• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 403
  • Last Modified:

Script required to wipe Linux user dektop daily and log out set users

I have a number of students who keep f***ing with there profiles changing the desktops, icons, layout, wallpaper etc. This eventually causes there profile to load with lots of errors. Usually caused by them deleting images/files associated with there profile.
 
Understand that I cannot lock the profile down as its need r/w access.

Can someone provide me a script and tell me how to get it running/where to install it,  that will wipe the users profile every day restoring all basic settings, every time they log in and log selected users (students) out at a set time every day?

Regards

Mark Carey
0
markacarey
Asked:
markacarey
  • 18
  • 16
  • 8
  • +3
1 Solution
 
manav_mathurCommented:
>that will wipe the users profile every day restoring all basic settings,
you can do the same in /etc/rc.d/rc.local   (Redhat)


Manav

0
 
manav_mathurCommented:
I dunno if this works or not (havent tried yet), but you can put the followign lines of code into your rc.local script

for users in user1 user2
do
    mv /some/admin/path/.profile_basic /home/$users/.profile && chown $users: /home/$users/.profile
done

where.
/some/admin/path/.profile_basic

is a template script which will overwrite the .profile of every one of (user1, user2) when he *logs on* .
alternatively, put this into a script and schedule it as a root cronjob if you want to run it every morning.....

man crontab
man 5 cron

0
 
ahoffmannCommented:
assuming you have a sample profile in /home/sample then do:

 cd ~ && rm -rf * && (cd /home/sample&&tar cf - *)|tar xf -

place this in your shell's system wide resource configuration file (/etc/profile for sh and friends, /etc/csh.cshrc for csh and tcsh, usually)

this recreates the home directory at beginning of each login
# I'd suggest that you test first carefully
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
surya_prabhakarCommented:
every user when ever he logs some gui related files get created in his home directory .if you delete them the next time they log in all the files get created again restoring the defaults .
for gnome you have files like
.gconf, .gconfd, .gnome* , .gtk* etc  
and some silmilarly some files for KDE  .kde etc

we should not be deleting all the files .only few of them  

try this script and update me
-----------------------------------
#!/bin/bash
mkdir /tmp/profiles &> /dev/null
DEST="/tmp/profiles"

for i in `ls /home`
  do
    SRC=/home/$i
# you can customize and add more files too
    mv $SRC/.gcon* $DEST &> /dev/null
    mv $SRC/.gnome* $DEST &> /dev/null
    mv $SRC/.gtk* $DEST &> /dev/null
    mv $SRC/.kde* $DEST &> /dev/null
    mv $SRC/.ICE* $DEST &> /dev/null
# Instead of mv you can use rm -fr  if you dont want save
# these files .
    echo "cleaned .... $i"
  done

echo "Cleanng done"
------------------------------------------------------------------------


surya.
0
 
ahoffmannCommented:
> we should not be deleting all the files
that was the requirement
and if people waste their home, you need to restore it from scratch, anything else is not reliable

BTW, my sugestion assumes that it should be done for *all* users, that's probably wrong (think of root)
Please make a if condition for the reuired users
0
 
surya_prabhakarCommented:
alright alright !  I just forgot your presence :-)

But why do you need to screech off .profile files of the users when he says that  it causing problems with the GUI /icons and stuff .
If he wants to clean up every thing that can be done too but the genuine users who might have put some aliases or env variables in their profiles get punished .

0
 
ahoffmannCommented:
well, as pedantic as I am, I read "profile" not ".profile" in the question
anyway, .profile doesn't matter (at least as long as it is not misused for storing f***ing files ;-)
0
 
markacareyAuthor Commented:
All of the users are students that can have there desktop totally reset.  

Surya

Where do I place your script?   Does it go in - /etc/profile?

Presently all users are using /bin/bash as the default shell.  Should i be changing there default shell to something else for 'student users' like /bin/sl etc?
0
 
mburdickCommented:
Never seen so many "reinvented wheels"

When a user is first created, they have little to no information in a home directory. Here's something that should cover what you need...

Modify your /etc/pam.d/login file as follows:

Find the first line that says "session required" and insert a line before it that says "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022". This will cause a user's home directory to be created when they log in if it doesn't exist.

Next step is to wipe out their directory with a "rm -rf" command when the user isn't logged in.
0
 
ahoffmannCommented:
> Next step is to wipe out their directory with a "rm -rf" command when the user isn't logged in.
that's exactly what I suggested, just the difference: wipe when logs in (which seems more practical than cron)

> Surya
> Where do I place your script?   Does it go in - /etc/profile?
yes
but keep in mind that this suggestion *does not remove* the old homedir, and it needs to be costomized
my suggestion wipes out the old stuff and copies your skeleton in a generic way: only one place to change!
0
 
surya_prabhakarCommented:
If you want to incinerate everything in the home directories of the users then go by what the other people are saying . I f you just want to remove the gui related files  and do a little house cleaning then you can follow my script . .

