Mac Stuff

I’ve been using the “Sites” folder in my local home directory for some web development testing recently. I had a couple of directories created that didn’t include an “index.html” file. That means that anyone hitting the directory itself could list the contents and see all the other files I was working on in there. Not a major problem for what I was doing but a security issue none the less. After a quick bit of research I found it was quite easy to disable this at the command line.

Open Terminal and type cd /private/etc/apache2/users. Inside the “users” folder will be conf files for each of the users with accounts on the machine. So, if we have a user with the short name of “joe” on the machine there will be a file in there named “joe.conf”.

To edit this file you need to have root permissions. So open it using sudo. I prefer using pico as my editor but use whichever works for you. The command below assumes you are already in the “users” folder.

sudo pico joe.conf

You’ll see something like this:

Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all



Navigate down to the line Options Indexes MultiViews. Carefully delete the Indexes part of the line and save the file. Now restart Apache, either by going to System Preferences and turning off and then back on Web Sharing, or at the command line by typing sudo apachectl restart.

Now navigate to a directory in your “Sites” folder that doesn’t have an index file. You should get a “403 No permissions” error unless you specify a file. Much more secure. Note that you’ll need to do this individually for each account on the machine.

I’ve tested this with Snow Leopard and I’m betting it will work with Leopard. I’m not sure if versions of the OS below 10.5 support this feature.

webmaster :: Jul.08.2010 :: Management, System, Terminal :: No Comments »

I recently started using the build-in MySQL database server on my Leopard server. I’m collecting user login data in one database and SMB and AFP login information in another. Nothing major but information I wouldn’t really want to lose. I was looking for an easy way to backup these databases when a post on the MacEnterprise mailing list asked the same thing. Several people suggested AutoMySQLBackup, an open source shell script. After checking into it I can say it is an incredibly easy way of backing up all your data. The author has done a great service by posting this script.

The script backups up the databases to the local drive but can also email the backups to you. I wanted them emailed so I could archive them and have them backed up there as well. That way I don’t have to come up with any other scripts to move the backups some where else.

The AutoMySQLBackup script requires that you have Mutt installed if you want to have it email anything. Mutt is an command line email program that does not come pre-installed on OS X. Here are the steps I went through to get everything up and running.

Step 1 – Install Mutt

There are instructions on the Mutt website for installing the program but I wanted something I could easily update without a lot of hassle. I decided to install using MacPorts.

Download and install the latest version of MacPorts. There is excellent documentation on the web page. You’ll need the Apple Developer’s Tools installed before installing MacPorts. If you don’t already have them you can install them from your OS X install disc or download them from the Apple Developer Connection site.

Once MacPorts is installed an running you’re ready to install Mutt. At the time of this writing the default version of Mutt in the MacPorts repository is 1.4.2. I wanted the 1.5.x version as I had read that it was much easier to configure. Check the MacPorts list of available ports before you install. To get the 1.5.x version I had to install the development version.

In Terminal type the following:

sudo port install mutt-devel +smtp +ssl +imap +pop

If you want the standard install of mutt enter this:

sudo port install mutt +smtp +ssl +imap +pop

Then go do something else for a while as it downloads and compiles everything. After a bit you’ll have an install of mutt.

Step 2 – Configure Mutt

With the 1.5.x version of Mutt I only had to make one configuration file. In the home directory root of the account you are running the script from make a “.muttrc” file.

touch .muttrc

Now, use your favorite editor (I prefer pico) and add the address of the SMTP server you plan to use:

set smtp_url="smtp://my.smtp.server.com"

Now try sending an email from Mutt in Terminal and make sure everything is working correctly.

Step 3 – Configuring AutoMySQLBackup

Download AutoMySQLBackup and put it where ever you put your scripts. I changed the permission so that only the account I was running it from had any access.

chmod 700 automysqlbackup.sh

Open the script in your editor of choice. Don’t use Word or other such editors as they will mess up your line returns. Use a command-line editor or a GUI editor like SubEthaEdit that understands UNIX line returns.

The script author has great instructions right in the script so I won’t cover those here. I did, however, have to make two changes to the script to get things to work.

First, I had to add in the path to the MacPorts installation in the path variable for the script. That was on line 338.

