Mac Stuff

I’ve been using the “Sites” folder in my local home directory for some web development testing recently. I had a couple of directories created that didn’t include an “index.html” file. That means that anyone hitting the directory itself could list the contents and see all the other files I was working on in there. Not a major problem for what I was doing but a security issue none the less. After a quick bit of research I found it was quite easy to disable this at the command line.

Open Terminal and type cd /private/etc/apache2/users. Inside the “users” folder will be conf files for each of the users with accounts on the machine. So, if we have a user with the short name of “joe” on the machine there will be a file in there named “joe.conf”.

To edit this file you need to have root permissions. So open it using sudo. I prefer using pico as my editor but use whichever works for you. The command below assumes you are already in the “users” folder.

sudo pico joe.conf

You’ll see something like this:

Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all



Navigate down to the line Options Indexes MultiViews. Carefully delete the Indexes part of the line and save the file. Now restart Apache, either by going to System Preferences and turning off and then back on Web Sharing, or at the command line by typing sudo apachectl restart.

Now navigate to a directory in your “Sites” folder that doesn’t have an index file. You should get a “403 No permissions” error unless you specify a file. Much more secure. Note that you’ll need to do this individually for each account on the machine.

I’ve tested this with Snow Leopard and I’m betting it will work with Leopard. I’m not sure if versions of the OS below 10.5 support this feature.

webmaster :: Jul.08.2010 :: Management, System, Terminal :: No Comments »

A lab we work with recently upgraded to 10.5 and found that the program they were running to get the user login data for their billing wouldn’t work in 10.5 and wasn’t going to be upgrading. In looking at the data it was grabbing it was clear the same data could be gotten using the last command in Terminal. You can see more about last at my post here. However, these folks were not computer-savvy and needed the information in a comma-delimited file. So, I came up with this script.

When you run the script it asks you which month you want the data for in a list. Select the month and it will generate a file on the desktop with that months data. You can save it out as an application, run it from Script Editor or run it as a launchd/cron job. You can customize the output by changing the line that begins with “write”. For example, replace the “,” with tab and create a tab-delimited file instead.

If you run this script logged in as a regular user you will only get the login information for that user. If you run it as an administrator you’ll get the login information for every account on the machine.

Click here to download the script file:
Monthly Login accounting

Code block

set the_months to {}
set the_total to 0
set the_time to ""
set the_computer to (computer name of (system info))
--get the raw login log information
set the_login to (do shell script "last") as text
set the_count to the count of paragraphs of the_login
--get the list of all the months login data is available for
repeat with x from 1 to the_count
	if paragraph x of the_login contains "console" then
		set month_check to (word 4 of paragraph x of the_login) as text
		if the_months does not contain month_check then
			set end of the_months to month_check
		end if
	end if
end repeat
set selected_month to choose from list the_months with prompt "Select the month:"
--create the file to write data to
if selected_month is not false then
	tell application "Finder"
		set file_name to (the_computer & "-" & selected_month & "-" & (year of (current date)) & " login stats.txt")
		if not (exists file (((path to desktop from user domain as text) & file_name))) then
			set login_file to make file with properties {name:file_name, file type:"TEXT"} at (path to desktop from user domain)
		else
			display dialog "This stats file already exists.  Do you want to overwrite it?" buttons {"Yes", "No"} default button 2
			set the_answer to the button returned of the result
			if the_answer is "Yes" then
				delete file ((path to desktop from user domain as text) & file_name)
				set login_file to make file with properties {name:file_name, file type:"TEXT"} at (path to desktop from user domain)
			end if
		end if
	end tell
	set login_file to ((path to desktop from user domain) & file_name) as text
end if
--loop through the data and pull out the logins for the selected month
repeat with x from 1 to the_count
	if paragraph x of the_login contains selected_month then
		if paragraph x of the_login contains "console" then
			set the_user to (word 1 of paragraph x of the_login)
			set the_month to (word 4 of paragraph x of the_login) as text
			set the_logmonth to MonthNumber(the_month)
			set the_day to (word 5 of paragraph x of the_login) as text
			if (the (count of characters of the_day) is less than 2) then
				set the_day to ("0" & the_day)
			end if
			set the_year to yearCheck(selected_month, the_months)
			set log_date to (the_logmonth & "/" & the_day & "/" & the_year)
			set login_time to (word 6 of paragraph x of the_login & ":" & word 7 of paragraph x of the_login)
			set logout_time to (word 8 of paragraph x of the_login & ":" & word 9 of paragraph x of the_login)
			set old_delims to AppleScript's text item delimiters
			set AppleScript's text item delimiters to "("
			try
				set the_time1 to text item 2 of paragraph x of the_login
				set AppleScript's text item delimiters to old_delims
				set the_time to (characters 1 through 5 of the_time1) as text
			on error
				set AppleScript's text item delimiters to old_delims
			end try
			--write all the date to the file
			write (the_user & "," & the_computer & "," & log_date & "," & login_time & "," & log_date & "," & logout_time & "," & the_time & return) to file login_file starting at eof
		end if
	end if
end repeat
--if the list contains January see if the selected month comes before or after January.  Adjust the year accordingly.
on yearCheck(selected_month, the_months)
	if the_months contains "Jan" then
		repeat with x from 1 to count of the_months
			if item x of the_list contains selected_month then
				set the_num to x
			else
				if item x of the_list contains "Jan" then
					set jan_num to x
				end if
			end if
		end repeat
		set year_check to (the_num - jan_num)
		if year_check is greater than 0 then
			set the_year to ((year of (current date)) - 1)
		else
			set the_year to (year of (current date))
		end if
	else
		set the_year to (year of (current date))
	end if
	return the_year
end yearCheck
on MonthNumber(the_month)
	if the_month = "Jan" then
		set the_month to "01"
	else
		if the_month = "Feb" then
			set the_month to "02"
		else
			if the_month = "Mar" then
				set the_month to "03"
			else
				if the_month = "Apr" then
					set the_month to "04"
				else
					if the_month = "May" then
						set the_month to "05"
					else
						if the_month = "Jun" then
							set the_month to "06"
						else
							if the_month = "Jul" then
								set the_month to "07"
							else
								if the_month = "Aug" then
									set the_month to "08"
								else
									if the_month = "Sep" then
										set the_month to "09"
									else
										if the_month = "Oct" then
											set the_month to "10"
										else
											if the_month = "Nov" then
												set the_month to "11"
											else
												if the_month = "Dec" then
													set the_month to "12"
												end if
											end if
										end if
									end if
								end if
							end if
						end if
					end if
				end if
			end if
		end if
	end if
	return the_month as string
end MonthNumber

