step one: get the currently logged in user name.
If it were a loginhook, $1 would work. I've found that problematic for logouthooks, so I use $USER.
step two: verify they aren't admin, or aren't you.
You could test the result of
dscl . -read /Groups/admin GroupMembership | grep "$USER"
If $? (the exit code) equals 0 then leave the logouthook script with "exit 1"
otherwise...
step three: remove the user account
dscl . -delete /Users/$USER
step four: remove the user's home folder
rm -R /Users/$USER
# If user is an admin, exit script
dscl . -read /Groups/admin GroupMembership | grep -q "$USER"
if [ "$? -eq 0 ]; then
# the next line could be substituted for the previous 2 lines
#if [ $USER = "adminuser1" ] || [ $USER = "adminuser2" ] || [ $USER = "adminuser3" ]; then
echo "LOGOUT: admin folders will not be deleted."
exit 1
fi
# If home directory exists, delete
if [ -d "/Users/$USER" ]; then
echo "LOGOUT: user account cleanup."
rm -R /Users/"$USER"
dscl . -delete /Users/"$USER"
fi
exit 0
That should do it. I use a similar script and it works fine except for forced reboot scenarios, but that's what lab admins, and periodic reimaging is for.
This is fairly rudimentary scripting. Feel free to use awk, case statements, and for loops to your hearts content.