The original reads:

PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/mysql/bin

Edit it to look like this:

PATH=/opt/local/bin:/opt/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/mysql/bin

Remember, all the MacPorts installations live in /opt/local. Now the script can find Mutt.

The second change I had to make was to the order of items that the script was sending to Mutt. It just didn’t work in 1.5.x as written. This is on line 644 of the script.

The original reads:

mutt -s "$ERRORNOTE MySQL Backup Log and SQL Files for $HOST - $DATE" $BACKUPFILES $MAILADDR < $LOGFILE

I had to switch the order of $BACKUPFILES and $MAILADDR to get it send the file to me. So my edited version looks like this:

mutt -s "$ERRORNOTE MySQL Backup Log and SQL Files for $HOST - $DATE" $MAILADDR $BACKUPFILES < $LOGFILE

After making that switch and running the script it backed up my databases and emailed me the backup files as well. Fantastic!

Schedule your script to run on a nightly basis so you get regular backups of everything. You can either do that via cron or via a launchd item. If you want to use cron and don’t want to do it at the command line I recommend Cronnix. For launchd I recommend Lingon

One last note. When I was trying to troubleshoot why the attachments weren’t being send I couldn’t find the log files that said what was happening. That’s because the automysqlbackup script puts them in the script and then deletes them along with everything else after it mails them. To disable that function I had to comment out these two lines at the very end of the script:

eval rm -f "$LOGFILE"
eval rm -f "$LOGERR"


Once I had things working I uncommented them so things would continue to be cleaned up.

webmaster :: Dec.14.2009 :: Scripts, Server, System, Terminal :: No Comments »

Out of the box Snow Leopard defaults to running in 32 bit mode. This is so the drivers for things like printers, scanners, network cards, etc. that have not been ported to 64 bit can run. Applications are unaffected by this. A 64 bit app will run in 32 bit mode and vice versa. If you’re not sure what mode your machine is running Snow Leopard in check out this article at MacObserver on how to tell.

The average user is much better off staying with the 32 bit mode for compatibility and ease of use. However, there may be times, especially for those running scientific software, when you need to run in 64 bit mode. And some servers, as mentioned in this Knowledge Base article do boot directly into 64 bit mode and may need to be set back.

You can choose to hold down the “6″ and “4″ keys on startup to boot into 64 bit mode. This will boot you into 64 bit for that boot cycle. When you reboot you will fall back to 32 bit again. Likewise, holding down the “3″ and “2″ keys on boot will put you into 32 bit mode.

If you want to change the mode and make it stick you need to do it at the command line. Fortunately Apple has added a command in the systemsetup tool for just that.

To check which mode you’re currently in run this command in Terminal:
systemsetup -getkernelbootarchitecturesetting

To set your machine to boot into 64 bit mode enter this command and reboot:
sudo systemsetup -setkernelbootarchitecture x86_64

To set your machine to boot into 32 bit mode enter this command and reboot:
sudo systemsetup -setkernelbootarchitecture i386

One oddity I’ve found so far is that on some machines that were upgraded from Leopard to Snow Leopard this command doesn’t appear in systemsetup. Do a man systemsetup before running it to make sure you have the Snow Leopard version of systemsetup

webmaster :: Sep.03.2009 :: Management, System, Terminal :: 1 Comment »

Update: It appears that clear text passwords for AFP connections only work when booted into 32 bit mode. I’ve updated the script to check for which kernel the user is booted into. If they are running 64 bit it asks them if they want to switch to 32 bit. If they say “Yes” then it makes the switch and reboots the machine for them.

A nice article explaining how to see if you are running in 32 or 64 bit mode is here at MacObserver.

There is an Apple Knowledge base article dealing with servers but with good information on switching kernels here.

The procedure for enabling clear text passwords for AFP connections is the same in Snow Leopard as it is in Leopard with one very critical difference. The details about how and why are already in my post on Leopard. If you want the background information you should check out that page. This post will only deal with the Snow Leopard-specific changes.

The big change for enabling clear text passwords for Snow Leopard is that the .plist file is now a binary. This is something Apple has been moving towards since 10.4 and there is a built-in utility that allows you to change the format back and forth to allow for easy editing called “plutil”. The full path to it is “/usr/bin/plutil”

The flag we need to be aware of in “plutil” is the “-convert” flag. There are two formats that we’ll use for this flag, “xml1″ and “binary1″.

