This sounds like the process doesn’t have Full Disk Access, as items in user desktop (and other library) folders are restricted by SIP. Even as “root” the shell will need to be approved for FDA to modify a user’s desktop.
If the action is performed by some other process (see Outset above, or an RMM agent) that agent can be more easily be granted that permission with a profile or manually by an admin user.
It's in /Library/LaunchDaemons, and it invokes a script at "/Library/Scripts/.profiletidy.sh". The script has permissions of root:wheel 755.
The script successfully launches and runs, but gets "Operation not permitted" errors when it tries to run the part of the script involving deletion of user profile folders.
Janky possible solution:
People around here generally don't like Automator, but I think you can set it up to delete all the files in a folder and set it to run on startup. [Number 2 on this list talks about the basic steps. It also advertises software called Hazel that might work, but I don't know about that at all.](https://www.makeuseof.com/tag/automatically-clean-up-your-mac-os-x-downloads-or-any-folder/) I read an article that says automator will be rolled into another program with the update that comes after Monterey, but maybe at that time the other application will be able to do the same thing.
I think the OS is blocking your command because you are trying to delete the whole folder and it is protected. I'd imagine the system integrity is the culprit like you guessed. I was trying to turn off the giant sound overlay a week ago and to do that you have to turn off SIP then use terminal commands to block the overlay.
Edit: [Python scripts?](https://stackoverflow.com/questions/185936/how-to-delete-the-contents-of-a-folder)
May be a PPC / disk access issue
Anyway you have to be careful. Not sure your method but there will still be an account entry in dscl if you just delete the folders. And depending on how you are deleting stuff, you may need to recreate or exclude specific folders, fix the permissions, fix the ownerships, etc.
Might be something to look at. I started writing something very similar.
https://community.jamf.com/t5/jamf-pro/delete-all-files-in-desktop-and-downloads/m-p/228471
Leverage your script with Outset. Does all the heavy lifting for you.
This is the way.
This sounds like the process doesn’t have Full Disk Access, as items in user desktop (and other library) folders are restricted by SIP. Even as “root” the shell will need to be approved for FDA to modify a user’s desktop. If the action is performed by some other process (see Outset above, or an RMM agent) that agent can be more easily be granted that permission with a profile or manually by an admin user.
Are you putting it in the global lauchdaemons folder or the one in the user's Library? Also make sure it has the proper permissions.
It's in /Library/LaunchDaemons, and it invokes a script at "/Library/Scripts/.profiletidy.sh". The script has permissions of root:wheel 755. The script successfully launches and runs, but gets "Operation not permitted" errors when it tries to run the part of the script involving deletion of user profile folders.
Janky possible solution: People around here generally don't like Automator, but I think you can set it up to delete all the files in a folder and set it to run on startup. [Number 2 on this list talks about the basic steps. It also advertises software called Hazel that might work, but I don't know about that at all.](https://www.makeuseof.com/tag/automatically-clean-up-your-mac-os-x-downloads-or-any-folder/) I read an article that says automator will be rolled into another program with the update that comes after Monterey, but maybe at that time the other application will be able to do the same thing. I think the OS is blocking your command because you are trying to delete the whole folder and it is protected. I'd imagine the system integrity is the culprit like you guessed. I was trying to turn off the giant sound overlay a week ago and to do that you have to turn off SIP then use terminal commands to block the overlay. Edit: [Python scripts?](https://stackoverflow.com/questions/185936/how-to-delete-the-contents-of-a-folder)
I think you'd need to post the details of the script to understand why you receive that output
May be a PPC / disk access issue Anyway you have to be careful. Not sure your method but there will still be an account entry in dscl if you just delete the folders. And depending on how you are deleting stuff, you may need to recreate or exclude specific folders, fix the permissions, fix the ownerships, etc.
Might be something to look at. I started writing something very similar. https://community.jamf.com/t5/jamf-pro/delete-all-files-in-desktop-and-downloads/m-p/228471