File and Folder Deletion Management for macOS
Implement enterprise-grade file and folder deletion management across your MacFleet deployment with secure data removal, audit trails, backup protection, compliance management, and automated cleanup operations. This tutorial provides solutions for maintaining data hygiene while ensuring security, compliance, and data protection.
Understanding macOS File Deletion Management
macOS provides several methods for file and folder deletion:
rm- Remove files and directories from command linerm -r- Recursive deletion for directories with contentsrm -f- Force deletion without confirmation prompts- Finder - GUI-based trash/delete operations
srm- Secure deletion with data overwriting (legacy)
Basic File Deletion Operations
Simple File/Folder Deletion
#!/bin/bash
# Basic file deletion
rm '/path to the file or folder'Recursive Directory Deletion
#!/bin/bash
# Recursive folder deletion
rm -rf /Users/username/Desktop/My\ FilesDelete Folder Contents Only
#!/bin/bash
# Delete folder contents
rm '/path to the folder/*'Multiple File Deletion
#!/bin/bash
# Delete multiple specific files
rm Desktop/1.png Desktop/2.png
# Delete files by pattern
rm Desktop/{1,2}.png
# Delete all files of type
rm Desktop/*.pngEnterprise File Deletion Management System
#!/bin/bash
# MacFleet Enterprise File and Folder Deletion Management Tool
# Secure data removal with compliance and audit capabilities
# Configuration
CONFIG_FILE="/etc/macfleet/file_deletion_policy.conf"
LOG_FILE="/var/log/macfleet_file_deletion.log"
BACKUP_DIR="/Library/MacFleet/DeletedFiles"
AUDIT_LOG="/var/log/macfleet_deletion_audit.log"
QUARANTINE_DIR="/Library/MacFleet/QuarantinedFiles"
# Create directories
mkdir -p "$(dirname "$CONFIG_FILE")" "$(dirname "$LOG_FILE")" "$BACKUP_DIR" "$(dirname "$AUDIT_LOG")" "$QUARANTINE_DIR"
# Default file deletion management policy
cat > "$CONFIG_FILE" 2>/dev/null << 'EOF' || true
# MacFleet Enterprise File Deletion Management Policy
# Version: 2.0
# Deletion Policy Enforcement
ENFORCE_DELETION_POLICIES=true
REQUIRE_BACKUP_BEFORE_DELETE=true
SECURE_DELETION_ENABLED=true
PREVENT_SYSTEM_FILE_DELETION=true
BUSINESS_HOURS_PROTECTION=true
# Security and Data Protection
REQUIRE_ADMIN_APPROVAL=false
VALIDATE_FILE_PERMISSIONS=true
PROTECTED_DIRECTORIES_ENFORCEMENT=true
MALWARE_QUARANTINE_CHECK=true
SENSITIVE_DATA_DETECTION=true
# Backup and Recovery
AUTOMATIC_BACKUP_ENABLED=true
BACKUP_RETENTION_DAYS=30
COMPRESSED_BACKUPS=true
ENCRYPTED_BACKUPS=true
RECOVERY_VALIDATION=true
# Compliance and Audit
AUDIT_ALL_DELETIONS=true
COMPLIANCE_REPORTING=true
INCIDENT_DOCUMENTATION=true
GDPR_COMPLIANCE=true
DATA_CLASSIFICATION_AWARE=true
# User Experience
USER_NOTIFICATION_ENABLED=true
DELETION_CONFIRMATION=true
PROGRESS_MONITORING=true
BATCH_OPERATION_SUPPORT=true
ROLLBACK_CAPABILITY=true
# Performance and Safety
DELETION_TIMEOUT=300
MAX_CONCURRENT_DELETIONS=5
SIZE_LIMIT_CHECK=true
FREE_SPACE_MONITORING=true
SYSTEM_LOAD_MONITORING=true
EOF
# Source configuration
source "$CONFIG_FILE" 2>/dev/null || true
# Logging function
log_action() {
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}
# Audit logging function
audit_log() {
local action="$1"
local file_path="$2"
local result="$3"
local details="$4"
echo "$(date '+%Y-%m-%d %H:%M:%S') - ACTION:$action FILE:$file_path RESULT:$result DETAILS:$details USER:$(whoami) SIZE:$(get_file_size "$file_path")" >> "$AUDIT_LOG"
