Mac OS X Panther for Unix Geeks

Content preview·Buy reprint rights for this chapter

The Terminal application (/Applications/Utilities) is Mac OS X's graphical terminal emulator. Inside the Terminal, Unix users will find a familiar command-line environment. In this chapter we describe Terminal's capabilities and compare them to the corresponding xterm functionality when appropriate. We also highlight key features of two alternative Aqua-native terminal applications, GLterm and iTerm. The chapter concludes with a synopsis of the shell command, open, which you can use to launch GUI applications.

Mac OS X comes with the Bourne-again shell ( bash) as the default user shell, and also includes the TENEX C shell ( tcsh) and the Z shell ( zsh). Both bash and zsh are sh-compatible. When tcsh is invoked through the csh link, it behaves much like csh. Similarly, /bin/sh is a hard link to bash, which also reverts to traditional behavior when invoked through this link (see the bash manpage).

If you install additional shells, you should add them to /etc/shells. To change the Terminal's default shell, see Section 1.4, later in this chapter. To change a user's default shell (used for both the Terminal and remote and console logins), see Section 3.7.5 in Chapter 3.

There are several important differences between Mac OS X's Terminal application and the xterm andxterm-like applications common to Unix systems running X Windows:

You cannot customize the characteristics of the Terminal with command-line switches such as -fn, -fg, and -bg. Instead, you must use the Terminal's Show Info dialog.
Unlike xterm, in which each window corresponds to a separate process, a single master process controls the Terminal. However, each shell session is run as a separate child process of the Terminal.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Mac OS X comes with the Bourne-again shell ( bash) as the default user shell, and also includes the TENEX C shell ( tcsh) and the Z shell ( zsh). Both bash and zsh are sh-compatible. When tcsh is invoked through the csh link, it behaves much like csh. Similarly, /bin/sh is a hard link to bash, which also reverts to traditional behavior when invoked through this link (see the bash manpage).

If you install additional shells, you should add them to /etc/shells. To change the Terminal's default shell, see Section 1.4, later in this chapter. To change a user's default shell (used for both the Terminal and remote and console logins), see Section 3.7.5 in Chapter 3.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

There are several important differences between Mac OS X's Terminal application and the xterm andxterm-like applications common to Unix systems running X Windows:

You cannot customize the characteristics of the Terminal with command-line switches such as -fn, -fg, and -bg. Instead, you must use the Terminal's Show Info dialog.
Unlike xterm, in which each window corresponds to a separate process, a single master process controls the Terminal. However, each shell session is run as a separate child process of the Terminal.
The Terminal selection is not automatically put into the clipboard. Use -C to copy, -V to paste. Even before you press -C, the current text selection is contained in a selection called the pasteboard . One similarity between Terminal and xterm is that selected text can be pasted in the same window with the middle button of a three-button mouse. If you want to paste selected text into another window, you must drag and drop it with the mouse or use copy and paste. The operations described in Section 1.5, later in this chapter, also use the pasteboard.
The value of $TERM is xterm-color when running under Terminal (it's set to xterm under xterm by default).
Pressing

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The first order of business when exploring a new flavor of Unix is to find the command prompt. In Mac OS X, you won't find the command prompt in the Dock or on a Finder menu. The Terminal application is instead located in the /Applications/Utilities directory. Don't open it just yet, though. First, drag the Terminal's application icon to the Dock so you'll have quick access to it when you need to use the Terminal. To launch the Terminal, click its icon in the Dock once, or double-click on its icon in the Finder view.

The full path to the Terminal is /Applications/Utilities/Terminal.app, although the Finder hides the .app extension. Terminal.app is not a binary file. Instead, it's a Mac OS X package , which contains a collection of files, including the binary and support files. You can Control-click (or right-click) on the Terminal in the Finder and select Show Package Contents to see what's inside. You can alternatively use the standard UNIX commands ls and cd to explore the directory /Applications/Utilities/Terminal.app/.

After the Terminal starts, you'll be greeted by the banner message from /etc/motd and a bash prompt, as shown in Figure 1-1.

