Jamf Nation Community

Randydid · ‎08-04-2014

When I recently took this position, I inherited a bit of a mess. We have recently deployed an image to 200+ macs in labs throughout our environment. The person I replaced implemented this script as a logout hook. The script as you can see really does not do when the author intended. It deletes the entire Users folder and all content! The reason she did this is to eliminate space issues (students saving large files and having their profiles remain after logging out), keychain issues, etc. I do like the idea of the creation of a new Users folder every time someone logs in but this a little too aggressive.

###
#!/bin/bash

#Deletes the temporary local user account in /Users, and leaves local admin account

cd /
#where local admin account is "asite"

if [ $USER = "asite" ];then
exit 1
fi

if [ $USER = "newnetid" ];then
exit 1
fi

if [ -d "Users/$USER" ]; then
rm -R /Users/"$USER"
dscl . -delete /Users/"$USER"
fi
exit 0

####

The issue I am battling is that iTunes wants the Shared folder to be present. Ideally, I would like another script that adds a silent login hook that places folder named Shared in the Users folder when a student logs in and be able to push it via a policy via jss.... I have tried various scripts but since Users is a system folder, I run into authentication errors.

Or, alternatively change the setting that specifies iTunes to use the Share Folder (may not be possible) and to something else (pushed via a policy).

Assumptions:
Yes, I could rebuild the images with this fixed but that would mean I would have to redeploy the images again and we are under a deadline as students are returning to class next week. Yes, it could be argued that using iTunes on a lab machine is not a good idea (the requirement was by faculty and out of my control).

I am going to rethink this when I build the next image for our labs.

If anyone needs me to clarify, please ask. Basically, I just need the simplest solution to the absence of the /Users/Shared folder that can be scripted and added to existing machines.

Thanks in advance!

/randy

bentoms · ‎08-04-2014

@Diddel, I think I know the issue you mean.. Run the following to recreate the folder: http://macmule.com/2013/12/20/itunes-error-you-do-not-have-enough-access-privileges-for-this-operati...

Randydid · ‎08-04-2014

Thanks bentoms! That script does exactly what I need except the terminal Window stays open at login and is prompting for a password. Any idea how to pass the credentials and close the window? Can this be run silently without a student seeing it at all?

/randy

bentoms · ‎08-04-2014

Err.. Run it via Casper as a policy. It'll then run as root with no prompts.

Randydid · ‎08-04-2014

That is what I am doing but it seems to still want creds.... That is why I asked. I did not expect it to have any presence.

/randy

bentoms · ‎08-04-2014

Well if you're running via Casper then you're running as root, no need for the sudo.

So remove them.

Randydid · ‎08-05-2014

OK, thanks! I am new to Casper so I am still learning the ins and outs. Thanks again for your help.

I will test this morning.

/randy

stevevalle · ‎08-05-2014

@Diddel - This script should do what you want it to do. It will delete all local users that are not admin, leaving the main Users directory. You can change the UniqueID and mtime values to suit your environment.

#!/bin/sh
userList=`dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}'`

echo "Deleting account and home directory for the following users..."

for a in $userList ; do
     find /Users -type d -maxdepth 1 -mindepth 1 -not -name "*.*" -mtime +1 | grep "$a"
     if [[ $? == 0 ]]; then
          dscl . delete /Users/"$a"  #delete the account
          rm -r /Users/"$a"  #delete the home directory
     fi

done

Hope this helps.

Jamf Nation Community

Need simple script to solve complex problem