}
# Get file size for audit
get_file_size() {
local file_path="$1"
if [[ -e "$file_path" ]]; then
du -sh "$file_path" 2>/dev/null | awk '{print $1}' || echo "unknown"
else
echo "0"
fi
}
# Validate file deletion safety
validate_deletion_safety() {
local file_path="$1"
local force="${2:-false}"
echo "=== File Deletion Safety Validation ==="
# Check if file/directory exists
if [[ ! -e "$file_path" ]]; then
echo "❌ File or directory not found: $file_path"
audit_log "VALIDATION" "$file_path" "NOT_FOUND" "File or directory does not exist"
return 1
fi
echo "✅ File/directory found: $file_path"
# Prevent system file deletion
if [[ "$PREVENT_SYSTEM_FILE_DELETION" == "true" ]]; then
local protected_paths=(
"/System"
"/Library/System"
"/usr/bin"
"/usr/sbin"
"/bin"
"/sbin"
"/var/db"
"/private/var/db"
"/Applications/Utilities"
)
for protected_path in "${protected_paths[@]}"; do
if [[ "$file_path" == "$protected_path"* ]]; then
echo "❌ Cannot delete protected system path: $file_path"
audit_log "VALIDATION" "$file_path" "PROTECTED_PATH" "System file deletion blocked"
return 1
fi
done
fi
# Check protected directories
if [[ "$PROTECTED_DIRECTORIES_ENFORCEMENT" == "true" && "$force" != "true" ]]; then
local protected_dirs=(
"/Users/*/Documents/Important"
"/Users/*/Desktop/Critical"
"/Library/MacFleet/Config"
"/etc"
"/Applications"
)
for protected_dir in "${protected_dirs[@]}"; do
if [[ "$file_path" == $protected_dir* ]]; then
echo "❌ File in protected directory: $file_path"
audit_log "VALIDATION" "$file_path" "PROTECTED_DIR" "Protected directory access blocked"
return 1
fi
done
fi
# Business hours protection for user data
if [[ "$BUSINESS_HOURS_PROTECTION" == "true" && "$force" != "true" ]]; then
local current_hour
current_hour=$(date +%H)
local current_day
current_day=$(date +%u) # 1=Monday, 7=Sunday
if [[ $current_day -ge 1 && $current_day -le 5 && $current_hour -ge 9 && $current_hour -lt 18 ]]; then
if [[ "$file_path" == "/Users/"* ]]; then
echo "⚠️ Business hours protection: User data deletion restricted"
audit_log "VALIDATION" "$file_path" "BUSINESS_HOURS" "User data deletion blocked during business hours"
return 1
fi
fi
fi
# Check file permissions
if [[ "$VALIDATE_FILE_PERMISSIONS" == "true" ]]; then
if [[ ! -w "$file_path" && ! -w "$(dirname "$file_path")" ]]; then
echo "❌ Insufficient permissions to delete: $file_path"
audit_log "VALIDATION" "$file_path" "NO_PERMISSION" "Insufficient permissions for deletion"
return 1
fi
fi
# Sensitive data detection
if [[ "$SENSITIVE_DATA_DETECTION" == "true" ]]; then
if detect_sensitive_data "$file_path"; then
echo "⚠️ Sensitive data detected in: $file_path"
if [[ "$force" != "true" ]]; then
audit_log "VALIDATION" "$file_path" "SENSITIVE_DATA" "Sensitive data deletion requires force flag"
return 1
fi
fi
fi
audit_log "VALIDATION" "$file_path" "PASSED" "All safety checks passed"
return 0
}
# Detect sensitive data in files
detect_sensitive_data() {
local file_path="$1"
if [[ -f "$file_path" ]]; then
# Check for common sensitive data patterns
local sensitive_patterns=(
"\b\d{3}-\d{2}-\d{4}\b" # SSN pattern
"\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b" # Credit card pattern
"password"
"secret"
"private.*key"
"confidential"
)
for pattern in "${sensitive_patterns[@]}"; do
if grep -qi "$pattern" "$file_path" 2>/dev/null; then
return 0 # Sensitive data found
fi
done
fi
