I'm trying to complete a script run by a launchdaemon to delete a specific account if it is over X hours old. I started with Sean Rabbit's similar script here. But drifted away as I didn't need all that.
I've tried "dscl -delete" and "sysadminctl -deleteUser" but they just convert the account to a standard user.
I'm now trying to use "jamf deleteAccount" but it doesn't even seem to run (log created, but nothing in it).
In all three cases the script works fine when run with sudo, and it's my understanding that /Library/LaunchDaemons/ are run as root?
#!/bin/bash
# Some Variables
jamfBinary="/usr/local/bin/jamf"
user="eucadmin"
ageLimit=5 #in minutes
ageLimit=$((ageLimit * 60))
currentTime=$(date +%s)
#list users and if our target is on the machine check its admin and then if it's too old delete it
users=$(/usr/bin/dscl . list /Users)
if echo "$users" | /usr/bin/grep -wq "$user" && groups eucadmin | grep -qw admin;then
userCreateTime=$(/usr/bin/dscl . -readpl /Users/$user accountPolicyData creationTime | /usr/bin/awk '{ print $NF }')
userCreateTime=$( /usr/bin/printf "%.0f" "$userCreateTime" ) ### convert the userCreateTime to an integer
userAge=$(( currentTime - userCreateTime ))
if (( userAge > ageLimit ));then
# /usr/bin/dscl . -delete "/Users/$user"
# First tried dscl, but left account as standard
# Notes: First tried dscl, error that it couldn't delete home because of something in pictures, so delete pictures first
# if [ -e /Users/$user ];then
# rm -rf /Users/$user/Pictures
# rm -rf /Users/$user
# fi
# Note - Tried sysadminctl, but also left account as standard
# sysadminctl -deleteUser "$user"
# Finally trying Jamf binary, but it doesn't even seem to run.
$JAMF_BINARY deleteAccount -username $user -deleteHomeDirector
echo "Attempted to delete $user"
echo "running recon"
# $jamfBinary recon
fi
else
echo "$user doesn't exist, exiting"
fi
exit
And the launchdaemon which I know works at least... (installed in /Library/LaunchDaemon
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ice.jit_purge</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/ice_jit_purge.sh</string>
</array>
<key>StartInterval</key>
<integer>300</integer>
<key>StandardErrorPath</key>
<string>/var/log/ice_jit_purge.log</string>
<key>StandardOutPath</key>
<string>/var/log/ice_jit_purge.log</string>
<key>Debug</key>
<true/>
</dict>
</plist>
-Chris