To convert the plist file to XML to allow editing we have to run the following command:
/usr/bin/plutil -convert xml1 /Users/joe/Library/Preferences/com.Apple.AppleShareClient.plist

This will convert the file to XML for editing. Now we will do the actual editing. This line is the same as in Leopard.
defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES

Now that we have edited the file we have to convert it back to binary form. So we use the “plutil” tool again with a different format:
/usr/bin/plutil -convert binary1 /Users/joe/Library/Preferences/com.Apple.AppleShareClient.plist

Now the preference file is converted back to binary and can be used by the AFP client.

Here is an updated version of the Leopard AppleScript for changing this setting.

If you would prefer to download a pre-complied script file click below:
Snow Leopard Clear Text Script

Code block

set afp_pref_path to ((POSIX path of (path to preferences from user domain)) & "com.Apple.AppleShareClient.plist")
set OS_version to (do shell script "sw_vers -productVersion")
set kernel_answer to ""
--check if the user is running 32 or 64 bit kernel.
if OS_version contains "10.6" then
	set kernel_version to (do shell script "/usr/sbin/systemsetup -getkernelbootarchitecturesetting")
	if kernel_version contains "x86_64" then
		set kernel_answer to button returned of (display dialog "You are currently running in 64 bit mode.  Clear text passwords only work in 32 bit mode.  Would you like to change to 32 bit mode?  This will require a restart." buttons {"Yes, change it and restart", "No, just enable clear text"} default button 1)
	end if
end if
try
	set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
on error
	--the first command will throw an error if the afp_cleartext_allow setting does not exist
	--if there is an error we'll assume that the setting isn't there and set our variable to the disabled setting
	set clearStatus to 0
end try
--a status of "1" means it's enabled.  So ask if they want to disable it
if clearStatus is 1 then
	display dialog "Do you want to disable clear text passwords?" buttons {"Cancel", "Disable"} default button 2
	if the button returned of the result is "Disable" then
		do shell script "/usr/bin/plutil -convert xml1 " & afp_pref_path
		do shell script "defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool NO"
		do shell script "/usr/bin/plutil -convert binary1 " & afp_pref_path
		set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
		--check to make sure the change really took effect
		if clearStatus is 0 then
			display dialog "Clear text passwords have been disabled" buttons {"OK"}
		else
			display dialog "There was an error disabling clear text passwords!" buttons {"OK"}
		end if
	end if
else
	display dialog "Do you want to enable clear text passwords?" buttons {"Cancel", "Enable"} default button 2
	if the button returned of the result is "Enable" then
		do shell script "/usr/bin/plutil -convert xml1 " & afp_pref_path
		do shell script "defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES"
		do shell script "/usr/bin/plutil -convert binary1 " & afp_pref_path
		set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
		--check to make sure the change really took effect
		if clearStatus is 1 then
			display dialog "Clear text passwords have been enabled" buttons {"OK"}
		else
			display dialog "There was an error enabling clear text passwords!" buttons {"OK"}
		end if
	end if
end if
if kernel_answer contains "Yes" then
	do shell script "/usr/sbin/systemsetup -setkernelbootarchitecture i386" with administrator privileges
	do shell script "/sbin/shutdown -r now" with administrator privileges
end if

webmaster :: Aug.31.2009 :: Applescript, Management, Scripts, Terminal :: 19 Comments »

This certainly isn’t a new thing but I haven’t had a need for it until just recently. I moved my lab machines to Leopard and now every time you plug in an external hard drive it asks to use it for a Time Machine backup. That gets annoying fast. Use the defaults command in Terminal to shut it off. I used Apple Remote Desktop to send it out to all my machines at once.

defaults write com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool YES

webmaster :: Aug.07.2009 :: Management, Terminal :: No Comments »

With the release of Leopard Macs now have the ability to run 64 bit applications natively from the GUI. Tiger, the previous release of the OS, supported 64 bit applications but only at the command line. Also, most Macintosh applications these days come as Universal Binaries so they can run on Intel and PowerPC machines.

So how do you tell if you have a 64 bit capable application?

The first place to look is the “Get Info” box of the application itself. If it has a checkbox that gives you the option to run it as a 32 bit application then it is 64 bit. But, is it 64 bit for Intel machines only or for both PowerPC and Intel?