return 1 # No sensitive data found
}
# Create backup before deletion
create_backup() {
local file_path="$1"
local backup_reason="${2:-deletion}"
if [[ "$AUTOMATIC_BACKUP_ENABLED" != "true" ]]; then
return 0
fi
echo "=== Creating Backup ==="
local backup_timestamp
backup_timestamp=$(date +%Y%m%d_%H%M%S)
local backup_name
backup_name="$(basename "$file_path")_${backup_timestamp}_${backup_reason}"
local backup_path="$BACKUP_DIR/$backup_name"
# Create backup directory structure
mkdir -p "$BACKUP_DIR"
# Copy file/directory to backup location
if [[ -d "$file_path" ]]; then
# Directory backup
if [[ "$COMPRESSED_BACKUPS" == "true" ]]; then
tar -czf "${backup_path}.tar.gz" -C "$(dirname "$file_path")" "$(basename "$file_path")" 2>/dev/null
backup_path="${backup_path}.tar.gz"
else
cp -R "$file_path" "$backup_path" 2>/dev/null
fi
else
# File backup
if [[ "$COMPRESSED_BACKUPS" == "true" && $(stat -f%z "$file_path" 2>/dev/null || echo 0) -gt 1048576 ]]; then
gzip -c "$file_path" > "${backup_path}.gz" 2>/dev/null
backup_path="${backup_path}.gz"
else
cp "$file_path" "$backup_path" 2>/dev/null
fi
fi
if [[ $? -eq 0 ]]; then
echo "✅ Backup created: $backup_path"
# Encrypt backup if enabled
if [[ "$ENCRYPTED_BACKUPS" == "true" ]]; then
encrypt_backup "$backup_path"
fi
# Record backup in metadata
echo "$(date -u +%Y-%m-%dT%H:%M:%SZ)|$file_path|$backup_path|$backup_reason" >> "$BACKUP_DIR/backup_manifest.log"
log_action "Backup created for $file_path at $backup_path"
audit_log "BACKUP" "$file_path" "CREATED" "Backup path: $backup_path"
return 0
else
echo "❌ Failed to create backup for: $file_path"
log_action "FAILED: Backup creation failed for $file_path"
audit_log "BACKUP" "$file_path" "FAILED" "Backup creation error"
return 1
fi
}
# Encrypt backup file
encrypt_backup() {
local backup_path="$1"
# Simple encryption using built-in tools (in production, use proper enterprise encryption)
if command -v openssl >/dev/null 2>&1; then
openssl enc -aes-256-cbc -salt -in "$backup_path" -out "${backup_path}.enc" -k "MacFleet_Backup_Key_$(date +%Y)" 2>/dev/null
if [[ $? -eq 0 ]]; then
rm "$backup_path"
echo "🔐 Backup encrypted: ${backup_path}.enc"
log_action "Backup encrypted: ${backup_path}.enc"
fi
fi
}
# Secure file deletion
secure_delete() {
local file_path="$1"
local secure_passes="${2:-3}"
echo "=== Secure Deletion Process ==="
if [[ ! -e "$file_path" ]]; then
echo "❌ File not found for secure deletion: $file_path"
return 1
fi
local file_size
file_size=$(get_file_size "$file_path")
# For files, perform secure overwrite before deletion
if [[ -f "$file_path" && "$SECURE_DELETION_ENABLED" == "true" ]]; then
echo "🔐 Performing secure deletion with $secure_passes passes..."
# Multiple pass overwrite
for ((pass=1; pass<=secure_passes; pass++)); do
echo "Pass $pass/$secure_passes: Overwriting with random data..."
dd if=/dev/urandom of="$file_path" bs=1024 count=$(du -k "$file_path" 2>/dev/null | cut -f1) 2>/dev/null || true
sync
done
# Final zero pass
dd if=/dev/zero of="$file_path" bs=1024 count=$(du -k "$file_path" 2>/dev/null | cut -f1) 2>/dev/null || true
sync
echo "🔐 Secure overwrite completed"
audit_log "SECURE_DELETE" "$file_path" "OVERWRITTEN" "Secure overwrite with $secure_passes passes"
fi
# Perform final deletion
if [[ -d "$file_path" ]]; then
# Directory deletion
rm -rf "$file_path" 2>/dev/null
else
# File deletion
rm -f "$file_path" 2>/dev/null
fi
local deletion_result=$?
