Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Delete users accounts from command line in 10.5 System 10.5
I work at an Apple authorized service provider, and many times we need to do a new OS X install, create a (temporary) user account, run all the updates, then delete the user account and get the machine back to "new" condition, i.e. no user accounts and Setup Assistant runs at boot.

The process in 10.4 is pretty well documented, but not so 10.5. Here's a process I've come up with and tested twice. It's not as elegant as just deleting the whole netinfo database, but it still seems to accomplish what I need. Hopefully someone more knowledgeable can improve it!

To delete a user from the command line in 10.5:
  1. Boot into single user mode. Hold Command-s at startup.
  2. Check the filesystem: /sbin/fsck -fy
  3. If no remaining errors, mount the filesystem: /sbin/mount -uw /
  4. Start up directory services:
    launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
    Note that single user mode said to use com.apple.DirectoryServicesLocal.plist, but that didn't work -- this did.
  5. Find what groups the user belongs to: dscl . -list /groups GroupMembership | grep username -- repeat for each group except for the user's own group.
  6. Remove the group corresponding to the username: dscl . delete /groups/username (this may not be necessary -- you may get an error that the group doesn't exist; you can ignore it and go on).
  7. Remove the user account: dscl . delete /users/username
  8. At this point, you may wish to remove or archive the user folder in /Users.
  9. You may wish to remove the .AppleSetupDone file in /var/db to cause the Setup Assistant to run when next booted.
  10. All done? Type reboot to reboot the system or shutdown -h now to shut down the system.
Much of this was taken from this entry in Robert Daeley's blog at O'Reilly. Please know what you're doing before trying this -- the dscl command will let you wreak havoc on your system if you're not careful!
    •    
  • Currently 3.09 / 5
  You rated: 3 / 5 (11 votes cast)
 
[84,338 views]  

10.5: Delete users accounts from command line in 10.5 | 18 comments | Create New Account
Click here to return to the '10.5: Delete users accounts from command line in 10.5' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Delete users accounts from command line in 10.5
Authored by: mkuron on Jun 09, '09 07:55:07AM
It's not as elegant as just deleting the whole netinfo database, but it still seems to accomplish what I need.
Anybody ever try deleting the whole dslocal on Leopard? That's what Apple replaced the NetInfo database with. It's located in /var/db/dslocal .

[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: keytohwy on Jun 09, '09 08:44:54AM
10.5: Delete users accounts from command line in 10.5
Authored by: mantrid on Jun 09, '09 02:09:05PM

For one thing, it was submitted earlier, it would seem.



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: leamanc on Jun 09, '09 06:55:56PM

The earlier hint was geared toward letting you delete all accounts from a system, which you can't do from the GUI because System Prefs' Accounts pane is hard-coded to not let you delete the last Admin account on a system.

So, yes, this hint is basically the same but is geared more toward deleting just the one account you set up for your testing/setup purposes.

Same tools, but a different approach for (slightly) different circumstances.



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: nilness on Jun 09, '09 09:33:17AM
Here's a little script I wrote that will clear user info on recent versions of OS X. Drop it in the root level of the hard drive, then boot to single user mode and run it.

Please note that I hard coded the user account; someone could easily modify it to find it automatically or as a command line argument. Also the script removes itself, and the name and location are hardcoded, so adjust those as well.

My scripting is pretty rusty but it gets the job done; I'd love to see someone clean it up a bit. Really wish this functionality could get rolled into AppleJack...

PS - I'm sure I looked at the same sources as the OP when I wrote this - I don't want to take credit for the methodology.

======================================


# /bin/sh

# check and mount the hard drive
/sbin/fsck -fy
/sbin/mount -uw /

#determine which OS we're on - clunky but it works...
x_5=`sw_vers -productVersion | grep "10.5"`
x_4=`sw_vers -productVersion | grep "10.4"`
x_3=`sw_vers -productVersion | grep "10.3"`

#if we're 10.5, remove user account this way
if [[ $x_5 != "" ]]; then
# start directory services
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist

# remove  user from directory services
dscl . -delete /groups/_appserveradm GroupMembership username
dscl . -delete /groups/_appserverusr GroupMembership username
dscl . -delete /groups/_lpadmin GroupMembership username
dscl . -delete /groups/admin GroupMembership username
dscl . -delete /groups/com.apple.sharepoint.group.1 GroupMembership username
dscl . -delete /groups/staff GroupMembership username

dscl . -delete /users/username

elif [[ $x_4 != "" ]]; then
#if we're in 10.4 remove the user account this way
# remove netinfo database
rm -rf /var/db/netinfo/local.nidb

elif [[ $x_3 != "" ]]; then
#if we're in 10.3 remove the user account this way
# remove netinfo database
rm -rf /var/db/netinfo/local.nidb

else
echo "unrecognized system"
exit
fi

#further commands will run in 10.3, 10.4, or 10.5
# delete user folder
rm -rf /Users/username

# remove setup done file so setup runs on boot
rm /var/db/.AppleSetupDone

# remove network configuration files
rm /Library/Preferences/SystemConfiguration/*

# remove this script
rm /userreset.sh

# shutdown the computer
shutdown -h now


[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: nilness on Jun 09, '09 11:59:20AM

Just noticed my account name on the original post. I didn't even realize that was my submission! I sent it in a LONG time ago (at least in 'net time). So sorry for commenting on my own hint w/o realizing it!