webmaster :: Sep.10.2009 :: Applescript, Management, Scripts :: 1 Comment »

Out of the box Snow Leopard defaults to running in 32 bit mode. This is so the drivers for things like printers, scanners, network cards, etc. that have not been ported to 64 bit can run. Applications are unaffected by this. A 64 bit app will run in 32 bit mode and vice versa. If you’re not sure what mode your machine is running Snow Leopard in check out this article at MacObserver on how to tell.

The average user is much better off staying with the 32 bit mode for compatibility and ease of use. However, there may be times, especially for those running scientific software, when you need to run in 64 bit mode. And some servers, as mentioned in this Knowledge Base article do boot directly into 64 bit mode and may need to be set back.

You can choose to hold down the “6″ and “4″ keys on startup to boot into 64 bit mode. This will boot you into 64 bit for that boot cycle. When you reboot you will fall back to 32 bit again. Likewise, holding down the “3″ and “2″ keys on boot will put you into 32 bit mode.

If you want to change the mode and make it stick you need to do it at the command line. Fortunately Apple has added a command in the systemsetup tool for just that.

To check which mode you’re currently in run this command in Terminal:
systemsetup -getkernelbootarchitecturesetting

To set your machine to boot into 64 bit mode enter this command and reboot:
sudo systemsetup -setkernelbootarchitecture x86_64

To set your machine to boot into 32 bit mode enter this command and reboot:
sudo systemsetup -setkernelbootarchitecture i386

One oddity I’ve found so far is that on some machines that were upgraded from Leopard to Snow Leopard this command doesn’t appear in systemsetup. Do a man systemsetup before running it to make sure you have the Snow Leopard version of systemsetup

webmaster :: Sep.03.2009 :: Management, System, Terminal :: 1 Comment »

Update: It appears that clear text passwords for AFP connections only work when booted into 32 bit mode. I’ve updated the script to check for which kernel the user is booted into. If they are running 64 bit it asks them if they want to switch to 32 bit. If they say “Yes” then it makes the switch and reboots the machine for them.

A nice article explaining how to see if you are running in 32 or 64 bit mode is here at MacObserver.

There is an Apple Knowledge base article dealing with servers but with good information on switching kernels here.

The procedure for enabling clear text passwords for AFP connections is the same in Snow Leopard as it is in Leopard with one very critical difference. The details about how and why are already in my post on Leopard. If you want the background information you should check out that page. This post will only deal with the Snow Leopard-specific changes.