if [[ $deletion_result -eq 0 ]]; then
echo "✅ File securely deleted: $file_path (Size: $file_size)"
audit_log "SECURE_DELETE" "$file_path" "SUCCESS" "Secure deletion completed (Size: $file_size)"
return 0
else
echo "❌ Failed to delete: $file_path"
audit_log "SECURE_DELETE" "$file_path" "FAILED" "Deletion failed"
return 1
fi
}
# Enterprise file deletion with comprehensive management
enterprise_file_delete() {
local file_path="$1"
local force="${2:-false}"
local secure="${3:-true}"
local backup="${4:-true}"
echo "=== Enterprise File Deletion ==="
if [[ -z "$file_path" ]]; then
echo "❌ File path required"
return 1
fi
log_action "ENTERPRISE FILE DELETE: Starting deletion of $file_path"
# Pre-deletion validation
if ! validate_deletion_safety "$file_path" "$force"; then
log_action "FAILED: File deletion safety validation failed for $file_path"
return 1
fi
# Create backup if required
if [[ "$backup" == "true" || "$REQUIRE_BACKUP_BEFORE_DELETE" == "true" ]]; then
if ! create_backup "$file_path" "pre_deletion"; then
if [[ "$force" != "true" ]]; then
echo "❌ Backup failed and force mode not enabled"
return 1
else
echo "⚠️ Proceeding without backup (force mode)"
fi
fi
fi
# Check system resources
check_system_resources
# User confirmation if enabled
if [[ "$DELETION_CONFIRMATION" == "true" && "$force" != "true" ]]; then
echo "⚠️ Deletion confirmation required for: $file_path"
# In automated scripts, this would integrate with approval workflows
log_action "Deletion confirmation required for $file_path"
fi
# Perform deletion
local start_time
start_time=$(date +%s)
if [[ "$secure" == "true" ]]; then
secure_delete "$file_path"
else
# Standard deletion
if [[ -d "$file_path" ]]; then
rm -rf "$file_path" 2>/dev/null
else
rm -f "$file_path" 2>/dev/null
fi
fi
local deletion_result=$?
local end_time
end_time=$(date +%s)
local duration=$((end_time - start_time))
# Send notifications
send_deletion_notification "$file_path" "$deletion_result" "$duration"
# Cleanup and verification
if [[ $deletion_result -eq 0 ]]; then
echo "✅ File deletion completed successfully: $file_path"
log_action "SUCCESS: File deleted successfully: $file_path (Duration: ${duration}s)"
# Update usage statistics
update_deletion_stats "$file_path"
# Cleanup related files
cleanup_related_files "$file_path"
return 0
else
echo "❌ File deletion failed: $file_path"
log_action "FAILED: Could not delete file: $file_path"
return 1
fi
}
# Send deletion notification
send_deletion_notification() {
local file_path="$1"
local result="$2"
local duration="$3"
if [[ "$USER_NOTIFICATION_ENABLED" != "true" ]]; then
return 0
fi
echo "=== Sending Deletion Notifications ==="
local notification_title="MacFleet File Management"
local result_text="success"
if [[ $result -ne 0 ]]; then
result_text="failed"
fi
local notification_message="File deletion $result_text: $(basename "$file_path") (${duration}s)"
# Display notification to logged-in users
local logged_users
logged_users=$(who | awk '{print $1}' | sort -u)
for user in $logged_users; do
if [[ -n "$user" ]]; then
sudo -u "$user" osascript -e "display notification \"$notification_message\" with title \"$notification_title\"" 2>/dev/null || true
echo "📱 Notification sent to user: $user"
fi
done
log_action "Deletion notifications sent for $file_path ($result_text)"
}
# Bulk file deletion operations
bulk_file_deletion() {
local file_list="$1"
local force="${2:-false}"
local secure="${3:-true}"
echo "=== Bulk File Deletion Operations ==="
local success_count=0
local failure_count=0
local total_count=0
local total_size=0
# Handle different input types
if [[ -f "$file_list" ]]; then
# File list from file
while IFS= read -r file_path; do
