Policy to Delete Downloads older than x dats

freshmacman
New Contributor III

I'm looking to setup a policy that runs once a day and deletes any downloads which are older than 30 days. So far i can't find any scripts that can do this, and also is a script attached to a policy the best way to do this? I am brand new to scripting. Thanks in advance

12 REPLIES 12

Tangentism
Contributor II

What do you mean by 'Downloads'? Each users downloads folder in their profile? The downloads folder in /Library/Application Support/JAMF/Downloads?

Users downloads: You can run something like this:

CURRENTUSER=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

find  "/Users/$CURRENTUSER/Downloads" -type f -mtime +30 -exec rm -f {} ;

freshmacman
New Contributor III

Thank you this is perfect, and yes sorry I meant User Downloads. The only thing It didn't delete are .app files
It says that they are directories and left them in the downloads folder. Is there a way to have it delete these as well?
Thank you!

mm2270
Legendary Contributor II

Change the rm -f to rm -rf. I believe that should do it.

Not that you asked, but just as an aside, I would be careful deploying something like this since rm run with root privileges is permanent and could delete things you weren't wanting to. Test this out thoroughly to make sure it does what you want. There's no undo with the rm command, other than restoring from a backup.

freshmacman
New Contributor III

Thank you for the warning, I've had multiple people bring that up now so I'm a bit worried. Is it enough to deploy to a test group and rely on policy running logs to verify its deleting what we want it to? Thank you @mm2270

Tangentism
Contributor II

You could move them instead to the users Trash folder.

find  "/Users/$CURRENTUSER/Downloads/" -type f -mtime +30 -exec mv  '{}' /Users/$CURRENTUSER/.Trash/ ;

freshmacman
New Contributor III

@Tangentism that is precisely what I was looking up now!!!! that would solve the downloads clearing issue while at the same time not being nearly as ATOMIC. Thank you!

mm2270
Legendary Contributor II

Well, I would certainly deploy to a small test group to start, preferably to people or machines that if something goes wrong it won't be a big problem to recover from.
But besides that, what is the main issue you're trying to solve with this? Are your users filling up their hard drives with lots of downloads? If so, you could deploy some other policies that would alert users when their disk space gets below a certain level as an initial warning to them. You could also get alerted when disk space falls below a certain level within Jamf Pro using the Advanced Search and the built in reporting functions. Just some thoughts to consider. I guess I would only start forcibly deleting files as a last resort after some of the other options failed, just to be on the safe side.

Edit: I was also thinking that maybe moving them to the trash first would be safer. So I'm glad that was suggested and works for you. Much safer alternative. If you combine that with a profile that forces items older than 30 days in the Trash to be deleted, that could work.

freshmacman
New Contributor III

@mm2270 this is something we have to do to comply with regulations. Data has to be gone in 30 days one way or another. It sounds silly but I was even considering moving all downloads to the trash after 1 day of being on the machine then emptying the trash can after 29 days. This would be annoying for users and they would need to recover their items but it seems so much safer than deleting the files with root user. what do you think?

mm2270
Legendary Contributor II

Well, if it's something that has to be done, then yeah, maybe anything past 1 day old gets moved to the Trash, and then the trash gets emptied on items that have been there for 30 days. This gives the users some 'recovery' time, so if something was moved there that they needed they could move it back, with the understanding that the next time your daily policy runs it will likely just put it back in the Trash. I agree this could get annoying, but if it has to be done for compliance reasons, then it has to be done. Sometimes in our world there aren't such great answers to these things. But things that are necessary nonetheless.

The other option is to try the command to auto delete items that are 30 days or older. Test it and see. Since it's being directed at the user's Downloads folder, the worst case scenario (although unlikely) would be that it removes everything from the Downloads folder and not just ones that are 30 days old. But it wouldn't, or shouldn't affect anything other than that one directory. It is not, for example, going to nuke any important system locations, especially since SIP protects those places anyway.

freshmacman
New Contributor III

I think I'm gonna go with the command to auto delete downloads older than 30 days since as you said its directed at current user downloads folder so it's somewhat controlled. Thanks for all the help @mm2270 Cheers-

Tangentism
Contributor II

You could do a combination of both: move files after x amount of days then empty the trash folder of files older than 30 days

freshmacman
New Contributor III

Quick update on this for anyone that sees this in the future. i used find /Users/$3/Downloads -mtime +30 -exec rm -rf {} ;
And a user created a folder at /Users/$3/Downloads_Keep and moved their "keep" items here. Well since the scrip had no / at the end of Downloads
it erased all of their items. Beware, and use find /Users/$3/Downloads/* -mtime +30 -exec rm -rf {} ;