|
|
Sponsored Content
Operating Systems
OS X (Apple)
Scripting User Account Removal
Post 302584299 by [MA]Flying_Meat on Thursday 22nd of December 2011 05:49:23 PM
12-22-2011
step one: get the currently logged in user name.
If it were a loginhook, $1 would work. I've found that problematic for logouthooks, so I use $USER.
step two: verify they aren't admin, or aren't you.
You could test the result of
dscl . -read /Groups/admin GroupMembership | grep "$USER"
If $? (the exit code) equals 0 then leave the logouthook script with "exit 1"
otherwise...
step three: remove the user account
dscl . -delete /Users/$USER
step four: remove the user's home folder
rm -R /Users/$USER
# If user is an admin, exit script
dscl . -read /Groups/admin GroupMembership | grep -q "$USER"
if [ "$? -eq 0 ]; then
# the next line could be substituted for the previous 2 lines
#if [ $USER = "adminuser1" ] || [ $USER = "adminuser2" ] || [ $USER = "adminuser3" ]; then
echo "LOGOUT: admin folders will not be deleted."
exit 1
fi
# If home directory exists, delete
if [ -d "/Users/$USER" ]; then
echo "LOGOUT: user account cleanup."
rm -R /Users/"$USER"
dscl . -delete /Users/"$USER"
fi
exit 0
That should do it. I use a similar script and it works fine except for forced reboot scenarios, but that's what lab admins, and periodic reimaging is for.
This is fairly rudimentary scripting. Feel free to use awk, case statements, and for loops to your hearts content.
If it were a loginhook, $1 would work. I've found that problematic for logouthooks, so I use $USER.
step two: verify they aren't admin, or aren't you.
You could test the result of
dscl . -read /Groups/admin GroupMembership | grep "$USER"
If $? (the exit code) equals 0 then leave the logouthook script with "exit 1"
otherwise...
step three: remove the user account
dscl . -delete /Users/$USER
step four: remove the user's home folder
rm -R /Users/$USER
# If user is an admin, exit script
dscl . -read /Groups/admin GroupMembership | grep -q "$USER"
if [ "$? -eq 0 ]; then
# the next line could be substituted for the previous 2 lines
#if [ $USER = "adminuser1" ] || [ $USER = "adminuser2" ] || [ $USER = "adminuser3" ]; then
echo "LOGOUT: admin folders will not be deleted."
exit 1
fi
# If home directory exists, delete
if [ -d "/Users/$USER" ]; then
echo "LOGOUT: user account cleanup."
rm -R /Users/"$USER"
dscl . -delete /Users/"$USER"
fi
exit 0
That should do it. I use a similar script and it works fine except for forced reboot scenarios, but that's what lab admins, and periodic reimaging is for.
This is fairly rudimentary scripting. Feel free to use awk, case statements, and for loops to your hearts content.
This User Gave Thanks to [MA]Flying_Meat For This Post:
|
|
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hi all, i m tryin to create a new account on the unix work station. do i use 'useradd' command? can u guyz advice on the usage of 'useradd' command as it can comes with 'useradd -D' or 'useradd -e'
thanks :confused: (1 Reply)
Discussion started by: damian
1 Replies
2. Post Here to Contact Site Administrators and Moderators
hi
how to disable the useraccount in aix (should not remove). (1 Reply)
Discussion started by: chomca
1 Replies
3. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies
4. Shell Programming and Scripting
Hi, guys. I have two questions:
I need to write a script, which can show all the non-suspended users on system, and suspend the selected user account.
There are two things I am not sure:
1. How can I suspend user's account? What I think is: add a string to the encrypted password in shadow... (2 Replies)
Discussion started by: daikeyang
2 Replies
5. Red Hat
Hi All,
I have a RPM for an Java based application. Currently it works fine.
But recently I want to implement that when newer packages gets installed over the older one, the rpm should only update the older files with the newer one (I know this could be done by rpm -Uvh xxx.rpm), but it... (0 Replies)
Discussion started by: jw_amp
0 Replies
6. Cybersecurity
Please help me identify these user accounts..
bin, lp, nuucp, smbnull, mysql, tftp
Can we remove these user or disable these users?We have to apply the security policy about the user identification.Since it was settup by our vendor long time ago. We do not have these informations about these... (3 Replies)
Discussion started by: rdstkg
3 Replies
7. Red Hat
Hi All,
I want to know is there any way where if i add a user in a centos machine the can be replicated to another centos automatically.
As i have setup DRBD with heartbeat for apache webserver everything is working fine but the only thing im stuck in is about system account for ftp.
Can any... (3 Replies)
Discussion started by: search4u2003
3 Replies
8. Linux
Hi,
i have the following config in the system-auth files
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required ... (2 Replies)
Discussion started by: yprudent
2 Replies
9. HP-UX
I need to check actual date a user was disabled on my HP-UX server.
Audit is claiming the user account was active during the last audit exercise. (7 Replies)
Discussion started by: cyriac_N
7 Replies
LEARN ABOUT REDHAT
dropuser
DROPUSER(1) PostgreSQL Client Applications DROPUSER(1) NAME
dropuser - remove a PostgreSQL user account SYNOPSIS
dropuser [ options... ] [ username ] DESCRIPTION
dropuser removes an existing PostgreSQL user and the databases which that user owned. Only users with usesuper set in the pg_shadow table can destroy PostgreSQL users. dropuser is a shell script wrapper around the SQL command DROP USER [drop_user(7)] via the PostgreSQL interactive terminal psql(1). Thus, there is nothing special about removing users via this or other methods. This means that the psql must be found by the script and that a database server is running at the targeted host. Also, any default settings and environment variables available to psql and the libpq front-end library do apply. OPTIONS
dropuser accepts the following command-line arguments: username Specifies the name of the PostgreSQL user to be removed. This name must exist in the PostgreSQL installation. You will be prompted for a name if none is specified on the command line. -e --echo Echo the queries that dropuser generates and sends to the server. -i --interactive Prompt for confirmation before actually removing the user. -q --quiet Do not display a response. createuser also accepts the following command-line arguments for connection parameters: -h host --host host Specifies the host name of the machine on which the server is running. If host begins with a slash, it is used as the directory for the Unix domain socket. -p port --port port Specifies the Internet TCP/IP port or local Unix domain socket file extension on which the server is listening for connections. -U username --username username User name to connect as (not the user name to drop) -W --password Force password prompt (to connect to the server, not for the password of the user to be dropped). ENVIRONMENT
PGHOST PGPORT PGUSER Default connection parameters DIAGNOSTICS
DROP USER All is well. dropuser: deletion of user "username" failed Something went wrong. The user was not removed. If there is an error condition, the backend error message will be displayed. See DROP USER [drop_user(7)] and psql(1) for possibilities. EXAMPLES
To remove user joe from the default database server: $ dropuser joe DROP USER To remove user joe using the postmaster on host eden, port 5000, with verification and a peek at the underlying query: $ dropuser -p 5000 -h eden -i -e joe User "joe" and any owned databases will be permanently deleted. Are you sure? (y/n) y DROP USER "joe" DROP USER SEE ALSO
createuser(1), DROP USER [drop_user(7)] Application 2002-11-22 DROPUSER(1)