# Skip empty lines and comments
if [[ -z "$file_path" || "$file_path" == \#* ]]; then
continue
fi
((total_count++))
echo "Processing ($total_count): $file_path"
if enterprise_file_delete "$file_path" "$force" "$secure"; then
((success_count++))
else
((failure_count++))
fi
echo "---"
sleep 1 # Brief pause between operations
done < "$file_list"
else
# Pattern-based deletion
echo "Pattern-based deletion: $file_list"
# Expand pattern and process each file
for file_path in $file_list; do
if [[ -e "$file_path" ]]; then
((total_count++))
echo "Processing ($total_count): $file_path"
if enterprise_file_delete "$file_path" "$force" "$secure"; then
((success_count++))
else
((failure_count++))
fi
fi
done
fi
echo "=== Bulk Deletion Summary ==="
echo "Total files processed: $total_count"
echo "Successful deletions: $success_count"
echo "Failed deletions: $failure_count"
log_action "Bulk deletion completed: $success_count/$total_count successful"
audit_log "BULK_DELETE" "MULTIPLE" "COMPLETED" "Success: $success_count Failed: $failure_count Total: $total_count"
}
# Cleanup old backups based on retention policy
cleanup_old_backups() {
echo "=== Backup Retention Cleanup ==="
if [[ ! -d "$BACKUP_DIR" ]]; then
echo "No backup directory found"
return 0
fi
local retention_days="${BACKUP_RETENTION_DAYS:-30}"
local cleanup_count=0
# Find and remove old backups
while IFS= read -r old_backup; do
if [[ -n "$old_backup" ]]; then
rm -f "$old_backup"
((cleanup_count++))
echo "Removed old backup: $old_backup"
fi
done < <(find "$BACKUP_DIR" -type f -mtime +$retention_days 2>/dev/null)
echo "Cleaned up $cleanup_count old backups (older than $retention_days days)"
log_action "Backup cleanup: $cleanup_count old backups removed"
}
# Check system resources before deletion
check_system_resources() {
echo "=== System Resource Check ==="
# Check available disk space
local available_space
available_space=$(df -h / | tail -1 | awk '{print $4}' | sed 's/G//')
echo "Available Space: ${available_space}GB"
if [[ "$FREE_SPACE_MONITORING" == "true" ]] && (( $(echo "$available_space < 5" | bc -l) )); then
echo "⚠️ Low disk space warning: ${available_space}GB available"
log_action "Low disk space during deletion operation: ${available_space}GB"
fi
# Check system load
local load_average
load_average=$(uptime | awk -F'load average:' '{print $2}' | awk '{print $1}' | tr -d ',')
echo "System Load: $load_average"
if [[ "$SYSTEM_LOAD_MONITORING" == "true" ]] && (( $(echo "$load_average > 5.0" | bc -l) )); then
echo "⚠️ High system load: $load_average"
log_action "High system load during deletion operation: $load_average"
fi
}
# Generate file deletion report
generate_deletion_report() {
local report_file="/Library/MacFleet/Reports/file_deletion_report_$(date +%Y%m%d_%H%M%S).json"
echo "=== Generating File Deletion Report ==="
mkdir -p "$(dirname "$report_file")"
# Count recent operations from audit log
local recent_deletions=0
local successful_deletions=0
local failed_deletions=0
local total_backup_size=0
if [[ -f "$AUDIT_LOG" ]]; then
recent_deletions=$(grep -c "ACTION:SECURE_DELETE\|ACTION:BULK_DELETE" "$AUDIT_LOG" 2>/dev/null || echo 0)
successful_deletions=$(grep -c "RESULT:SUCCESS" "$AUDIT_LOG" 2>/dev/null || echo 0)
failed_deletions=$(grep -c "RESULT:FAILED" "$AUDIT_LOG" 2>/dev/null || echo 0)
fi
if [[ -d "$BACKUP_DIR" ]]; then
total_backup_size=$(du -sh "$BACKUP_DIR" 2>/dev/null | awk '{print $1}' || echo "0")
fi
cat > "$report_file" << EOF
{
"report_type": "file_deletion_management",
"timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"device_info": {
"hostname": "$(hostname)",
"os_version": "$(sw_vers -productVersion)",
"available_space": "$(df -h / | tail -1 | awk '{print $4}')"
