Am 20. Mar, 2007 schwätzte Craig White so: > On Tue, 2007-03-20 at 09:05 -0700, Nathan Aubrey wrote: >> On Tuesday 20 March 2007, you wrote: >>> ---- Nathan Aubrey wrote: >>>> On Monday 19 March 2007, Craig White wrote: >>>>> looking for a way to have user accounts (local or ldap) whose data is >>>>> erased (not saved) upon logout. >>>>> >>>>> Are there any methods that can accomplish this? >>>> >>>> Make sure you have it setup to create their account with pam on login, >>>> then when logging out edit the .bash_logout file to delete their homedir. >>>> When they login again, it will be re-created. Make sure everything they >>>> need to login is ready in the /etc/skel file, including the correct >>>> .bash_logout file >>> >>> you know I thought something like this would work, but after looking at the >>> bash man page for a while, I'm not sure. >>> >>> 1) you would have to make certain when you create the directory that you >>> create a .bash_logout that is owned by root, and that the perms don't allow >>> any other user to edit .bash_logout. >>> >>> 2) also, can you delete a parent directory while reading a file in it? that >>> would be the case if you are executing .bash_logout while trying to delete >>> its parent directory. >>> >>> Jerry >>> >> >> If the .bash_logout script calls an external script, say >> >> /usr/bin/remove_user $user >> >> Setup the pammkdir to create the users directory with permissions so a user >> can delete his own home folder, then make the /usr/bin/remove_user script do >> a simple check to verify the user requesting the deletion is the same as the >> one who owns the folder. >> >> it should be pretty simple to setup. > ---- > thanks to all - interestingly everyone seemed to point to .bash_logout > and deleting the users' $HOME If the user can adjust .bash_logout ( and maybe $HOME ), then you can't count on it. $ bash -l $ exit logout fred $ bash -l $ export HOME=/tmp $home/lufthans$ exit logout $ cat .bash_logout echo fred sleep 2 /etc/bash_logout The systemwide login shell cleanup file, executed when a login shell exits Maybe that would work. > I was hoping to do something more like a Windows 'Mandatory' profile > which is a pre-configured profile but locked though I presume that I > could just keep a copy of that profile somewhere and using .bash_logout, > copy this directory into place of the now logged out home directory. Do you need users to be able to write to the home dir? ciao, der.hans -- # https://www.LuftHans.com/ http://www.CiscoLearning.org/ # Don't step in front of speeding cars, don't eat explosives # and don't use m$ LookOut :). - der.hans