If you want to run the script on every reboot you can put it in /etc/rc.local .  save the script as file and put it in /root and then change the permissions to 755 and call it directly in /etc/rc.local .

You can also call this file in the cron depending on whic the machine would be powered on . I dont suggest calling in /etc/profile because /etc/profile is called when ever the guy opens a new shell .

surya.
0
 
yuzhCommented:
Here's my way to apply standard desktop for students:

http:Q_21090956.html

You can write a little script to get rid of the students old settings, and appply the standard
desktop.

use "cron" to run the script once a day (eg, midnight)

0
 
ahoffmannCommented:
and how about student starting work at 23:55?
0
 
yuzhCommented:
Good question ahoffmann, the script need to check if the user is currently logon to the system,
before go ahead to replace his/her desktop.

markacarey, you also need to have some policy about user login, eg, what happen if a user login and never logout. idel time > 2 day get kill etc.
0
 
ahoffmannCommented:
> .. check if the user is currently logon ..
why?
simply do it at login, there the check is implicit, obvious somehow (except you allow multiple logins ;-)
0
 
yuzhCommented:
>>simply do it at login, there the check is implicit, obvious somehow  ;-)

Good point!  But markacarey want to do it daily, what happen if someone login many times
a day, you do it every time when he/she login?
0
 
ahoffmannCommented:
==>  (except you allow multiple logins ;-)
0
 
yuzhCommented:
I allow multiple logins.
0
 
ahoffmannCommented:
.. that get's nice when changing ~/.kde/* simultaneously ;-))
0
 
markacareyAuthor Commented:
The students are finding ways to stop office loading etc, which then allows them to surf for porn etc...  Need to be able to preserve the students work (Open office docs in home directory), whilst lossing there wall paper, etc and giving them the excuse of not being able to work.  

Which leads me onto another issue.  Firewall. (Will raise a seperate question).

If I can totally stop the students from making changes to there wallpaper, icons, screen saver, this would really also help, along with only allowing them to log in with one session and auto log off after 17:00 hrs.  However, would not like these rules applied to the staff?
0
 
markacareyAuthor Commented:
surya

Placed your script into /etc/rc.local as instructed, logged in as normal user, with none standard wall paper.  Logged out.  Logged in next day (today), wall paper the same?

Script did not work?

Regards

Mark
0
 
ahoffmannCommented:
ok, my suggestion http:#13463022 improved:

1. create a sample directory, lets say /home/sample
2. assuming that Open Office data is stored in ~/OpenOffice
3. add following script (inline or as call to another one) in /etc/profile or /etc/cshr.login (depending on user's login shell)
4. keep in mind that users will store their data in OpenOffice then ...

#! /bin/sh
tmp=/tmp/`uname -n`.$USER.$$
trap 1 2 3 10 12 13 15 16 17 30 31 _abort
function _abort
{
  echo silly attempt
}
tmp=/tmp/`uname -n`.$USER
test -d $tmp && echo multiple login attempt && logout && exit 1
touch $tmp/lock.$$
( cd $tmp && (cd ~ && tar cf - OpenOffice)|tar xf - )
\rm -rf `ls -a | egrep -v '^(\.|\.\.)$'` || logout
(cd $tmp&&tar cf - OpenOffice)|tar xf -
\rm -rf $tmp
exit 0
# to be improved in many ways
0
 
markacareyAuthor Commented:
Whats the purpose of the 'sample' directory?

users use /bash shell.  Should I be adding your script to bashrc file?

Open office is stored in /opt/openoffice

All the clients are ltsp thin clients does this make any difference as they look in /opt/ltsp during startup?
0
 
ahoffmannCommented:
>  Whats the purpose of the 'sample' directory?
it's a clean user skeleton directory, containing all you need/want to give to the user

>   Should I be adding your script to bashrc file?
no
the user coud simply change that
use /etc/profile as I said

> Open office is stored in /opt/openoffice
don't know how you setup your users, but usually there is a small directory for each user, that's the directory I menat in my example
If you don't have such a local directory, you can omit that part.

> All the clients are ltsp thin clients does this make any difference as they look in /opt/ltsp during startup?
I'm not used to ltsp, but I guess that it makes no difference as long as each user has her/his own home directory
0
 
markacareyAuthor Commented:
Ok, Applied, all users gone home.

I can only vnc in.  Never been able to access as a standard user, unless you know a way? Otherwise won't be able to test until the morning...

Regards

Mark
0
 
ahoffmannCommented:
> Applied
hope you tested before ...
0
 
markacareyAuthor Commented:
No test server, and my terminal session is bombing out after putting in pw.

Something to do with bash, then it clears...

able to webmin into server.


Help...
0
 
markacareyAuthor Commented:
Also amended first line to #! /bin/bash, as this is the shell the users use?
0
 
markacareyAuthor Commented:
Amended profile back to orginal, can now log back in...

