Mac Stuff

What is an Internet-enabled disk image?

Basically, an internet-enabled disk image is a standard .dmg file with one small change. When it is downloaded using a browser it will automatically decompress the image, put the application or folder on the desktop, unmount and remove the disk image file. This way users don’t have to deal with downloading an image, double-clicking on it, dragging out the files, etc. It’s all done in one fell swoop.

How do I make my images internet-enabled?

First you have to create a disk image. There are lots of tutorials out there on how to do this (it’s quite easy). There are also a few applications that will do it for you, such as DropDMG. Apple even has an Automator action that will do this for you.

Once you’ve created your disk image fire up Terminal and use the hdiutil utility. The option we want is internet-enable -yes.

So, if I have a disk image on our desktop named myapp.dmg I would use the following syntax:

hdiutil internet-enable -yes /Path/to/image/myapp.dmg

Since I find myself creating these files a lot for installer packages I’ve found an easier way. Paste this text into Script Editor and save it as an application. It will create a droplet. Then just drag and drop your disk image file on the droplet and it will be instantly internet-enabled!

[codesyntax lang=”applescript” lines=”no”]
on open theFile
tell application “Finder”
set theNamePath to (theFile as text)
set theName to the name of the file theNamePath
end tell
set thePath to the quoted form of the POSIX path of theFile
try
do shell script “/usr/bin/hdiutil internet-enable -yes ” & thePath
display dialog “The disk image ” & (ASCII character 34) & theName & (ASCII character 34)¬
& ” has been successfully internet-enabled!”
on error errmsg
display dialog “Oops! This error occured: ” & return & return & ¬
errmsg buttons {“OK”} default button 1
end try
end open
[/codesyntax]

admin :: May.30.2007 :: Applescript, Management, Terminal :: Comments Off on Creating Internet-enabled Disk images

If you use AppleScript you know sometimes when you try to do things such as mount a remote volume things can go wrong. Then you get a error message with number telling (hopefully) what went wrong. But you might not want that error message to show up. Maybe if that error happens you want your script to do something. If so then you have to trap that error first.

To catch an error you need to wrap the part of your script that is doing the action in a try statement. So, if I wanted to open a file I might use something like this:

[codesyntax lang=”applescript” lines=”no”]
try
tell application “Finder”
open file “Hard Drive:Users:joe:oops.txt”
end tell
on error errmsg
end try
[/codesyntax]

The script trys to run that command and if there is a problem the error message gets put into the variable errmsg. Then we can handle that error another way, perhaps with a dialog box.

[codesyntax lang=”applescript” lines=”no”]
try
tell application “Finder”
open file “Hard Drive:Users:joe:oops.txt”
end tell
on error errmsg
display dialog errmsg buttons {“Oops”}
end try
[/codesyntax]

That works great for generic errors but what if we know the error code of a specific error, such as the file doesn’t exist ,which happens to be -1728. Then we can add the number property to our on error trap and do something specific for that error.

[codesyntax lang=”applescript” lines=”no”]
try
tell application “Finder”
open file “Hard Drive:Users:joe:oops.txt”
end tell
on error errmsg number errNum
if errNum is -1728 then
display dialog “Hey, that file doesn’t exist!” buttons {“Doh!”}
else
display dialog errmsg buttons {“Oops”}
end try
[/codesyntax]

Now we can give the user specific feedback on certain errors and just display the error message for all other errors.

admin :: May.10.2007 :: Applescript, Scripts :: Comments Off on Trapping error codes in AppleScript

On a single Mac it’s a simple thing to set which time server your machine gets its time from. Simple go to System Preferences, click on “Date & Time” and enter the address for your preferred time server in the “set date & time automatically” box.

However, if you want to blow that setting out to multiple machines what do you do? The file that holds this setting is located in the /etc directory and is named ntp.conf.

Copy that file to the /etc directory on all your machines using something like Apple Remote Desktop and you’re done!

Just make sure the permissions match so the machine can read it correctly. The permissions should look like this:

-rw-r--r-- 1 root wheel 47 Apr 25 09:35 ntp.conf

admin :: Apr.25.2007 :: Management, System :: Comments Off on Setting the time server for multiple machines

Using the Printer Setup Utility in OS X is a very easy and simple way to create printers on a Mac. But occasionally you might have need to create printers at the command line. For example, you might want to create printers on remote machines that only have shell access. Or you might want to add the ability to create printers to a login script or a script that runs after a machine is re-imaged.

Well, the command to do this is lpadmin. lpadmin is used mainly to set up network printers. It’s the command line utility for CUPS, the underlying printing architecture of OS X. As usual you can type man lpadmin to get all the gory details. In this post I’m going to cover how to create a printer and how to delete one using Terminal and lpd.