Figure 1-1: The Terminal window

One difference xterm users will notice is that there is no obvious way to launch a new Terminal window from the command line. For example, the Mac OS X Terminal has no equivalent to the following commands:

xterm &
xterm -e -fg green -bg black -e pine -name pine -title pine &

Instead, you can create a new Terminal window by typing

-N or selecting File → New Shell from the menu bar.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

To customize the shell used by the Terminal, start by changing the Terminal's Preferences (Terminal → Preferences). In the Preferences pane, you can tell the Terminal to execute the default shell or a specific command (such as an alternative shell) at startup. You can also declare the terminal type ($TERM), which is set as xterm-colorby default. The other choices for the environment variable TERM are ansi, rxvt, vt52, vt100, vt102,and xterm. Among other things, the default setting for TERM allows you to take advantage of the support for color output in ls (via the -Goption) and color syntax highlighting in the vim editor.

You can also adjust the Terminal's characteristics using Terminal → Window Settings (or

-I), which brings up the Terminal Inspector, shown in Figure 1-3. Table 1-1 lists the available window settings. Changing these settings affects only the topmost Terminal window. If you want to change the default settings for all future Terminal windows, click the Use Settings As Defaults button at the bottom of the Terminal Inspector window.

Figure 1-3: The Terminal Inspector

Table 1-1: Window settings
Pane	Description
Shell	Displays the shell used by the Terminal and lets you choose whether to close the Terminal window when the shell exits.
Processes

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Mac OS X's Services menu (Terminal → Services) exposes a collection of services that can work with the currently running application. In the case of the Terminal, the services operate on text that you have selected (the pasteboard). To use a service, select a region of text in the Terminal, and choose an operation from the Services menu. Mac OS X comes with several services, but third-party applications may install services of their own. When you use a service that requires a filename, you should select a fully qualified pathname, not just the filename, because the service does not know the shell's current working directory. (As far as the service is concerned, you are invoking it upon a string of text.) Here is a list of options available in the Services menu:

Finder: The Finder Services menu allows you to open a file (Finder → Open), show its enclosing directory (Finder → Reveal), or show its information (Finder → Show Info).
Mail: The Mail → Send To service allows you to compose a new message to an email address, once you have selected that address in the Terminal. You can also select a region of text and choose Mail → Send Selection to send a message containing the selected text.
Make New Sticky Note: This service creates a new Sticky (/Applications/Stickies) containing the selected text.
Open URL: This service opens the URL specified by the selected text in your default web browser.
Script Editor: This service gets the result of an AppleScript, makes a new AppleScript (in the Script Editor), or runs the selected text as an AppleScript.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

As noted earlier in this chapter, at least two other Aqua-native terminal applications are available: GLterm (shareware) and iTerm (freeware). Although Mac OS X's Terminal application is quite rich in useful features, GLterm and iTerm offer some interesting features that make these applications worthy of consideration as alternate comman. We won't cover these terminal emulation applications in great detail, but this section will focus on a few of their most interesting features.

Before getting into what makes these distinct, here are some similarities:

One feature that each of these terminal applications share is that they use the same Services menu.
Both iTerm and Terminal support transparency, language encodings, AppleScript, and have contextual menus that can be accessed by Control-clicking or right-clicking (if you have a two- or three-button mouse) in a window.
Although GLterm lacks these features, it does have some unique features, such as the ability to set the refresh rate (i.e., how frequently it checks to see if there is something new to draw in the window).

GLterm (http://www.pollet.net/GLterm/) was developed by Michael Pollet to use X11 .bdf fonts and render them using OpenGL, provided that it's run on a machine with a 3D accelerator supported by Mac OS X. GLterm supports ANSI color, vt102/xterm emulations, and DEC function keys.

The default behavior of GLterm is to use whatever shell is specified as the user's default in Directory Services (see Chapter 3). The shell for GLterm can be easily changed to any available shell in GLterm's preferences. The default value for the TERM environment variable is xterm, but this can be changed to an xterm color in the shell by setting the TERM environment variable.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The open shell command lets you open Finder windows and launch GUI applications. To open a directory in the Finder, use open, followed by the name of the directory. For example, to open a Finder window containing the current directory, type:

open .

