Blog

For anyone interested in deleting Mobile (Portable) accounts after a certain number of days ( most likely a lab environment ) I have created a bash with an accompanying loginhook and package installer(w/postflight). Any feedback or code additions would be greatly appreciated. Static Link here

Elmer “Rabbit Droppings” remover v1.9

These scripts are designed to remove mobile home directories after 15 days of inactivity, test in a non production environment before deploying!

 

You can find the package maker project ->here<- and the installer package ->here<-

 

 

This installer package will install ( by default ) into:

 

/Library/Application Support/Wallcity.

 

It then runs a postflight script that adds a loginhook and sym links the main script (elmer) to /etc/rc.shutdown.local, which runs at shutdown.

 

Note: That the postflight script will not overwrite an existing script so in that case you must call it at the last active line of your existing hook.

 

bash ‘/Library/Application Support/Wallcity/loginhook’ $1

 

Or alternatively you could also use:

 

exec ‘/Library/Application Support/Wallcity/loginhook’ $1

 

loginhook:

This script creates(touches) a file in mobile home directories called “.logintime”, each time the user logs in the file’s modification time is updated. By default (non-mobile) local / network users and admin users are excluded from the file creation process, but this is configurable.

elmer:

This script is the payload, working off the files created by the loginhook, this script searches the top directories in the configured home path (/Users) and then finds all touch files that have not been modified in the last 15 days (configurable.) It verifies that the user is not an admin and is indeed a mobile user(authenticationauthority). It double checks to make sure that the path we are about to delete is in fact the uses home directory (NFSHomeDirectory). As the user it attempts to recursively remove all the contents of the home directory , it then removes the empty directory as root ( or moves out of the way in error)

 

Note: This script was designed to run at shutdown, if you would like to run as a cron job then you might have it touch /etc/nologin or check that no one if logged in to the console before you start.

 

Configuration

Close to about line 46 You will find the following variables in elmer.

 

# — User config settings

declare -x MODFILE=”.logintime”

declare -x DAYSOLD=”+15″.

declare -x EXCLUDEADMIN=”YES”

declare -x EXCLUDEUID=”503″

declare -x HOMEPATH=”/Users”

declare -x LOGLEVEL=”NORMAL”

 

The MODFILE is the file name that will be created in the users home directory, I suggest putting a . in the front of the name so it is hidden from non-savvy users.

 

The DAYSOLD the amount of time (+ | – ) in days that you want to check for, for instance one week would be “+7″ for testing you can put a negative value that would mean less the a day i.e. “-1″

 

The EXCLUDEADMIN can be set to “NO” if you don’t wish to exclude members of the “admin” group.

 

The EXCLUDEUID any UID less then this value will be excluded (Normally UIDs in the local domain start at 501+ ).

 

The HOMEPATH is the path to where home directories are kept, normally this is “/Users” but could also be “/Volumes/data/Users” if you had your home-directories on a separate partition.

 

The LOGLEVEL set to “VERBOSE” for verbose, all output is logged to /Library/Logs/<scriptname>.log by default (i.e. rc.shutdown.local.log).

If would you like to contact me with comments or inaccuracies about this article, feel free but support requests will be ignored unless you would like to sign up for Iris Professional Services service. Thanks