do a full comparison of folder contents in script

Shell Programming and Scripting
1

Hello everyone....

I have a small issue here at work and I am trying to script out a way to automate a fix for it. I have a small number of users (I work in a 1:1 with 6,000 macbooks) that aren't really managed in my deployment. They are managed with a few policies, but the policies are broken because they never turn their laptops in or get them reimaged. I have had to wipe LDAP a few times for upgrades/maintenance/fixes and their synchronized portable home directory has a different UID than the new UID since I did fresh imports of user accounts both times I destroyed and rebuilt LDAP.

So, I have a script written which seems to be going the correct way of doing this, but I am not exactly a Unix wizard so I have some basic questions hopefully someone here can help me with.

The script's function will be to copy all local user accounts in /Users to /Users/username.bu for a full back up of the account. Then, it will initiate a log out, and a log out hook that will run the second script that will verify all data is copied to the back up folder (.bu) and then delete the account from directory services and wipe the original data out of their local user account.

This way, when the user logs in next, they will have pulled down the new account to their machine that has the exact same user/password but this time it will be the right UID. Then they will be in the proper OD groups and get group policy as normal.

I hope that makes sense. Also, only accounts that have a UID higher than 1000+ are directory accounts, so I want to ignore all accounts with an UID less than 999.

So far here is my script I wrote, and like I mentioned, I am completely self taught and have no formal education in programming.

#!/bin/bash

#
# First we need to grab the synchronnized user account
# All directory accounts will have a UID greater than 1000
# All local accounts will have a UID of 500 to 999
# We only want to move accounts with UID of greater than 1000
# This will also exclude the shared folder
#

userlist=`/bin/ls /Users | /usr/bin/grep -v "^Shared"`

checkuid=`/usr/bin/dscl . read /Users/$i UniqueID | /usr/bin/awk '/ID/ { print $2 }'`

for i in $userlist ; do

if (( $checkuid > 999 )) 

    then /bin/mkdir /Users/$i.bu ;; /bin/cp -R /Users/$i /Users/$i.bu

    else /bin/echo "$i is not a directory user"
   
    exit 5

fi

done

#
# now the tricky part we need to verify what was done, is done then delete the old account
# so the user can sync the new account with the proper UID
#

homefolder=`/bin/ls -l $userlist/`

backup="/Users/$userlist.bu"

# now compare contents

if [[ $homefolder == $backup ]]

    then /usr/sbin/dscl . -delete /Users/$userlist

    else /bin/echo "Contents do not match, exiting"

    exit 1

fi

done

#
# Now remove the contents of those user accounts by comparing what has 
# .bu on the end
#

removeuser=`/bin/ls /Users | /usr/bin/grep ".bu"

/bin/rm -rf /Users/$removeuser

exit 0

Now the second script will just copy that data back after the user logs in again and resynchronizes their PHD with the proper UID. Then the last bit will apply ownership to that new UID and exit.

A few questions....

1) Should I have used an integer comparison when comparing the current UID to it being greater than 999?

2) There are probably some issues with this script as I have not tested it out fully yet, because I was wanting some feed back to see if there was a better way to go. Is there a more efficient way to go about this?

Thanks for anyone who can help, it is greatly appreciated.

Tom

2

I am not understanding this.
This lists all of the users with UID >= 1000

awk '$3 > 999 { print "username=", $1, " login directory=", $6}' /etc/passwd

You can change the login directory for any user by using the the equivalent of the useradd utility. Editing the /etc/passwd file is not a great idea on some systems. What flavor of unix do you have?

You can also create a common login entry:
modify /etc/profile

    if [[ $UID -gt 999 ]] ; then
        # do whatever you need here.  Based on the userid
    fi

You do not need to put code in each users home directory. If you put code in /etc/profile it is protected from modification by users.

But - then I'm confused as to what you are really doing.

3

I am using OS X 10.5.8 from Apple. All of there user accounts either local or network are handled by directory services. All local accounts have a range of UID 500 to 999 and all directory accounts have UID 1001 and up, with UID 1000 being that of the directory admin account.

I am on my third year of my 1:1 and some staff members have never had their laptops wiped and reimaged. During that time I have completely destroyed and recreated LDAP, so all those user accounts got new UIDs. Some of those faculty members that have their old PHD synchronized to their machines have a mismatching UID in Open Directory, thus that account is not a member of any OD groups.

Sorry if I am not making any sense.

So I need to loop through all users in /Users and check their UID. If the account is local, I don't want to touch it and I want it to be skipped. So any account that is UID 500 to 999 should not be touched. Any account that is in the OD account UID range of 1001+ needs to be copied to a back up folder, then have the account erased and when the new account is created I will have a self service script where the user can execute it and it will copy all data back where it was and apply ownership to the new user account.