Creating a new printer

The syntax to create a new printer is:

/usr/sbin/lpadmin -p "name of printer" -E -v lpd://"printer IP or DNS"/"queue name" -P "path to PPD file" -D "description"

The name of the printer is whatever you want the user to see, such as “color laser printer”. Just remember if your name has spaces in it you’ll either need to escape the spaces or quote the name. Also, the name cannot contain any non-printable characters (ex. % $ &). The description field, however, can. If you use the description field that is the name that appears in Printer Setup Utility. If you don’t then the name given in the - p flag will be the name.

All of the standard PPD files on a Mac are kept in /Library/Printers/PPD/Contents/Resources/en.lprog/. The actual PPD file will be contained in a .gz file. You just need to point to that file.

So, for our example we’ll set up a printer with the following attributes:

Name: Color_Laser
Type: HP Color Laser 4700
Print server: print.example.com
print queue: color_laser
description: Color Laser (Front Office)

So our command in the Terminal would be this:

usr/sbin/lpadmin -p Color_Laser -E -v lpd://print.example.com/color_laser -P /Library/Printers/PPDs/Contents/Resources/en.lproj/HP\ Color\ LaserJet\ 4700.gz -D "Color Laser (Front Office)"

Note that I quoted the “Color Laser (Front Office)” part to get around spaces in the name. That’s the name that appears in Printer Setup Utility.

Deleting a Printer

Deleting a printer is much easier. All you need is the name.

The syntax to delete a printer is:

/usr/sbin/lpadmin -x "name of printer"

If I wanted to delete the printer I just created all I would need to do is this:

/usr/sbin/lpadmin -x "Color Laser"

Note: The name you’re deleting is the name you gave it in the - p flag, not the description. So putting “Color Laser (Front Office)” in this would not work.

If you’ve forgotten what names you gave the printers open up a web browser on your machine and enter “http://127.0.0.1:631/printers”. That will take you to the configuration page for CUPS, which will list the printers by name.

Creating printers in AppleScript

You can wrap all of these commands up in an AppleScript and send it to users so they can install printers with just a click. Just wrap the commands in a do shell script command.

The one gotcha is because you are using quotes in the Terminal command AND you have to quote to actual command in AppleScript you have to escape the internal quotes by putting a “\” before each quote. You also have to escape and “escapes” you had in the original command.

To compare, here is the original command:

/usr/sbin/lpadmin -p "Color_Laser" -E -v lpd://print.example.com/color_laser -P /Library/Printers/PPDs/Contents/Resources/en.lproj/HP\ Color\ LaserJet\ 4700.gz -D "Color Laser (Front Office)"

And here is the command with the “do shell script” command in AppleScript:

[codesyntax lang=”applescript” lines=”no”]do shell script “/usr/sbin/lpadmin -p Color_Laser -E -v lpd://print.example.com/color_laser -P /Library/Printers/PPDs/Contents/Resources/en.lproj/HP\\ Color\\ LaserJet\\ 4700.gz -D \”Color Laser (Front Office)\””[/codesyntax]

admin :: Apr.20.2007 :: Applescript, Management, Scripts, shell scripts, Terminal :: 2 Comments »

I just had a need to write a quick script that told me what the color space of an image was (RGB, CMYK, Gray, etc.). So obviously I turned to AppleScript. AppleScript has a nice Scripting Addition called Image Events that can read lots of different information about an image. You can get all the details on the Image Events addition as well as some good examples here.

The one problem I found with Image Events was that it gagged whenever it looked at a grayscale image. No idea why. But, after doing some more research I found that Image Events is based on a UNIX command line tool named sips. Using sips and the AppleScript do shell script command I was able to get the information I needed.

For my immediate purposes I just wanted a script I could run, select a file and get the color information. So that’s what this script does.

[codesyntax lang=”applescript” lines=”no”]
set theFile to (quoted form of the POSIX path of (choose file))
set theColorSpace to (do shell script “sips -g space ” & theFile)
set oldDelims to AppleScript’s text item delimiters
try
set AppleScript’s text item delimiters to “:”
set theColor to text item 2 of theColorSpace as text
set AppleScript’s text item delimiters to oldDelims
on error
set AppleScript’s text item delimiters to oldDelims
end try
display dialog “The color space is: ” & theColor[/codesyntax]

Notice I had to set the file path to the POSIX path of the file. The POSIX path is the actual Unix style path name (ex. /Users/joe/image.jpg). I also had to use the quoted form part of AppleScript to deal with any spaces that might be in the file names. Running this will give you a dialog box with the name of the color space for this file.

Since Image Events can get lots of other bits of information and it’s easier to manipulate then having to parse. So, I combined AppleScript and Automator to make a Finder plug-in. I developed this Automator script to display the image’s size in pixels, resolution, color space and width in picas. It’s being used by a publisher here to quickly check sizes of images to make sure they meet certain requirements. I expect I’ll be adding things and tweaking it as I go.