To open your Public folder (~ /Public ):

open ~/Public

To open the /Applications directory:

open /Applications

To open an application, you need only its name. For example, you can open Xcode (/Developer/Applications) with this command:

open -a Xcode

You are not required to enter the path for the application, only its name—even if it is a Classic application. The only time you are required to enter the path is if you have two different versions of an application with similar names on your system.

You can also supply a filename argument with the -a option, which would launch the application and open the specified file with that application. You can use this option to open a file with something other than the application with which it's associated. For example, to open an XML file in Xcode instead of the default XML editor, the Property List Editor, you could use the following command:

open -a Xcode data.xml

To open multiple files, you can use wildcards:

open *.c

To force a file to be opened with TextEdit, use -e:

open -e *.c

The -e switch will only open files in the TextEdit application; it cannot be used to open a file in another text editor, such as BBEdit (however, you can use the command-line bbedit application to open a file with BBEdit). If you want to use TextEdit on a file that is owned by an administrator (or root), open -e will not work. You'll need to specify the full executable path, as in:

$ sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The most striking difference between Mac OS X and other flavors of Unix is in how Mac OS X handles the boot process. Gone are /etc/inittab, /etc/init.d, and /etc/rc.local from traditional Unix systems. In their place is a BSD-like startup sequence sandwiched between a Mach foundation and the Aqua user interface.

This chapter describes the Mac OS X startup sequence, beginning with the BootX loader and progressing to full multiuser mode, at which time the system is ready to accept logins from normal users. The chapter also covers custom startup items, network interface configuration, and Mac OS X's default cron jobs.

When the computer is powered up, the firmware is in complete control. After the firmware initializes the hardware, it hands off control to the BootX loader, which bootstraps the kernel. After a trip into Mach, the control bubbles up into the BSD subsystem, and eventually into the Aqua user interface.

By default, Mac OS X boots graphically. If you'd like to see console messages as you boot, hold down

-V (the "V" stands for "verbose") as you start the computer. If you'd like to always boot in verbose mode, you can specify a flag in the boot arguments that are stored in your system's firmware. First, use the command nvram boot-args to make sure there aren't any flags already set (if there are, and you didn't set them, you probably should not change this setting). Set your boot arguments to -v with this command:

sudo /usr/sbin/nvram boot-args="-v"

The next time you boot the computer, it will boot in verbose mode. To turn this setting off, use the command:

sudo /usr/sbin/nvram boot-args=

To boot in single-user mode, hold down

-S as you start the computer. In single-user mode, your filesystem will be mounted as read-only, and you will be limited in what you can do. Single-user mode should generally be used only to repair a system that has been damaged (for example, see Section 3.11 in Chapter 3). Unlike with other Unix systems, we do not suggest that you use single-user mode to perform

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

When the computer is powered up, the firmware is in complete control. After the firmware initializes the hardware, it hands off control to the BootX loader, which bootstraps the kernel. After a trip into Mach, the control bubbles up into the BSD subsystem, and eventually into the Aqua user interface.

By default, Mac OS X boots graphically. If you'd like to see console messages as you boot, hold down

-V (the "V" stands for "verbose") as you start the computer. If you'd like to always boot in verbose mode, you can specify a flag in the boot arguments that are stored in your system's firmware. First, use the command nvram boot-args to make sure there aren't any flags already set (if there are, and you didn't set them, you probably should not change this setting). Set your boot arguments to -v with this command:

sudo /usr/sbin/nvram boot-args="-v"

The next time you boot the computer, it will boot in verbose mode. To turn this setting off, use the command:

sudo /usr/sbin/nvram boot-args=

To boot in single-user mode, hold down

-S as you start the computer. In single-user mode, your filesystem will be mounted as read-only, and you will be limited in what you can do. Single-user mode should generally be used only to repair a system that has been damaged (for example, see Section 3.11 in Chapter 3). Unlike with other Unix systems, we do not suggest that you use single-user mode to perform fsck repairs manually. Instead, boot from the Mac OS X install CD or DVD and run the Disk Utility (Installer → Open Disk Utility) to repair a problem disk volume.