},
"deletion_statistics": {
"recent_deletions": $recent_deletions,
"successful_deletions": $successful_deletions,
"failed_deletions": $failed_deletions,
"success_rate": "$(echo "scale=2; $successful_deletions * 100 / ($successful_deletions + $failed_deletions + 1)" | bc)%"
},
"backup_statistics": {
"total_backup_size": "$total_backup_size",
"backup_retention_days": $BACKUP_RETENTION_DAYS,
"encrypted_backups": $ENCRYPTED_BACKUPS
},
"policy_configuration": {
"secure_deletion": $SECURE_DELETION_ENABLED,
"automatic_backup": $AUTOMATIC_BACKUP_ENABLED,
"business_hours_protection": $BUSINESS_HOURS_PROTECTION,
"sensitive_data_detection": $SENSITIVE_DATA_DETECTION
},
"security_status": {
"system_file_protection": $PREVENT_SYSTEM_FILE_DELETION,
"protected_directories": $PROTECTED_DIRECTORIES_ENFORCEMENT,
"audit_enabled": $AUDIT_ALL_DELETIONS
}
}
EOF
echo "File deletion report saved to: $report_file"
log_action "Deletion report generated: $report_file"
}
# Main function with argument handling
main() {
log_action "=== MacFleet File Deletion Management Tool Started ==="
case "${1:-help}" in
"delete")
enterprise_file_delete "$2" "$3" "$4" "$5"
;;
"bulk")
bulk_file_deletion "$2" "$3" "$4"
;;
"cleanup-backups")
cleanup_old_backups
;;
"report")
generate_deletion_report
;;
*)
echo "MacFleet Enterprise File and Folder Deletion Management Tool"
echo "Usage: $0 [command] [options]"
echo ""
echo "Commands:"
echo " delete [file_path] [force] [secure] [backup] - Delete file with enterprise controls"
echo " bulk [list_file/pattern] [force] [secure] - Bulk deletion from file list or pattern"
echo " cleanup-backups - Remove old backups per retention policy"
echo " report - Generate deletion management report"
echo ""
echo "Options:"
echo " force - true/false (bypass safety checks)"
echo " secure - true/false (enable secure deletion)"
echo " backup - true/false (create backup before deletion)"
echo ""
echo "Examples:"
echo " $0 delete \"/Users/user/temp.txt\" - Safe delete with backup"
echo " $0 delete \"/tmp/folder\" true true false - Force secure delete without backup"
echo " $0 bulk \"*.log\" false true - Bulk secure delete log files"
echo " $0 bulk file_list.txt true - Bulk force delete from list"
echo " $0 cleanup-backups - Clean old backups"
;;
esac
log_action "=== File deletion management operation completed ==="
}
# Execute main function
main "$@"Important Configuration Notes
macOS File Deletion Commands
rm- Basic file removalrm -r- Recursive directory deletionrm -f- Force deletion without promptsrm -rf- Recursive force deletion- Pattern matching -
*.txt,{1,2}.pngfor bulk operations
Enterprise Integration Points
- Data Loss Prevention (DLP) - Integration with DLP systems
- Backup and Recovery Systems - Automated backup integration
- Compliance Platforms - GDPR, HIPAA compliance reporting
- Security Information and Event Management (SIEM) - Deletion audit logging
Best Practices for Enterprise File Deletion
-
Security and Data Protection
- Always create backups before deletion
- Use secure deletion for sensitive data
- Validate file permissions before deletion
- Implement business hours protection
-
Compliance and Governance
- Maintain comprehensive audit trails
- Implement data classification awareness
- Support regulatory compliance requirements
- Document all deletion operations
-
Safety and Recovery
- Prevent system file deletion
- Implement rollback capabilities
- Monitor system resources during operations
- Provide clear notification systems
Remember to test file deletion procedures thoroughly in a controlled environment before implementing across your entire MacFleet to ensure data safety and compliance with organizational policies.
