Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. If you like what you see, join us in person at the ninth annual Jamf Nation User Conference (JNUC) this October for three days of learning, laughter and IT love.

Delete folder contents on logout/login - variable user

Hello,

Long story short, I'm trying to create a Self Service policy that will "opt" the computer in to a policy that will wipe the specified user data upon logout/logon. Here is how I've been going about it.

  1. Create an Automator app called "EmptyFolders-optin.app". Self Service installs this to /Applications/Utilities. The app does nothing except act as a scoping mechanism.
  2. Create a second Automator app that asks the technician for a home folder name, then writes that name to a hidden text file located at /Users/Shared/.Config/HomeFolderName.txt. This app is also installed as part of the Self Service policy, and auto-launches after install.
  3. Create a script that grabs the home folder name from the hidden text file, then deletes the contents of the folders within that home folder:
#!/bin/sh

var=$( cat /Users/Shared/.Config/HomeFolderName.txt)

rm -Rf /Users/$var/Applications/* /Users/$var/Desktop/* /Users/$var/Documents/* /Users/$var/Downloads/* /Users/$var/Movies/* /Users/$var/Music/* /Users/$var/Pictures/* /Users/$var/Public/*

3. Include the script in a policy that triggers every login or logout.

If I'm already logged into the machine and run "sudo jamf policy -trigger login", it totally works (even if I'm logged in with a different user account). But if I actually logout/login, it doesn't work. All logs just say that it completed successfully.

Any ideas on how to make this work?

Thanks

Like Comment
Order by:
SOLVED Posted: by wesleya

We saw where the login/logout hooks were getting stomped on by the networkstatechange trigger. If this isn't a trigger you're using, it might be worth disabling this. You can find this under Computer Management - Management Framework > Check-In.

Like
SOLVED Posted: by ryan.ball

Throw this at the bottom of the script, login/logout and see if the file even gets created to see if the script is running or not.

touch /Users/Shared/.Config/Finished.txt

if [ -f /Users/Shared/.Config/Finished.txt ]; then
    echo "File exists"
    exit 0
else
    echo "File does not exist"
    exit 1
fi
Like
SOLVED Posted: by ktaylor25

@ryan.ball, strange thing.. the Finished.txt file was not created, but the policy log says "File exists".

At any rate, I added Startup as a trigger and that seems to do the trick. No idea why it makes a difference but it's working now.. with Finished.txt and all.

Like