BootX is located in /System/Library/CoreServices

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

To automatically start applications, you have two choices: start them when a user logs in, or start them when the system boots up. On most Unix systems, startup applications either reside in the /etc/rc.local script or the /etc/init.d directory. Under Mac OS 9, you could add a startup item by putting its alias in System Folder:Startup Items. Mac OS X has a different approach, described in the following sections.

To start an application each time you log in, use the Accounts panel of System Preferences and select the Startup Items tab. This is good for user applications, such as Stickies or an instant messenger program. For system daemons, you should set up a directory in /Library/StartupItems, as described in the next section.

If you compile and install a daemon, you'll probably want it to start at boot time. For example, MySQL will build out of the box on Mac OS X (you can download it from http://www.mysql.com).

A startup item is controlled by three things: a folder (such as /Library/StartupItems/MyItem), a shell script with the same name as the directory (such as MyItem), and a property list named StartupParameters.plist . The shell script and the property list must appear at the top level of the startup item's folder. You can also create a Resources directory to hold localized resources, but this is not mandatory.

To set up the MySQL startup item, create the directory /Library/StartupItems/MySQL. Then, create two files in that directory, the startup script MySQL and the property list StartupParameters.plist. The MySQL file should be an executable since it is a shell script. After you set up these two files as directed in the following sections, MySQL will be launched at each boot.

Section 2.2.2.1: The startup script

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Like other flavors of Unix, Mac OS X uses cron to schedule tasks for periodic execution. Each user's cron jobs are controlled by configuration files that you can edit with crontab -e (to list the contents of the file, use crontab -l ).

The global crontab file is contained in /etc/crontab . It includes three cron jobs by default, which run the scripts contained in subdirectories of the /etc/periodic directory: /etc/periodic/daily, /etc/periodic/weekly, and /etc/periodic/monthly. Each of these directories contains one or more scripts:

/etc/periodic/daily/100.clean-logs
/etc/periodic/daily/500.daily
/etc/periodic/monthly/500.monthly
/etc/periodic/weekly/500.weekly

By default, /etc/crontab runs them in the wee hours of the night:

15 3 * * *       root    periodic daily
30 4 * * 6       root    periodic weekly
30 5 1 * *       root    periodic monthly

So, if your Mac is not usually turned on at those times, you could either edit the /etc/crontab file or remember to run them periodically using the following syntax:

sudo periodic daily weekly monthly

As you'll see in Chapter 3, it is vitally important that you run these jobs to ensure that your local NetInfo database is backed up.

You should not modify these files, because they may be replaced by future system updates. Instead, create a /etc/daily.local, /etc/weekly.local, or /etc/monthly.local file to hold your site-specific cron jobs. The cron jobs are simply shell scripts that contain commands to be run as root. The local cron jobs are invoked at the end of the 500.daily, 500.weekly, and 500.monthly scripts found in the /etc/periodic subdirectory.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

A directory service manages information about users and resources such as printers and servers. It can manage this information for anything from a single machine to an entire corporate network. The Directory Service architecture in Mac OS X is called Open Directory . Open Directory encompasses flat files (such as /etc/hosts), NetInfo (the legacy directory service brought over from earlier versions of Mac OS X and NeXTSTEP), LDAPv3, and other services through third-party plug-ins.

This chapter describes how to perform common configuration tasks, such as adding a user or host on Mac OS X with the default configuration. If your system administrator has configured your Macintosh to consult an external directory server, some of these instructions may not work. If that's the case, you should ask your system administrator to make these kinds of changes anyhow!

In Mac OS X 10.1.x and earlier, the system was configured to consult the NetInfo database for all directory information. If you needed to do something simple, such as adding a host, you couldn't just add it to /etc/hosts and be done with it. Instead, you had to use the NetInfo Manager (or NetInfo's command-line utilities) to add the host to the system.