The solution to the problem is found in Terminal using the file command.

Open up Terminal and cd into your application and find the actual compiled binary. This is located in /Contents/MacOS inside your application.

So, for example, if I wanted to check out iWeb I would type the following:

cd /Applications/iWeb.app/Contents/MacOS/

Typing ls once you are inside the app will show you the actual name of the binary.

Now, use the file command on that binary.

file iWeb

That returns the following:


iWeb: Mach-O universal binary with 2 architectures
iWeb (for architecture ppc): Mach-O executable ppc
iWeb (for architecture i386): Mach-O executable i386


Here’s how to read the results:

(for architecture ppc) = 32 bit PowerPC executable
(for architecture ppc64) = 64 bit PowerPC executable
(for architecture i386) = 32 bit Intel executable
(for architecture x86_64) = 64 bin Intel executable

So, we can see that iWeb has one 32 bit executable for PowerPC machines and one 32 bit executable for Intel (i386) machines.

webmaster :: Feb.11.2008 :: Management, System, Terminal :: 2 Comments »

This is a simple tip I stumbled across a month or so ago. There were some bugs in Leopard wireless that wouldn’t let me connect to the encrypted wireless network at work after a machine was restarted. I found that turning the airport card on and off let me connect again. I hated having to remember this every time I restarted so I dug around and found that the command line tool networksetup can do it for me. Great!

This tool exists on Tiger machines in the Apple Remote Desktop client bundle. The path to it is:

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup

Fortunately they very kindly included it in the build for Leopard. The path in Leopard is:

/usr/sbin/networksetup

So, in Leopard, to turn the Airport card off enter the following in Terminal:

/usr/sbin/networksetup -setairportpower off

To turn the card back on change “off” to “on”. If you’re running Tiger make sure to change the path so it points to the app correctly.

Put both of these commands in an AppleScript, save it as an application and add it to your Login items. Then, when the machine is rebooted the card gets turned off and then on and in my case makes my wireless connection.

Snow Leopard changes
In Snow Leopard the command remains, however now you need to run it as sudo. You also need to include the actual network device name AirPort is running on. You can get that by running the following command:

/usr/sbin/networksetup -listallhardwareports

You’ll see Airport listed and below it the device. If the machine does not have two Ethernet ports AirPort is commonly listed as “en1″

After you have that you include it in your command:

sudo /usr/sbin/networksetup -setairportpower en1 on

I’ve included these changes and a routine that will find the airport device in the Snow Leopard version of the script.

Click here to download a copy of the script for Tiger/Leopard:
Airport off and on

Click here to download a copy of the script for Snow Leopard:
Snow Leopard Airport off and on

networksetup is a great tool for administrators and even just people who want a little more control over their machines.

webmaster :: Jan.07.2008 :: Applescript, Management, Scripts, System, Terminal :: 14 Comments »

Note: The method for doing this in Snow Leopard is almost the same but has one slight change to it. Check out the post on doing enabling this in Snow Leopard for the changes.

Leopard, by default, has clear text passwords disabled for AFP connections. This is of course a very good thing to do. No one should be using clear text password connections anymore. However, there are still some older implementations of AFP out there on servers that require a clear text password. So, how do you enable them? By editing a property list or .plist file.

The file in question here is named “com.Apple.AppleShareClient.plist”. It’s located in the Library/Preferences folder in each users home folder. Now, there are a couple of ways to edit this file. If you have the Developer’s Tools installed you can use Property List editor to change that setting from “NO” to “YES”.

Or, if you prefer a command line approach you can use the defaults command to write your settings to the file.

defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES

If you’re not sure if clear text passwords are enabled you can use the “read” function in defaults to read the value

defaults read com.Apple.AppleShareClient afp_cleartext_allow

A returned value of “0″ means it is disabled. A value of “1″ means enabled.

If you have a lot of users that need to have this enabled or even checked that’s a lot of typing. So, once again AppleScript to the rescue.

This script will check the status of clear text passwords on launch. If it’s already enabled it will ask if the user wants to disable it. If it’s not enabled it will ask to enable it.

So, just launching the script will let you see if you need to do anything or not. Saving this an application and emailing it to users is a quick way to have them enable it if they need it and then disable it when the need is over without you having to walk over there and type everything a bunch of times.

