I have a question regarding scripting.
I'm trying to build a user account in an educational lab environment that's easy for some of our students to sign into that subsequently removes their data on logout (a la Deep Freeze). It warns the user this will occur and although I could just use a Guest account I'd like to try this first. I've accomplished most of what I'm looking to remove (though if I'm missing something please bring it up) but I can't find an answer to my issue in the forums. I can't seem to remove Safari data from session to session.
This is the part I need help with:
Any combination of the following commands (whether I insert into Files & Process or into Scripts after my other one) doesn't seem to have any effect and I'm not quite sure why:
sudo bash -c "rm -f /Users/student/Library/Safari/History.db"; sudo bash -c "rm -f /Users/student/Library/Safari/LastSession.plist"; sudo bash -c "rm -f /Users/student/Library/Safari/HistoryIndex.sk"; sudo bash -c "rm -f /Users/student/Library/Safari/TopSites.plist"; sudo bash -c "rm -f /Users/student/Library/Safari/WebpageIcons.db"; sudo bash -c "rm -f /Users/student/Library/Safari/Downloads.plist"
Here's what's working:
Config Profile (Restrictions) - disables iCloud/Internet Accounts Preference Panes
- Restrictions > Preferences > Restrict items in System Preferences > Disable Selected Items > iCloud/Internet Accounts
- Restrictions > Functionality > all iCloud options
Files & Processes - removes the User folders and Chrome data (items on a new line for visual clarity)
sudo bash -c "rm -rf /Users/student/Desktop/*"; sudo bash -c "rm -rf /Users/student/Documents/*"; sudo bash -c "rm -rf /Users/student/Downloads/*"; sudo bash -c "rm -rf /Users/student/Movies/*"; sudo bash -c "rm -rf /Users/student/Music/*"; sudo bash -c "rm -rf /Users/student/Pictures/*"; sudo bash -c "rm -rf /Users/student/Library/Application Support/Google/Chrome/Default/*"
Script (not my own) to empty the trash
#!/bin/bash # for each user in the /Users folder that is (!)not the Shared folder for dir in /Users/[!Shared]* do # Create a variable with just the users name user=`echo $dir | cut -d'/' -f3` # Empty each users trash rm -rf $dir/.Trash/* # For logs or viewing progress--shows when the users trash has been emptied echo -e "Trash has been emptied for: $user" done
Solved! Go to Solution.
Great link! Yeah, I do think access to Mail, Messages, Safari data, and Time Machine backups are now controlled via the new “Full Disk Access” setting. The location of the Safari.plist file I believe also changed to /Users/$user/Library/Containers — which you would need SIP for, but that's not the file I'm looking to delete.
I'm unsure of how I would even add Jamf as an app that has "Full Disk Access" or why it'd be necessary in the first place since it's running from root, but I'm still open to suggestions! :)