- Jamf Nation Community
- Products
- Jamf Pro
- Cron Not Running??
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2016 07:14 AM
Recently did a clean install of El Capitan on some student computers. Previously running Yosemite. I have a cron job set to run a perl script which deletes user accounts. This same cronjob which previously ran in Yosemite (so did the script), is not running in El Capitan. This cronjob and script are on all the computers locally.
Details:
Cron
50 03 * * 1,2,3,4,5,6,7 /var/root/homeDelete.plScript
#!/usr/bin/perl
$DEBUG = 0;
$homeDir = "/Users";
@ignores = (".","..",".DS_Store",".localized","Guest","Shared","macadmin","profile","root","Lab");
opendir (DIR, $homeDir) or die $!;
while (readdir(DIR)){
$delete = 0;
foreach $ignore (@ignores){
if ($_ eq $ignore){
$delete = 1;
}
}
if (!$delete){
$fullPathToDelete = "$homeDir/$_";
if($DEBUG){
print "`/bin/rm -Rf $fullPathToDelete`
";
}
else{
`/bin/rm -Rf $fullPathToDelete`;;Could SIP be the reason my script and/or cron are not running? I'm at a loss why it isn't running each morning.
Solved! Go to Solution.
Labels:
- Labels:
-
Jamf Nation
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2016 11:13 AM
I wouldn't think a logout script would work with the purpose of deleting user accounts since the script runs while the account is technically still being used. And based on your script it looks like it doesn't actually delete accounts, just the home folders, right? If you want a similar process to your cron job that deletes accounts at the end of the day - as long as the computer is powered on, then I'd really suggest using launchd since a user doesn't have to be logged in for it to run. If you're a launchd virgin (like I used to be), you can use a great program called LaunchControl to help you.
However the big gotcha that trumps it all might be SIP in El Capitan preventing you from just deleting the contents of /users/. If that's the case, then your best bet would be to use launchd to run a different script that deletes the actual accounts via dscl.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2016 07:37 AM
Most likely the cause..SIP locks down the /usr/bin directory and can cause your script to not run regardless of permissions...
I would turn off SIP
Boot into Recovery mode
go into terminal and run this command: csrutil disable
Reboot
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2016 08:42 AM
I've been hearing that cron has been deprecated in OSX for many years because launchd is the way of the future. Setting up a LaunchAgent might be the way for you to move forward.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2016 10:51 AM
Hmmm...
Rethinking this I'm trying to see if my jss will push it as a logout script. I setup a Policy with logout checked and Make Available Offline checked. Then I added my script to the scripts on the jss and added it to this policy. Next I added my test computer to the policy.
This is not resulting in any changes either. It's as though the script is not running. On the JSS I have login hooks enabled and on the test computer I have SIP turned off.
Any thoughts??
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2016 11:13 AM
I wouldn't think a logout script would work with the purpose of deleting user accounts since the script runs while the account is technically still being used. And based on your script it looks like it doesn't actually delete accounts, just the home folders, right? If you want a similar process to your cron job that deletes accounts at the end of the day - as long as the computer is powered on, then I'd really suggest using launchd since a user doesn't have to be logged in for it to run. If you're a launchd virgin (like I used to be), you can use a great program called LaunchControl to help you.
However the big gotcha that trumps it all might be SIP in El Capitan preventing you from just deleting the contents of /users/. If that's the case, then your best bet would be to use launchd to run a different script that deletes the actual accounts via dscl.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2016 11:23 AM
Awww you're right, the account is still active when trying to delete it. Don't know why that didn't occur to me. Thanks @AVmcclint!!!
I am a launchd virgin and will check out LaunchControl. And start reading up on launchd.
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-21-2016 09:02 AM
@AVmcclint Thanks for the tip, I've got it working now with the launchd. Thanks very much!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-21-2016 09:11 AM
I'm glad I could help.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-06-2016 05:55 AM
Look into the sysadminctl command which is available in 10.10+ and allows you to delete user accounts.