If you would prefer to download a pre-complied script file click below:

Leopard Clear Text script

Code block

try
	set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
on error
	-the first command will throw an error if the afp_cleartext_allow setting does not exist
	-if there is an error we'll assume that the setting isn't there and set our variable to the disabled setting
	set clearStatus to 0
end try
-a status of "1" means it's enabled.  So ask if they want to disable it
if clearStatus is 1 then
	display dialog "Do you want to disable clear text passwords?" buttons {"Cancel", "Disable"} default button 2
	if the button returned of the result is "Disable" then
		do shell script "defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool NO"
		set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
		-check to make sure the change really took effect
		if clearStatus is 0 then
			display dialog "Clear text passwords have been disabled" buttons {"OK"}
		else
			display dialog "There was an error disabling clear text passwords!" buttons {"OK"}
		end if
	end if
else
	display dialog "Do you want to enable clear text passwords?" buttons {"Cancel", "Enable"} default button 2
	if the button returned of the result is "Enable" then
		do shell script "defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES"
		set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
		-check to make sure the change really took effect
		if clearStatus is 1 then
			display dialog "Clear text passwords have been enabled" buttons {"OK"}
		else
			display dialog "There was an error enabling clear text passwords!" buttons {"OK"}
		end if
	end if
end if

webmaster :: Nov.09.2007 :: Applescript, Management, Scripts, System, Terminal :: 7 Comments »

Spotlight is the Macintosh technology that lets you search for things on your Mac. When you search for something like “dog” it not only finds that letter combination in the names of files but searchs the contents of the files for that term as well.

Occasionally Spotlight goes a little nuts and does things like continuously indexing your entire machine, which can slow things down. A good fix for this problem is to simply delete the Spotlight index and let it recreate itself. This can also fix problems where things aren’t showing up in a search that you know are there. The tool we use to do this is a command line tool called mdutil

To delete a Spotlight index enter the following in Terminal. Spotlight will automatically begin to rebuild the index.

sudo mdutil -E volume_name

If you only have one hard drive or partition on your machine or you want to rebuild the index on the drive you’re booted from use this syntax:

sudo mdutil -E /

If you want to rebuild the index on a different drive then your boot drive use this syntax. We’ll assume the drive is name “Extra Stuff”:

sudo mdutil-E "/Volumes/Extra Stuff"

If, for some reason, you find you need to completely turn off Spotlight use this command.

sudo mdutil -i on/off volume_name

To turn off Spotlight indexing on your boot volume use this syntax:

sudo mdutil -i off /

webmaster :: Sep.28.2007 :: System, Terminal :: 1 Comment »

What is an Internet-enabled disk image?

Basically, an internet-enabled disk image is a standard .dmg file with one small change. When it is downloaded using a browser it will automatically decompress the image, put the application or folder on the desktop, unmount and remove the disk image file. This way users don’t have to deal with downloading an image, double-clicking on it, dragging out the files, etc. It’s all done in one fell swoop.

How do I make my images internet-enabled?

First you have to create a disk image. There are lots of tutorials out there on how to do this (it’s quite easy). There are also a few applications that will do it for you, such as DropDMG. Apple even has an Automator action that will do this for you.

Once you’ve created your disk image fire up Terminal and use the hdiutil utility. The option we want is internet-enable -yes.

So, if I have a disk image on our desktop named myapp.dmg I would use the following syntax:

hdiutil internet-enable -yes /Path/to/image/myapp.dmg

Since I find myself creating these files a lot for installer packages I’ve found an easier way. Paste this text into Script Editor and save it as an application. It will create a droplet. Then just drag and drop your disk image file on the droplet and it will be instantly internet-enabled!

Code block

on open theFile
	tell application "Finder"
		set theNamePath to (theFile as text)
		set theName to the name of the file theNamePath
	end tell
	set thePath to the quoted form of the POSIX path of theFile
	try
		do shell script "/usr/bin/hdiutil internet-enable -yes " & thePath
		display dialog "The disk image " & (ASCII character 34) & theName & (ASCII character 34)¬
              & " has been successfully internet-enabled!"
	on error errmsg
		display dialog "Oops!  This error occured: " & return & return & ¬
              errmsg buttons {"OK"} default button 1
	end try
end open

macadmin :: May.30.2007 :: Applescript, Management, Terminal :: No Comments »