OS X (Apple)

Ok, so I've been looking all over the place for how exactly to do this and I've become so bombarded with information I finally decided I'll pose the question here. I'm not a programmer or anything that hardcore, but if I see things already implemented and working examples I can easily learn and modify them to suit my needs. That being said I have been trying to find the step by step or close to for creating a couple login/logout hooks. And now I'm also reading I should create a launchd job instead and am just beginning to look into that option since it's more secure.

I'm in a mixed 10.6 / 10.7 environment with all moving to 10.7 hopefully soon here in a university environment and manage all the workstations we have in our building. Users log in with their AD accounts and user folders are created locally and pulled from the default new user template that I've modified to suit our environment.

The two (or maybe one?) scripts I need are to do a couple things then. First, I'd like to erase each user account on logout so the user folders don't pile up in the User directory. And then second, I'm thinking I'll also need a login script to put my Admin account folder back each time from a template or something as it too will get erased from the logout script.

Thanks for any help in advance.

step one: get the currently logged in user name.
If it were a loginhook, $1 would work. I've found that problematic for logouthooks, so I use $USER.

step two: verify they aren't admin, or aren't you.
You could test the result of
dscl . -read /Groups/admin GroupMembership | grep "$USER"
If $? (the exit code) equals 0 then leave the logouthook script with "exit 1"
otherwise...

step three: remove the user account
dscl . -delete /Users/$USER

step four: remove the user's home folder
rm -R /Users/$USER


# If user is an admin, exit script
dscl . -read /Groups/admin GroupMembership | grep -q "$USER"
if [ "$? -eq 0 ]; then
# the next line could be substituted for the previous 2 lines
#if [ $USER = "adminuser1" ] || [ $USER = "adminuser2" ] || [ $USER = "adminuser3" ]; then
echo "LOGOUT: admin folders will not be deleted."
exit 1
fi

# If home directory exists, delete
if [ -d "/Users/$USER" ]; then
echo "LOGOUT: user account cleanup."
rm -R /Users/"$USER"
dscl . -delete /Users/"$USER"
fi
exit 0

That should do it. I use a similar script and it works fine except for forced reboot scenarios, but that's what lab admins, and periodic reimaging is for.

This is fairly rudimentary scripting. Feel free to use awk, case statements, and for loops to your hearts content.

Hey thanks for the message man! I'm a little unclear what all to copy/paste into my text file though. (sorry) As I said, new to all this stuff and not clear on a lot of it yet. Any chance you can create a super dummies version of the email you sent? I'm reading one article here, https://discussions.apple.com/thread/1454557?start=0&tstart=0, for example, and it's confusing me where to put the file and what exactly I'm writing. I'm using 10.7 on all the machines I want to put this on.

from "# If..." to "exit 0"

Your script should actually start with:
#!/bin/bash
# and insert any comments here, like what this script does

Then you want to name it such that you won't accidentally try to use it as a loginhook. My recommendation is "LogoutHook".

You can put the script practically anywhere, but try to think of a place that will be common for all such scripts going forward. We created a folder in the main Library folder for all custom scripting. That is where all of our admin level support staff can find them on any previous or future image builds.

You probably don't want read privileges for other, aka "world readable". After creating your script, from the command line, enter this and hit return:
chmod 770 /path/to/LogoutHook

You probably want to make root or "system" the owner, and maybe assign the admin group full access:
sudo chown root:admin /path/to/LogoutHook

I'm sure someone will correct me if I'm wrong on any of this, but it is working this way for my scripts.

greetings

here is an applescript i wrote a while ago. it uses a filemaker database to grab the users name and information. I had one written in bash, but I can't find it,.

Code:

tell application "FileMaker Pro"
	set RecordName to cell "RecordName" of current record
end tell
display dialog " WARNING !!!!!!!

THIS ACTION WILL
DELETE THE ACCOUNT ......." & RecordName & "......


Are you sure you want to proceed ? " with icon 0 with title " Time to Delete " buttons {"Exit", "Continue"} default button "Continue"
if button returned of the result is "Continue" then
	try
		do shell script "dscl -u diradmin -P PASSWORD /LDAPv3/my.ldap1.com -delete /Users/" & RecordName & ""
		beep 3
		display dialog " username " & RecordName & " Was Deleted from ODM" with icon 1 with title " Laters " buttons {"Okay F00"} default button 1
	on error errMsg number errorNumber
		display dialog errMsg
	end try
else
	display dialog "SEE YA f00!!!"
	beep 1
end if

Thanks guys. Just getting to my new images now so I'll keep you posted as to whether or not I hose the machines.

Maybe I'm creating the script wrong or something, for it's not cooperating. The part you said to copy/paste, should that just be put into a new TextEdit doc and saved out as a plain text file?

And I can copy directly what you entered and not need to modify anything?

Like I said, noob to the scripting here.