Deletion of home folders at logout in a lab

allencreech
New Contributor II

Running some labs of 10.6 Macs bound to AD with external accounts activated. Users can choose to create their home folders on the boot volume or some form of external media. The boot volumes in all cases are "/Volumes/Macintosh HD".

Anyone have a script that can help remove the boot-volume accounts at logout? I have an old script that works on 10.5 (haven't tested on 10.6) but I would like something maybe a little more, um, professional?

17 REPLIES 17

CasperSally
Valued Contributor II

We use MCX and set "cachedaccounts.expiry.delete.disusedSeconds" to zero which deletes the mobile accounts on logout

friedelj
New Contributor III

We also use MCX and the cachedaccounts.expiry.

FYI- There is a bit of a bug with that and Snow Leopard, though where accounts that login exactly one time may not delete. (http://support.apple.com/kb/TS3736) I haven't tried with Lion yet to see if this issue was resolved.

allencreech
New Contributor II

We are seeing the Snow Leopard/CachedAccounts.Expiry issue in my labs. I'll test again once we move to either Lion/Mt. Lion but for now will pursue a scripted solution.

I've had way too many boot volumes reach capacity with the SL bug.

Thanks all.

rockpapergoat
Contributor III

adapt the logout/cleanup hooks from NHR: http://www.macupdate.com/app/mac/25425/network-home-redirector.

i used that awhile back for a similar purpose where a client wanted all lab machines' local homers purged on each logout/boot.

acdesigntech
Contributor II

haven't used this method in a while, but at a client we had homefolders being redirected to /tmp. Didn't remove on logout, but did on reboot...

Sonic84
Contributor III

Hello, I'm looking for a way to scope cachedaccounts.expiry.delete.disusedSeconds to a specific user. Is there a way to do that through Casper MCX profiles?

jagress
New Contributor III

We remove cached accounts with a script that runs via policy once per day. This is working really well for us on 10.5, 10.6, and 10.7. The same script also removes the com.apple.sharepoint groups that are created for each user and the MCX directory. We found that doing this increases login speed.

#!/bin/sh

# Define current user
current_user=`ls -l /dev/console | awk '{print $3}'`

# Loop through users with homes in /Users; exclude any accounts you don't want removed (i.e. local admin and current user if policy runs while someone is logged in)

for username in `ls /Users | grep -v admin | grep -v $current_user`
do
echo "Removing user: $username"
dscl . delete /Users/$username
rm -rf /Users/$username
done

# Remove all sharepoint groups to speed up login.
for group in `dscl . list /Groups | grep "com.apple.sharepoint"`
do
echo "Deleting group: $group"
dscl . delete /Groups/$group
done

# Remove MCX files
rm -rf "/Library/Managed Preferences"

CasperSally
Valued Contributor II

Regarding deleting accounts on logout, has anyone else noticed using MCX and setting "cachedaccounts.expiry.delete.disusedSeconds" to zero no longer seems to be deleting mobile accounts in 10.7 (I tested in 10.7.3 and 10.7.4).

Apple originally said this was a big in 10.7.3 and fixed in 10.7.4 but still not working for me.

tep
Contributor II

How can you modify that script to delete network folders that are 3 days old (or older)?

listec
New Contributor III

@CasperSally Where do you set "cachedaccounts.expiry.delete.disusedSeconds"?
Do you go to "Mobile Account..." then choose Custom?
I have looked through everything I can find on MCX, but to no avail.

Thanks in advance!

CasperSally
Valued Contributor II

@listec we stopped using MCX few years back. There's a profile setting for this that i've had mixed luck with (some OS's it works fine, then the next OS it wouldn't work). I use a script now to delete home directories. There's posts on this message board about the script, but ever since jamf moved to jamf.com i can never find what I want to find :(

CasperSally
Valued Contributor II

@listec it looks like this config profile works on at least 10.11.5 machines. you'd only need the mobility section, the other settings are for other things we manage.

b3a8f88d81b74d699bc99bcaf35d2903

listec
New Contributor III

Ya, I had mixed results too, so I wrote a script myself. The Mobility setting above doesn't work for home folders which were forcibly created without a mobile account.

Also, I decided it was better to leave each home folder and just remove the Desktop, Documents, and Downloads folders to retain settings and speed up login times a bit.

I then created a policy and script to completely remove home folders which haven't been used in X days.

Thanks!

jared_f
Valued Contributor

@jagress Just a quick question about your script, how do you define users you exclude.

Thanks!
Jared

listec
New Contributor III

Hi @jagress ,

Here is my script. I am only excluding one user. There are other tricks you can do to exclude multiple users or users in specific groups, but I don't need to do that. YMMV.

#!/bin/bash

localAdmin="myLocalAdminUserName"
usrTarget="${3}"

#function to remove folder
rmvFolder () {
    dirTarget="${1}"

    if [ -d "${dirTarget}" ]; then
        rm -fR "${dirTarget}"
        if [ $?==0 ]; then
            echo "Removed folder: '${dirTarget}'"
        else
            echo "Failed to remove folder: '${dirTarget}'"
            return 1
        fi
    fi
    return 0
}


if [ ${usrTarget} == "" ]; then
    echo "No username available!"
    exit 1
fi

if [ ${usrTarget} == ${localAdmin} ]; then
    echo "Nothing to do!"
    exit 0
fi

if [ -d /Users/${3} ]; then
    rmvFolder "/Users/${usrTarget}/Documents"
    rmvFolder "/Users/${usrTarget}/Downloads"
    rmvFolder "/Users/${usrTarget}/Desktop"
    rmvFolder "/Users/${usrTarget}/Music"
    rmvFolder "/Users/${usrTarget}/Movies"
    rmvFolder "/Users/${usrTarget}/Pictures"
    rmvFolder "/Users/${usrTarget}/Applications"
#    rmvFolder "/Users/${usrTarget}/"

else
    echo "Home folder ${usrTarget} does not exist!"
    exit 1
fi

exit 0

listec
New Contributor III

Oh, I forgot to mention, I am leaving ~/Library so the dock and other preferences like default browser remain intact. It also greatly reduces login time, especially on our older machines.

rcole
Contributor

@listec quick quest: How did you get MacOS to rebuild the folders that you removed from the user's directory?