$user/Desktop/*
rm -rfv /Users/$user/.Trash/*

exit 0

Does anyone else have the same use case I do or know a better route for what I'm trying to do?

Thanks for the help as always.

7 REPLIES 7

canopimp
New Contributor III

You could use logged in user variable $3 if you are running this with JAMF. Or you could use this more approved way as posted by @bentoms

#!/bin/sh

loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`

rm -rfv /Users/$loggedInUse/Documents/*
rm -rfv /Users/$loggedInUse/Downloads/*
rm -rfv /Users/$loggedInUse/Desktop/*
rm -rfv /Users/$loggedInUse/.Trash/*

exit 0

michael-brodt
New Contributor III

Just out of curiosity, is there any reason you can't just delete the whole user folder? Assuming there is nothing special about that user (that isn't managed via a profile), it should just re-create itself when you log in the next time...

smithdr
New Contributor III

@canopimp you're a hero. I'm going to give that a shot and see how it works.

@michael-brodt I was thinking about doing that initially, but I didnt want to have to reload the bookmarks preferences and dock item locations every time. I'm sure I could utilize the User template now that we're talking about it.

mm2270
Legendary Contributor III

I agree with @michael-brodt. You might be better served simply blowing away the home directory and leaving the user record in local directory services. That is, assuming you know the home folder name. Regarding that and what you posted, all local and AD cached mobile accounts have an attribute in their dscl record that shows what the home folder path is for the account, so even if the home folder name and the username don't match, as long as you know or can obtain the username, you can get the home path

homeDir=$(dscl . read /Users/$someuser NFSHomeDirectory | awk -F': ' '{print $NF}')

smithdr
New Contributor III

@mm2270 Thanks for the homeDir script. I can run that and it works when I manually type in the user folder name, but I'm receiving a "dsRecTypeStandard:Users" response when I attached it with a $lastUser variable.

Updated script test looks like this:

#!/bin/sh

lastUser= ls -l /dev/console | cut -d " " -f4

homeDir=$(dscl . read /Users/$lastUser NFSHomeDirectory | awk -F': ' '{print $NF}')

echo $homeDir

exit 0

mm2270
Legendary Contributor III

Because your command lastUser= ls -l /dev/console | cut -d " " -f4 is not a variable. You need to wrap it in $() syntax, like this:

lastUser=$(ls -l /dev/console | cut -d " " -f4)

But just a suggestion. You should consider using something else to capture the logged in user. You can get the current user with either the one posted above that uses python, or stat -f%Su /dev/console These are both a bit more reliable than the code above.

michael-brodt
New Contributor III

An easier method for re-deploying those settings would be to deploy them as profiles at login. Bookmarks and the Dock are managed via plists. You can set them as you would like, then copy the corresponding plists and import them in to JAMF as a Custom Settings Profile. It is actually the recommended way now, rather than messing with the user template, and it makes it easier than scripting the removal of targeted information from the User's folder. Just script the folder deletion, and then target the profiles to the device, with a limitation to that particular user.

Actually, this now poses an interesting thought experiment... I wonder if it is possible to target the Guest User login... that could potentially solve your problem in an even easier fashion, as the Guest account is essentially a temporary account. If profiles can be targeted to it, you can have the user log in as a Guest, and it will just clean itself up when they log out. I don't know if that will work in your particular scenario, but the thought just occurred to me.