The big change for enabling clear text passwords for Snow Leopard is that the .plist file is now a binary. This is something Apple has been moving towards since 10.4 and there is a built-in utility that allows you to change the format back and forth to allow for easy editing called “plutil”. The full path to it is “/usr/bin/plutil”

The flag we need to be aware of in “plutil” is the “-convert” flag. There are two formats that we’ll use for this flag, “xml1″ and “binary1″.

To convert the plist file to XML to allow editing we have to run the following command:
/usr/bin/plutil -convert xml1 /Users/joe/Library/Preferences/com.Apple.AppleShareClient.plist

This will convert the file to XML for editing. Now we will do the actual editing. This line is the same as in Leopard.
defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES

Now that we have edited the file we have to convert it back to binary form. So we use the “plutil” tool again with a different format:
/usr/bin/plutil -convert binary1 /Users/joe/Library/Preferences/com.Apple.AppleShareClient.plist

Now the preference file is converted back to binary and can be used by the AFP client.

Here is an updated version of the Leopard AppleScript for changing this setting.

If you would prefer to download a pre-complied script file click below:
Snow Leopard Clear Text Script

Code block

set afp_pref_path to ((POSIX path of (path to preferences from user domain)) & "com.Apple.AppleShareClient.plist")
set OS_version to (do shell script "sw_vers -productVersion")
set kernel_answer to ""
--check if the user is running 32 or 64 bit kernel.
if OS_version contains "10.6" then
	set kernel_version to (do shell script "/usr/sbin/systemsetup -getkernelbootarchitecturesetting")
	if kernel_version contains "x86_64" then
		set kernel_answer to button returned of (display dialog "You are currently running in 64 bit mode.  Clear text passwords only work in 32 bit mode.  Would you like to change to 32 bit mode?  This will require a restart." buttons {"Yes, change it and restart", "No, just enable clear text"} default button 1)
	end if
end if
try
	set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
on error
	--the first command will throw an error if the afp_cleartext_allow setting does not exist
	--if there is an error we'll assume that the setting isn't there and set our variable to the disabled setting
	set clearStatus to 0
end try
--a status of "1" means it's enabled.  So ask if they want to disable it
if clearStatus is 1 then
	display dialog "Do you want to disable clear text passwords?" buttons {"Cancel", "Disable"} default button 2
	if the button returned of the result is "Disable" then
		do shell script "/usr/bin/plutil -convert xml1 " & afp_pref_path
		do shell script "defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool NO"
		do shell script "/usr/bin/plutil -convert binary1 " & afp_pref_path
		set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
		--check to make sure the change really took effect
		if clearStatus is 0 then
			display dialog "Clear text passwords have been disabled" buttons {"OK"}
		else
			display dialog "There was an error disabling clear text passwords!" buttons {"OK"}
		end if
	end if
else
	display dialog "Do you want to enable clear text passwords?" buttons {"Cancel", "Enable"} default button 2
	if the button returned of the result is "Enable" then
		do shell script "/usr/bin/plutil -convert xml1 " & afp_pref_path
		do shell script "defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES"
		do shell script "/usr/bin/plutil -convert binary1 " & afp_pref_path
		set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
		--check to make sure the change really took effect
		if clearStatus is 1 then
			display dialog "Clear text passwords have been enabled" buttons {"OK"}
		else
			display dialog "There was an error enabling clear text passwords!" buttons {"OK"}
		end if
	end if
end if
if kernel_answer contains "Yes" then
	do shell script "/usr/sbin/systemsetup -setkernelbootarchitecture i386" with administrator privileges
	do shell script "/sbin/shutdown -r now" with administrator privileges
end if

webmaster :: Aug.31.2009 :: Applescript, Management, Scripts, Terminal :: 19 Comments »

This certainly isn’t a new thing but I haven’t had a need for it until just recently. I moved my lab machines to Leopard and now every time you plug in an external hard drive it asks to use it for a Time Machine backup. That gets annoying fast. Use the defaults command in Terminal to shut it off. I used Apple Remote Desktop to send it out to all my machines at once.

defaults write com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool YES

webmaster :: Aug.07.2009 :: Management, Terminal :: No Comments »

Those folks who are using Time Machine know how great it is for backing up everything quickly and easily. However, what if you can’t always have an external drive hooked up to your machine. Or, maybe you want to back up more then one machine to that drive. Time Machine backups live quite nicely next to other backups or files.