However, as of Mac OS X 10.2 (Jaguar), NetInfo functions started to become more of a legacy protocol and were reduced to handling the local directory database for machines that did not participate in a network-wide directory, such as Active Directory or OpenLDAP. NetInfo is still present in Mac OS X Panther, but you can perform many configuration tasks by editing the standard Unix flat files. By default, Panther is configured to consult the local directory (also known as the NetInfo database) for authentication, which corresponds to /etc/passwd and /etc/group on other Unix systems. You can override this setting with the Directory Access application. For more information, see Section 3.3, later in this chapter.

For users whose network configuration consists of an IP address, a default gateway, and some DNS addresses, this default configuration should be fine. You'll need to tap into Open Directory's features for more advanced configurations, such as determining how a user can log into a workstation and find his home directory, even when that directory is hosted on a shared server.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

In Mac OS X 10.1.x and earlier, the system was configured to consult the NetInfo database for all directory information. If you needed to do something simple, such as adding a host, you couldn't just add it to /etc/hosts and be done with it. Instead, you had to use the NetInfo Manager (or NetInfo's command-line utilities) to add the host to the system.

However, as of Mac OS X 10.2 (Jaguar), NetInfo functions started to become more of a legacy protocol and were reduced to handling the local directory database for machines that did not participate in a network-wide directory, such as Active Directory or OpenLDAP. NetInfo is still present in Mac OS X Panther, but you can perform many configuration tasks by editing the standard Unix flat files. By default, Panther is configured to consult the local directory (also known as the NetInfo database) for authentication, which corresponds to /etc/passwd and /etc/group on other Unix systems. You can override this setting with the Directory Access application. For more information, see Section 3.3, later in this chapter.

For users whose network configuration consists of an IP address, a default gateway, and some DNS addresses, this default configuration should be fine. You'll need to tap into Open Directory's features for more advanced configurations, such as determining how a user can log into a workstation and find his home directory, even when that directory is hosted on a shared server.

In order to work with Mac OS X's Directory Services, you must first understand the overall architecture, which is known as Open Directory. Directory Services is the part of Mac OS X (and the open source Darwin operating system) that implements this architecture. Figure 3-1 shows the relationship of Directory Services to the rest of the operating system. On the top, server processes, as well as the user's desktop and applications, act as clients to Directory Services, which delegates requests to a directory service plug-in (see Section 3.3. later in this chapter, for a description of each plug-in).

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

As a programmer, you frequently need to deal with directory information, whether you realize it or not. Your application uses Directory Services each time it looks up a host entry or authenticates a password. The Open Directory architecture unifies what used to be a random collection of flat files in /etc. The good news is that the flat files still work. The other good news is that there is a brave new world just beyond those flat files. So, while all your old Unix code should work with the Open Directory architecture, you should look for new ways to accomplish old tasks, especially if you can continue writing portable code.

To get at directory information, Unix applications typically go through the C library using such functions as

gethostent(
)

. The C library connects to lookupd , a thin shim that is the doorway to the DirectoryService daemon. The DirectoryService daemon consults the available plug-ins until it finds the one that can answer the directory query.

One traditional route to user and password information was through the getpw* family of functions. However, those functions are not ideal for working with systems that support multiple directories (flat files, NetInfo, LDAP, etc.). Also, in the interest of thwarting dictionary attacks against password files, many operating systems have stopped returning encrypted passwords through those APIs. Many Unix and Linux systems simply return an "x" when you invoke a function like getpwnam( ). However, those systems can return an encrypted password through functions like getspnam( ), which consult shadow password entries, and can generally be invoked by the root user only. Example 3-1 shows the typical usage of such an API, where the user enters her plaintext password, and the program encrypts it and then compares it against the encrypted password stored in the system.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

In order to configure Directory Services, use the Directory Access application ( /Applications/Utilities), shown in Figure 3-2. You can enable or disable various directory service plug-ins, or change their configuration.