It's been a while since I was researching this but I don't think just deleting /var/db/dslocal worked - don't remember why. It probably deletes too many entries.



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: bcometa on Jun 10, '09 01:07:11PM

excuse my ignorance with this script/command line stuff:

what's the proper way to save this? just in textedit? or script editor?

can you give the command to run this at single user startup, after moving to root of boot drive?

Also, the only thing needed to be modified on your script is "username", right, to the temp user I want to delete?

thanks in advance!!



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: wallybear on Jun 10, '09 02:15:11PM

Two simple changes to address the two issues of your script (the hardcoded user name and script name):

You can get the short ID 501 user name with the command: id -un 501
So if you add this

USERNAME=`id -un 501`

at the beginning of your script and then substitute all "username" occurrences with $USERNAME you get the automatic user detection you wished for.

Secondly, you can get the full pathname of the called script using the $0 variable, so you can substitute the lines:

# remove this script
rm /userreset.sh

with those:

# remove this script
rm $0

and the script will be deleted doesn't matter which name you gave it.



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: nilness on Jun 11, '09 08:03:41AM

bcmeta-

Copy and paste it into text edit, make sure it's plain text not RTF, then save it as "userreset.sh" or whatever you'd like; just make sure the ".sh" is on the end. And note that if you change the name of the script you'll need to change the script line that deletes itself - use wallybear's suggestion to make it painless.

Put it in the root level of the hard drive, reboot into single user mode, and type "sh userreset.sh" or whatever you named it.

The script will run then delete itself and shut the machine down when it's finished.

wallybear-

Thanks for the input! I'm REALLY rust on shell scripting but figured there was probably an easy way to do this. For our needs the hardcoding is fine but I certainly prefer to have a more flexible solution.

Do you know off-hand if the "id" command and "$0" variable work consistently with 10.3 & 10.4? As you can see I'm trying to keep the script flexible enough to use with all the OS's we're likely to need it with.

Thanks for the help!



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: wallybear on Jun 11, '09 01:03:38PM

"Do you know off-hand if the "id" command and "$0" variable work consistently with 10.3 & 10.4? As you can see I'm trying to keep the script flexible enough to use with all the OS's we're likely to need it with."

The $0 variable is a standard for bash/sh, so it works in 10.3 & 10.4 also.
Regarding the "id" command, man states that "The id command appeared in 4.4BSD."; I don't know if it is available in 10.3.x in general, but I can confirm it is from 10.3.9 and later.



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: nilness on Jun 12, '09 07:19:29AM

Thanks... of course I just did a little testing and it looks like the id command won't work in single user mode without starting netinfo/directory services. Not a problem for 10.5 since that has to be done anyway, but I guess I'll have to see about starting & stopping netinfo in 10.3 & 10.4. I'm not sure it's worth the trouble - starting to wonder if listing the user directory might be easier!



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: theocrates on Jun 09, '09 03:50:10PM

I recently wanted to do this but kept running into problems, even with the other hints here at the site.

One problem was that while I was able to successfully delete the temp user account and the AppleSetupDone file, even after rerunning the setup upon restart the OS does not set the first user to User ID 501.

Nilness, did you check to see if your hint here resets the User ID to 501 upon rerunning of the setup routine?



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: keytohwy on Jun 09, '09 10:03:05PM

Why is that important? To have the user at 501?



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: nilness on Jun 10, '09 07:42:35AM

Just checked this on a 10.5 system and yes, the next user id after resetting will be 501.

In 10.4 and earlier IIRC it will be 501 as well, since you're deleting the whole netinfo db.

And for the poster who asked why it matters, if you're recovering data or trying to rebuild the user accounts from another drive it's MUCH easier to make sure the user ids match up from the start.



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: ticks on Jun 29, '09 09:39:34PM

This seems to work except I'm looking to have iWork '09 installed first, do software updates system-wide, and then delete the user account.

I can't seem to find a way to make this work as after restarting Pages, Numbers, and Keynote all say:

"Files that iWork needs are missing. To restore the missing files, use the iWork Installer to reinstall iWork."

Any help or ideas?



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: barilasun on Aug 06, '10 12:10:15PM

I saved the scipt as "script.sh" on Macintosh HD (root level of hd). How can I run this script from the command line ??



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: magicg on Sep 15, '11 07:57:05AM

Take a Look here:

http://install-climber.blogspot.com/2011/09/delete-users-and-groups-from-terminal.html



[ Reply to This | # ]
10.5: Delete users accounts from command line in 10.5
Authored by: ktappe on Oct 11, '11 02:22:18PM

At the top, the hint says this must all be run from single user mode. I've found there is an alternative: Run it via ssh on a Mac that you're sure is at the login screen with nobody logged in locally. The dscl commands certainly do fail if you're logged into the GUI, but work fine over ssh, which is great news for those of us trying to support Macs that are hundreds of miles away that we can't put into single user mode.

HTH,
-K



[ Reply to This | # ]