Out of the box Time Machine does not allow you to back up to a network drive. It just doesn’t show up when you go to choose a backup disk. You have to run a command in Terminal first to enable this function. On the machine you want to be able to access a network drive open Terminal and enter this command to enable networked drives in Time Machine:

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

How to make your local external hard drive accesible to Time Machine

Now that you have your remote machine able to use Time Machine on a network drive how to you network the drive you want to use?

It’s important to know that Time Machine will only work on HFS+, also known as Mac OS Extended, drives. If your drive is formatted FAT or NTFS for use on Windows it won’t work. Also, Time Machine over the network only works for share points shared out using the version of AFP found in Leopard. You can’t share it off an older Tiger machine.

Create a share point for Time Machine

• Open System Preferences and click on “Accounts”
• Click on the lock at the bottom left of the window and enter your admin name and password.
• Now click on the “+” at the bottom right of the window to create a new account. From the drop down at the top of the window select “Sharing only”. This will create an account that can only be used to access share points from the network. If you have that user already in your address book you can select them from that list. Otherwise just enter the desired name and password.

Now that you have an account for your network user to access the Time Machine share point you have to create it.

• Create a folder on your local external drive to share out for backups
• On a Leopard machine open System Preferences > Sharing. Then place a check next to File Sharing if it isn’t already checked.
• Click on the “+” under “Shared Folders” and select the folder on your external drive.
• The folder now shows up under “Shared Folders”. Select it and then click the “+” sign under “Users”. Add the “Sharing only” you created and make sure they have Read and Write permissions. You can delete the other users from that list so that only the remote user can access that share point if you prefer.

Configure Time Machine on the client

Now, go back to the remote machine and connect to that share point.

In the Finder select Go > Connect to Server and either put in the IP address of the machine you want to back up to or browse for it.

Once you’ve connected to the share go to System Preferences > Time Machine and click on the “Choose Backup Drive”. You should see your network share in the list. Select it and you’ll be asked for the login credentials again. Make sure you check the “Save in Keychain” option so you aren’t asked repeatedly.

Now configure Time Machine the way you want and you’re set!

Every time Time Machine runs it will mount that share point, back up to it and then unmount it. One of the security benefits from using Time Machine like this is that all of the files are saved in an encrypted disk image so they are more secure then a regular time machine backup.

webmaster :: Feb.27.2009 :: Management, System :: 1 Comment »

With the release of Leopard Macs now have the ability to run 64 bit applications natively from the GUI. Tiger, the previous release of the OS, supported 64 bit applications but only at the command line. Also, most Macintosh applications these days come as Universal Binaries so they can run on Intel and PowerPC machines.

So how do you tell if you have a 64 bit capable application?

The first place to look is the “Get Info” box of the application itself. If it has a checkbox that gives you the option to run it as a 32 bit application then it is 64 bit. But, is it 64 bit for Intel machines only or for both PowerPC and Intel?

The solution to the problem is found in Terminal using the file command.

Open up Terminal and cd into your application and find the actual compiled binary. This is located in /Contents/MacOS inside your application.

So, for example, if I wanted to check out iWeb I would type the following:

cd /Applications/iWeb.app/Contents/MacOS/

Typing ls once you are inside the app will show you the actual name of the binary.

Now, use the file command on that binary.

file iWeb

That returns the following:


iWeb: Mach-O universal binary with 2 architectures
iWeb (for architecture ppc): Mach-O executable ppc
iWeb (for architecture i386): Mach-O executable i386


Here’s how to read the results:

(for architecture ppc) = 32 bit PowerPC executable
(for architecture ppc64) = 64 bit PowerPC executable
(for architecture i386) = 32 bit Intel executable
(for architecture x86_64) = 64 bin Intel executable

So, we can see that iWeb has one 32 bit executable for PowerPC machines and one 32 bit executable for Intel (i386) machines.

webmaster :: Feb.11.2008 :: Management, System, Terminal :: 2 Comments »

This is a simple tip I stumbled across a month or so ago. There were some bugs in Leopard wireless that wouldn’t let me connect to the encrypted wireless network at work after a machine was restarted. I found that turning the airport card on and off let me connect again. I hated having to remember this every time I restarted so I dug around and found that the command line tool networksetup can do it for me. Great!

This tool exists on Tiger machines in the Apple Remote Desktop client bundle. The path to it is:

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup

Fortunately they very kindly included it in the build for Leopard. The path in Leopard is:

/usr/sbin/networksetup

So, in Leopard, to turn the Airport card off enter the following in Terminal:

/usr/sbin/networksetup -setairportpower off

To turn the card back on change “off” to “on”. If you’re running Tiger make sure to change the path so it points to the app correctly.