Figure 3-2: The Directory Access application shows the available plug-ins

Directory Access supports the following plug-ins:

Active Directory: This plug-in lets Mac OS X consult an Active Directory domain on a server running Windows 2000 or Windows 2003.
AppleTalk: This is the ultimate Mac OS legacy protocol. AppleTalk was the original networking protocol supported by Mac OS versions prior to Mac OS X. Linux and the server editions of Windows also support AppleTalk.
BSD Flat File and NIS: This includes the Network Information Service (NIS) and the flat files located in the /etc directory, such as hosts, exports, and services. By default, this option is switched off. After you enable it, click Apply, switch to the Authentication tab, choose Custom Path from the search menu, click the Add button, choose /BSD/Local, and click Apply again.
LDAPv3: This is the same version of LDAP used by Microsoft's Active Directory and Novell's NDS. In addition to the client components, Mac OS X includes slapd, a standalone LDAP daemon. Mac OS X's LDAP support comes through OpenLDAP (

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The local directory is organized hierarchically, starting from the root, which, like a filesystem's root, is called /. However, this is not meant to suggest that there is a corresponding directory or file for each entry. Instead, the data is stored in a collection of files under /var/db/netinfo.

You can browse or modify the local directory using NetInfo Manager, which is located in /Applications/Utilities. Figure 3-4 shows NetInfo Manager displaying the properties of the mysql user.

Figure 3-4: Browsing the local directory

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

This chapter demonstrates four Directory Services utilities: dscl, nireport, nidump, and niload. Table 3-1 describes these and other NetInfo utilities.

The nidump and nireport utilities display the contents of the local directory. niload loads the contents of flat files (such as /etc/passwd or /etc/hosts) into Directory Services. niutil directly manipulates the Directory Services database; it's the command-line equivalent of NetInfo Manager. To make changes, use sudo with these commands or first log in as the root user. The commands that can be performed as a normal user are shown without the sudo command in the examples that follow.

Unlike other ni* utilities, nicl acts directly on the database files. Consequently, you can use nicl to modify the local directory even when Directory Services is not running (such as when you boot into single-user mode).

Table 3-1: NetInfo tools
Tool	Description
`dscl`	Provides a command-line interface to Directory Services.
`nicl`	Provides a command-line interface to NetInfo.
`nidump`	Extracts flat file format data (such as `/etc/passwd`) from NetInfo.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Directory Services stores information about groups in its /groups directory. This is different from the /etc/group file, which is consulted only in single-user mode.

To list all of the group IDs (GIDs) and group names for the local domain, invoke nireport with the NetInfo domain (., the local domain), the directory (/groups), and the properties you want to inspect—in this case, gid and name:

$ nireport . /groups gid name
-2      nobody
-1      nogroup
0       wheel
1       daemon
2       kmem
3       sys
4       tty
5       operator
6       mail
7       bin
20      staff
25      smmsp
26      lp
27      postfix
28      postdrop
31      guest
45      utmp
66      uucp
68      dialer
69      network
70      www
74      mysql
75      sshd
76      qtss
78      mailman
79      appserverusr
80      admin
81      appserveradm
99      unknown

Although the flat file format is called group (after the /etc/group file), the group directory is /groups. If you forget that last s, nireport will look for the wrong directory. However, if you want to dump the groups directory in the /etc/group file format, use the command nidump group . without that last s.

The niload utility can be used to read the flat file format used by /etc/group (name:password:gid:members). To add a new group, you can create a file that adheres to that format, and load it with niload. For ad hoc work, you can use a here document (an expression that functions as a quoted string, but spans multiple lines) rather than a separate file:

$ sudo niload group . <<EOF
> writers:*:1001:
> EOF

To create a group with dscl, you'll need to create a directory under

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The Directory Services equivalent of the passwd file resides under the /users portion of the directory. Although Mac OS X includes /etc/passwd and /etc/master.passwd files, they are consulted only while the system is in single-user mode, or if the system has been reconfigured to use BSD Flat Files (see Section 3.3, earlier in this chapter).