What do I now?
0
 
markacareyAuthor Commented:
Also tried file exactly as you stated, still stopped login?
0
 
ahoffmannCommented:
please try my suggestion step by step manualy, I don't know your environment !!
0
 
markacareyAuthor Commented:
Do I add the sample directory to the individual users home area i.e. /home/usersx/sample  or /home/sample?
0
 
markacareyAuthor Commented:
Where's the master kept?

i.e. if i change a setting like the proxy server and need this to be set for all clients for next login...
0
 
ahoffmannCommented:
no, my sample directory is the master, no user should ever gain access to it
WHat is the problem in reading and understanding my suggestions? there're only simple commands ;-)
0
 
markacareyAuthor Commented:
No problem, just trying to understand better, sorry if bugging you.  Trying to learn as I go along.

Almost there.  Although, I reset settings back as discribed. I rebooted server, and the test account went back to default :-)

Reapplying your settings as discribed...
0
 
yuzhCommented:
If you read my comment http:#13473118 including the link, it might help you understand a
bit more about the setup.

0
 
markacareyAuthor Commented:
Rebooted server and now just get a grub screen...

0
 
markacareyAuthor Commented:
Ahoffmann

How do I roll back from the grub prompt?

Would a rescue / grub-install improve or makes things worse?

 
0
 
ahoffmannCommented:
don't know what you mean ...
what have you change so that booting hangs/fails?
The suggestions according /home/user should not cause this.
0
 
markacareyAuthor Commented:
What about the script going into /etc/profile?
0
 
yuzhCommented:
If you just simply "copy" the desktop files, it will case problem, the PATH in the sample file is wrong, and the permissions for the files needs to change as well. That's why I ask you to read
my link.

0
 
ahoffmannCommented:
> .. wrong .. permissions
damn, missed that (that the user needs read permission on /home/sample), yuzh is right
0
 
markacareyAuthor Commented:
Thanks yuzh (Will allocate additional points)

Change of question...  Will revisit above once system is restored back online...

Rebuilt server RH9.1. Kept existing "/" it is seen as /dev/hda5.  This contains all my user home directories and current DATA. It is vital i recover this data and copy across user accounts etc. ASAP.  

40Gb h/d
/ = 1Gb
swap = 500Mb
Boot = 100MB
Remaining is allocated to old "/"

System boots ok.  

How do i access the old "/" /dev/hda5 through new system? - Is it just a case of mounting the old "/" what is the correct syntax? I'm still learning linux, more used to GUI front ends, but I an old hand at MSDOS/PCDOS.

What files/directories do I need to copy across to new "/"?

Regards
0
 
ahoffmannCommented:
assuming your old / is on /dev/hdb1

  mkdir /old_slash && mount /dev/hdb1 /old_slash
0
 
markacareyAuthor Commented:
Assuming above works ok...

How do I get the existing user accounts working (over 250 users) working on the new build?  

What files/directories do I need to copy across?
0
 
yuzhCommented:
>>How do I get the existing user accounts working
    You need to transfer at least the passwd shadow group files (eg, if you mount it on
/old, they should be in /old/etc dir), it depands on your Linux version, it is better to post
your OS version for this one.

   You might also need to transfter the user's data (home dirs) to a proper location (defined
in passwd, if you have change their desktop, the bad news are you need to change them back
to a working order as well.

   Do you have a full system backup before making the change, I think it is a good idea to just
restore from backup. If not, you need to learn from this lession, always perform a full backup
before making change to the system unless you are 110% sure what you are doing.

   I looks like we are sitting in different timezone, and hopefully other experts can help you out
in your daytime.

0
 
markacareyAuthor Commented:
Yuzh

My OS is RH 9.1.

What do you mean transfer to proper os location then transfer back?

you re dead right ref back up 'lessons learnt' I was lossing a little hair... I'm now looking for a transplant!!!

0
 
yuzhCommented:
For user account, you need to transfer at least passwd, shadow, group and gshadow.
and please check old your nsswitch.conf file for passwd see if your system use NIS, LDAP
for user account as well

you can do:

grep -i passwd /old/etc/nsswitch.conf

>> You might also need to transfter the user's data (home dirs) to a proper location (defined
in passwd,

eg: your passwd file looks like:
fred:x:1016:1016:Fred Simth,,,:/home/fred:/bin/bash

fred's home dir should be /home/fred, if you have the old date in /old/home/fred, you need
to transfer it to the RIGHT place.

>>if you have change their desktop, the bad news are you need to change them back to a working order as well.

If you have run a script to put a dummy user's desktop files to user fred's account, the permissions will be wrong as I mention before, and their desktop files contains /home/dummy
instead of /home/fred that's why in http:Q_21090956.html#11781485 use a script chstr to change all the files to make it work for the user.

Hope I can make it clear this time.


0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 18
  • 16
  • 8
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now