Put both of these commands in an AppleScript, save it as an application and add it to your Login items. Then, when the machine is rebooted the card gets turned off and then on and in my case makes my wireless connection.

Snow Leopard changes
In Snow Leopard the command remains, however now you need to run it as sudo. You also need to include the actual network device name AirPort is running on. You can get that by running the following command:

/usr/sbin/networksetup -listallhardwareports

You’ll see Airport listed and below it the device. If the machine does not have two Ethernet ports AirPort is commonly listed as “en1″

After you have that you include it in your command:

sudo /usr/sbin/networksetup -setairportpower en1 on

I’ve included these changes and a routine that will find the airport device in the Snow Leopard version of the script.

Click here to download a copy of the script for Tiger/Leopard:
Airport off and on

Click here to download a copy of the script for Snow Leopard:
Snow Leopard Airport off and on

networksetup is a great tool for administrators and even just people who want a little more control over their machines.

webmaster :: Jan.07.2008 :: Applescript, Management, Scripts, System, Terminal :: 14 Comments »

Note: The method for doing this in Snow Leopard is almost the same but has one slight change to it. Check out the post on doing enabling this in Snow Leopard for the changes.

Leopard, by default, has clear text passwords disabled for AFP connections. This is of course a very good thing to do. No one should be using clear text password connections anymore. However, there are still some older implementations of AFP out there on servers that require a clear text password. So, how do you enable them? By editing a property list or .plist file.

The file in question here is named “com.Apple.AppleShareClient.plist”. It’s located in the Library/Preferences folder in each users home folder. Now, there are a couple of ways to edit this file. If you have the Developer’s Tools installed you can use Property List editor to change that setting from “NO” to “YES”.

Or, if you prefer a command line approach you can use the defaults command to write your settings to the file.

defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES

If you’re not sure if clear text passwords are enabled you can use the “read” function in defaults to read the value

defaults read com.Apple.AppleShareClient afp_cleartext_allow

A returned value of “0″ means it is disabled. A value of “1″ means enabled.

If you have a lot of users that need to have this enabled or even checked that’s a lot of typing. So, once again AppleScript to the rescue.

This script will check the status of clear text passwords on launch. If it’s already enabled it will ask if the user wants to disable it. If it’s not enabled it will ask to enable it.

So, just launching the script will let you see if you need to do anything or not. Saving this an application and emailing it to users is a quick way to have them enable it if they need it and then disable it when the need is over without you having to walk over there and type everything a bunch of times.

If you would prefer to download a pre-complied script file click below:

Leopard Clear Text script

Code block

try
	set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
on error
	-the first command will throw an error if the afp_cleartext_allow setting does not exist
	-if there is an error we'll assume that the setting isn't there and set our variable to the disabled setting
	set clearStatus to 0
end try
-a status of "1" means it's enabled.  So ask if they want to disable it
if clearStatus is 1 then
	display dialog "Do you want to disable clear text passwords?" buttons {"Cancel", "Disable"} default button 2
	if the button returned of the result is "Disable" then
		do shell script "defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool NO"
		set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
		-check to make sure the change really took effect
		if clearStatus is 0 then
			display dialog "Clear text passwords have been disabled" buttons {"OK"}
		else
			display dialog "There was an error disabling clear text passwords!" buttons {"OK"}
		end if
	end if
else
	display dialog "Do you want to enable clear text passwords?" buttons {"Cancel", "Enable"} default button 2
	if the button returned of the result is "Enable" then
		do shell script "defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES"
		set clearStatus to (do shell script "defaults read com.Apple.AppleShareClient afp_cleartext_allow") as number
		-check to make sure the change really took effect
		if clearStatus is 1 then
			display dialog "Clear text passwords have been enabled" buttons {"OK"}
		else
			display dialog "There was an error enabling clear text passwords!" buttons {"OK"}
		end if
	end if
end if

webmaster :: Nov.09.2007 :: Applescript, Management, Scripts, System, Terminal :: 7 Comments »

This is a simple one but can be very useful.

To make an alias (shortcut) that points to another file you just need the path to file itself and the place you want the alias.

For this example we’ll make an alias of the Apple Mail program on the desktop the current user.

Code block

tell application "Finder" to make new alias at (path to desktop folder) to file ((path to applications folder as text) & "Mail")

That’s all there is to it. Remember to take advantage of the built in “path to” calls in the Standard Additions dictionary. In Script Editor go to “Open Dictionary” and choose “Standard Additions” from the list. Type “path” in the search box to find it quickly.

webmaster :: Sep.21.2007 :: Applescript, Management, Scripts :: No Comments »