To add a normal user to your system, you should use System Preferences → Accounts. However, if you want to bulk-load NetInfo with many users or create a user while logged in over ssh, you can use dscl or niload.

You can list all users with the nireport utility. Supply the NetInfo domain (., the local domain), the directory (/users), and the properties you want to inspect (uid, name, home, realname, and shell):

$ nireport . /users uid name home realname shell 
-2   nobody    /var/empty          Unprivileged User          /usr/bin/false
0    root      /var/root           System Administrator       /bin/sh
1    daemon    /var/root           System Services            /usr/bin/false
99   unknown   /var/empty          Unknown User               /usr/bin/false
25   smmsp     /private/etc/mail   Sendmail User              /usr/bin/false
2    lp        /var/spool/cups     Printing Services          /usr/bin/false
27   postfix   /var/spool/postfix  Postfix User               /usr/bin/false
70   www       /Library/WebServer  World Wide Web Server      /usr/bin/false
71   eppc      /var/empty          Apple Events User          /usr/bin/false
74   mysql     /var/empty          MySQL Server               /usr/bin/false
75   sshd      /var/empty          sshd Privilege separation  /usr/bin/false
76   qtss      /var/empty          QuickTime Streaming Server /usr/bin/false
77   cyrus     /var/imap           Cyrus User                 /usr/bin/false
78   mailman   /var/empty          Mailman user               /usr/bin/false
79   appserver /var/empty          Application Server         /usr/bin/false

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Mac OS X consults both the /etc/hosts file and the /machines portion of the local directory. For example, the following entry in /etc/hosts would map the hostname xyzzy to 192.168.0.1:

192.168.0.1   xyzzy

The niload utility understands the flat file format used by /etc/hosts (ip_address name). See the hosts(5) manpage for a description of each field. To add a new host, create a file using that format and load it with niload. This example ads the host xyzzy:

$ sudo niload hosts . <<EOF
> 192.168.0.1 xyzzy
> EOF

If you add an entry that already exists, it will be overwritten.

The /etc/hosts file takes precedence over the local directory, so if you enter the same hostname with different IP addresses in both places, Mac OS X uses the one in /etc/hosts.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

You can use the /etc/exports file to store folders that you want to export over NFS. For example, the following line exports the /Users directory to two hosts (192.168.0.134 and 192.168.0.106):

/Users  -ro 192.168.0.134 192.168.0.106

The NFS server will start automatically at boot time if there are any exports in that file. After you've set up your exports, you can reboot, and NFS should start automatically. NFS options supported by Mac OS X include the following (see the exports(5) manpage for complete details):

-maproot=user: Specifies that the remote root user should be mapped to the specified user. You may specify either a username or numeric user ID.
-maproot=user: [ group [ :group... ]]: Specifies that the remote root user should be mapped to the specified user with the specified group credentials. If you include the colon with no groups, as in -maproot= username:, it means the remote user should have no group credentials. You may specify a username or numeric user ID for user and a group name or numeric group ID for group.
-mapall= user: Specifies that all remote users should be mapped to the specified user.
-mapall=user :[ group [:group ...]]: Specifies that all remote users should be mapped to the specified user with the specified group credentials. If you include the colon with no groups, as in

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

As mentioned earlier, Directory Services manages information for several flat files in earlier releases of Mac OS X, including /etc/printcap, /etc/mail/aliases, /etc/protocols, and /etc/services. For a complete list of known flat file formats, see the nidump and niload manpages.

Although you can edit these flat files directly as you would on any other Unix system, you can also use Directory Services to manage this information. You can use niload with a supported flat file format to add entries, or you can use dscl or NetInfo Manager to directly manipulate the entries. Table 3-2 lists each flat file, the corresponding portion of the directory, and important properties associated with each entry. See the netinfo(5) manpage for complete details. Properties marked with (list) can take multiple values. (For an example, see Section 3.6.3, earlier in this chapter.)

The "Flat files or local database?" column in Table 3-2 indicates whether Directory Services consults the flat file, the local database, or both. You can use Directory Access to modify the way information is looked up on your Macintosh.

