User Tools

Site Tools


apple:sysadm

SysAdm

SSL certs

To import in the keychain and force to be considered as “authoritative” a self-signed cert use:

$ sudo certtool i certnew.crt k=/System/Library/Keychains/X509Anchors

or

$ sudo certtool i certnew.cer d k=/System/Library/Keychains/X509Anchors

The former is for certs in PEM format, the second for those in DER format.

$ certtool y k=/System/Library/Keychains/X509Anchors

shows the certs in the system X509Anchors file.

Networking

Identify the DHCP server

To see which DHCP server lent you the address, use:

ipconfig getoption "" server_identifier

Reload Cisco VPN client extensions

If Cisco VPN client gives errors try to perform:

cd /System/Library/StartupItems/CiscoVPN
sudo ./CiscoVPN restart

Show and clean DNS cache

Mac OS >= 10.7 Lion

  • Dump cache content (to /var/log/system.log): sudo killall -INFO mDNSResponder
  • Flush cache: sudo killall -HUP mDNSResponder

Mac OS < 10.7

dscacheutil -cachedump -entries host
dscacheutil -flushcache

Mac OS 10.4 (Tiger)

lookupd -flushcache

Set hostname

Use scutil(8). See Apple forum for insights. Hint:

sudo scutil --set HostName host.doma.in
sudo scutil --set ComputerName bonjourName

Graphically:

  • Launch ‘System Preferences’
  • Click the ‘Sharing’ icon
  • Type in what you want your new computer name to be

Temporarily enable tftpd

Enabling:

$ sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist

Now tftpd is enabled, using /private/tftpboot as a working dir. It's chrooteed, so you'll read and write to the root tftpd directory. You can see the daemon logs using Console.app.

Disabling:

$ sudo launchctl unload /System/Library/LaunchDaemons/tftp.plist

If you prefer a GUI, use TftpServer (download)

Repair a boot disk without install DVD

  1. Reboot the Mac
  2. Immediately press and hold Command-S, until text begins to scroll on screen. In a few seconds the Unix command line prompt (%) appears
  3. Issue a fsck –fy
  4. Keep fsck-ing until you don't see anymore the “***** FILE SYSTEM WAS MODIFIED *****” line
  5. When fsck exits with a “The volume <name of disk> appears to be OK.” you can issue a reboot.

Boot keys

Key Meaning
command+option+O+F Invoke Open Firmware
command+option+P+R Reset PRAM (press until you hear two beeps)
T Startup in FireWire Target Disk Mode
option Invoke Startup Manager
command+S Invoke single-user mode
command+V Invoke verbose mode
C Boot from CD/DVD
X Boot into OS X (if you previously booted from OS 9 on the same volume)
shift (immediately at startup) Safe boot
shift (after boot screen, until login screen) Override auto-login
shift (after login screen) Safe login
option+escape, then click on a user Present name/password login dialog instead of list of users
N Attempt to netboot
command-+shift+option+delete Boot from an external drive

Disk Images

Index a Disk Image

sudo mdutil -i on /Volumes/name_of_image

Convert a .dmg to .iso

hdiutil convert imagefile.dmg -format UDTO -o imagefile.iso
mv imagefile.iso.cdr imagefile.iso

dd(1) a Linux disk image to an USB stick

hdiutil convert -format UDRW -o image.img image.iso
mv image.img.dmg image.img
diskutil unmountDisk /dev/diskN
sudo dd if=image.img of=/dev/rdiskN bs=1m
diskutil eject /dev/diskN

Mount a disk image

hdiutil mount MyImage.dmg

Shrink a sparsebundle

With the disk image unmounted, do:

hdiutil compact /path/to/my.sparsebundle

Resource forks

From the commandline, to see if a file has a resource fork you can look at the (fake) /rsrc subdir:

ls filename/rsrc

To look inside it, use:

/Developer/Tools/DeRez filename

Security

Secure erase

You can wipe / shred /secure erase a file using the command line command srm(1). srm uses the 35-pass Gutmann algorithm.

Posix ACLs

To enable Posix ACLs in Mac Os X you must issue:

# fsaclctl -p /mntpoint -e

To set the extended attributes, you use the usual chmod command:

# chmod +a "joe allow read,write"

To see the extended permissions, use the -e parameter in ls:

$ ls -le pippo.dat

The fastest way to delete an extended permission entry is:

  1. Find the number of the relevant entry;
  2. Delete it by number:
  $ ls -le pippo.dat
  -rw-r--r-- + 1 ap  wheel  0 Aug 29 20:48 pippo.dat
   0: user:ap deny delete
   1: user:ap allow read,append
  $ chmod -a# 0 pippo.dat

If you want to go the graphical way, one free GUI, Sandbox, is at http://www.mikey-san.net/sandbox/

User Directory

A lot of information regarding the users (traditionally held in /etc/passwd in standard Unices) in Leopard are stored in a DB .

You can access and edit them via the dscl(1) command. Example:

  $ dscl localhost -list /Local/Default/Users
  $ dscl localhost -read /Local/Default/Users/ap UserShell
  $ dscl localhost -readall /Local/Default/Users UserShell

Managing files and permission

Show extended info

With ls, use those flags:

  
  -@      Display extended attribute keys and sizes.
  -e      Print the Access Control List (ACL) associated with the file, if present.
  -O      Include the file flags in a long (-l) output.

Modify file flags

Modify the file flags (like uchg, hidden … ) with the chflags(1) command. Example:

  $ chflags nouchg file.txt
  $ chflags -R nouchg somedir

Spotlight searches

Eject CD/DVD

drutil eject

strace in Leopard

It's called dtruss, and is based on dtrace

Put the machine to sleep

pmset sleepnow

Rebuild the "Open With" menu

If you find stale or duplicated entries in the Open With menu you can rebuild the Launch Services database with (OS X >= 10.5):

/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -kill -r -domain local -domain system -domain user
killall Finder

You can also user 3rd party apps like Onyx or Cocktail

Add an entry to the system PATH

echo /my/new/path > /etc/paths.d/90-mymodule

Homebrew

Delete formulas

Delete formulas with their dependencies, with homebrew-rmtree https://github.com/beeftornado/homebrew-rmtree

brew list
brew rmtree mypackage

Update homebrew

brew update && brew upgrade `brew outdated` && brew cleanup; brew doctor
apple/sysadm.txt · Last modified: 2016/07/20 14:09 by ap

Informativa sui cookie