Table 3-2: Flat files and their NetInfo counterparts
Flat file	NetInfo directory	Important properties	Flat files or local database?
`/etc/exports`	`/exports`	name, clients (list), opts (list)

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

If the local directory database is damaged, boot into single-user mode by holding down

-S as the system starts up. Next, check to see if you have a backup of the NetInfo database. The /etc/daily cron job backs up the database each time it is run. You can find the backup in /var/backups/local.nidump. If you don't have a backup, you won't be able to restore. The local.nidump file is overwritten each time the cron job runs, so make sure you back it up regularly (preferably to some form of removable media).

If your computer is generally not turned on at 3:15 a.m. (the default time for the daily cron job), you'll never get a backup of your local directory. You can solve this problem by editing /etc/crontab to run this job at a different time, or to run the job periodically with the command sudo periodic daily. see Section 2.3.1 in Chapter 2 for more details.

After the system boots in single-user mode, you should:

Wait for the root# prompt to come up.
Fix any filesystem errors; if you are using a journaled filesystem, this step won't be necessary (and if you try to run this command, you'll get an error):
```
# /sbin/fsck -y
```
Mount the root filesystem as read/write:
```
# /sbin/mount -uw /
```
Change directories and go to the NetInfo database directory:
```
# cd /var/db/netinfo/
```
Move the database out of the way and give it a different name:
```
# mv local.nidb/ local.nidb.broken
```

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Mac OS X offers a rich and flexible set of tools for administering and using a wide variety of printers. Unix and Linux users will find tools that are familiar, as well as a few new ones. In this chapter we will first discuss basic use of the Printer Setup Utility found in the /Applications/Utilities folder. We will then discuss the Mac OS X implementations of the printing tools most Unix and Linux users will find familiar. In particular, we will discuss the Common Unix Printing System (CUPS), GIMP-print, HP InkJet Server (HPIJS), and Samba Printing.

If you're using a popular USB printer under Mac OS X, it is likely that all you'll need to do is connect it to the USB port and choose this printer in the Print dialog when you want to print a document. However, there are some circumstances where it's not so simple:

Perhaps your USB printer does not automatically show up as an available printer in the Print dialog
Maybe you want to share your printer with other computers on your LAN
Perhaps you want to use a network printer such as one listed in Open Directory, an AppleTalk printer, or one for which all you have is an IP address

If you haven't already set up a printer using the Printer Setup Utility, there are three ways to add a new printer in Mac OS X:

Add a printer automatically: Attempting to print a document from virtually any application automatically launches the Printer Setup Utility: Mac OS X first informs you that you have no printers available, and asks if you'd like to add a printer. Click on the Add button to start the setup procedure.
Launch Print Center: You can also add a new printer by double-clicking the Printer Setup Utility icon in the

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

If you're using a popular USB printer under Mac OS X, it is likely that all you'll need to do is connect it to the USB port and choose this printer in the Print dialog when you want to print a document. However, there are some circumstances where it's not so simple:

Perhaps your USB printer does not automatically show up as an available printer in the Print dialog
Maybe you want to share your printer with other computers on your LAN
Perhaps you want to use a network printer such as one listed in Open Directory, an AppleTalk printer, or one for which all you have is an IP address

If you haven't already set up a printer using the Printer Setup Utility, there are three ways to add a new printer in Mac OS X:

Add a printer automatically: Attempting to print a document from virtually any application automatically launches the Printer Setup Utility: Mac OS X first informs you that you have no printers available, and asks if you'd like to add a printer. Click on the Add button to start the setup procedure.
Launch Print Center: You can also add a new printer by double-clicking the Printer Setup Utility icon in the /Applications/Utilitiesfolder and clicking the Add button. The /Applications/Utilities folder also contains an icon for Print Center. In Panther, the Print Center is provided as an alias to Printer Setup Utility, to maintain backward compatibility with earlier versions of Mac OS X.
Use System Preferences

Table of Contents

Section 2.2.2.1: The startup script