Click on Image Info Automator workflow to download the workflow. Save it out as a Finder plug-in to use with any selected images.

admin :: Apr.12.2007 :: Applescript, Automator, Scripts :: Comments Off on Finding an image’s color space using AppleScript

Norton AntiVirus (now Symantec AntiVirus) is not, out of the box, able to automatically update it’s virus definitions or it’s application when running on a Macintosh. Symantec has posted two articles that, when put together, let you have all of your Macs update in the dead of night while they are logged out. I’ve been using this technique on all of the Macs in my computer labs for over a year with great success.

The two articles are Running LiveUpdate using UNIX commands and Scheduling LiveUpdate for all users using UNIX commands.

Putting the information from these two articles together you can set up your Macs to auto-update using this procedure.

We’re going to set up a root-level cron job to run a command to update the things we need. I like to have it run around 3 AM. If you don’t know how to do it at the command line use Cronnix and edit the System cron job.

First we’ll cover the basic flag options you have.

-liveupdatequiet

If you don’t want that annoying LiveUpdate window to pop up (especially since you’re logged out) you need the -liveupdatequiet YES flag. If you do want it to show then leave this flag out.

The default action is to show it. However, if you are running this when the machine is logged out you could come in the next morning to a lot of machines with the LiveUpdate window showing behind the login window.

-liveupdateautoquit

If you want LiveUpdate to automatically quit when it’s done use the -liveupdateautoquit YES flag.

I’m not sure why you WOULDN’T want it to quit when it’s done.

Update options

To tell LiveUpdate what to update you have to choose from these options with the -update flag.

LUal = All Symantec products
LUdf = Norton AntiVirus virus definition updates
LUlu = LiveUpdate
LUna = Norton AntiVirus

Putting it all together

So, putting this all together, an example command to silently update the virus definitions would look like this. Watch out for line wraps. This should all be on one line:

/Applications/Symantec\ Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate -update LUdf
-liveupdatequiet YES -liveupdateautoquit YES

Things to watch out for

One “gotcha” to look out for. Symantec changed the name of the folder that holds LiveUpdate between versions 9 and 10. So, the above example will work in version 10. To have it work in version 9 use this path:

/Applications/Norton\ Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate

A second thing to watch out for is when you use the LUal option. If the actual AntiVirus or LiveUpdate applications get updated you’ll need to restart the machine. Norton will give your users an error message when they log in if the machine hasn’t been rebooted since the update.

For that reason I only update the virus definitions this way. When the actual applications need updating I run the command using the LUal flag using Apple Remote Desktop’s “Run UNIX command” function on all the machines at once and then restart them.

admin :: Mar.29.2007 :: Management, System, Terminal :: Comments Off on Making Symantec (Norton) AntiVirus update when logged out

There are times when you may need to get information about your system via the command line. Perhaps for a shell script or you’re already working in Terminal and it’s just quicker then opening the GUI version of System Profiler.

The command line version of System Profiler is, appropriately enough, “system_profiler”.

You can type man system_profiler to get a list of all the many things it can do. Here are a few examples.

You can get three different levels of reports.

• system_profiler -detailLevel mini gives you a report without personal information
• system_profiler -detailLevel basic gives you hardware and network information only
• system_profiler -detailLevel full gives you everything

system_profiler -xml will export everything to an XML file for use in a web page or database. You can combine this command with others to get only certain information

For example, to get only the hardware and network information on a certain machine and write it to an XML file you can use this:

system_profiler -xml -detaiLevel basic > /Users/myaccount/Desktop/report.xml

Enter system_profiler -listDataTypes to get a list of the different areas that system_profiler gathers data on.

Those types are:

SPHardwareDataType
SPNetworkDataType
SPSoftwareDataType
SPParallelATADataType
SPAudioDataType
SPBluetoothDataType
SPDiagnosticsDataType
SPDiscBurningDataType
SPFibreChannelDataType
SPFireWireDataType
SPDisplaysDataType
SPMemoryDataType
SPPCCardDataType
SPPCIDataType
SPParallelSCSIDataType
SPPowerDataType
SPPrintersDataType
SPSerialATADataType
SPUSBDataType
SPAirPortDataType
SPFirewallDataType
SPNetworkLocationDataType
SPModemDataType
SPNetworkVolumeDataType
SPApplicationsDataType
SPExtensionsDataType
SPFontsDataType
SPFrameworksDataType
SPLogsDataType
SPPrefPaneDataType
SPStartupItemDataType

So, to get information on the type of hardware a machine has enter system_profiler SPHardwareDataType into Terminal and you’ll get something like this:

Hardware Overview:

Machine Name: Power Mac G5
Machine Model: PowerMac7,3
CPU Type: PowerPC G5 (3.0)
Number Of CPUs: 2
CPU Speed: 2.5 GHz
L2 Cache (per CPU): 512 KB
Memory: 2 GB
Bus Speed: 1.25 GHz
Boot ROM Version: 5.1.8f7
Serial Number: XXXXXXXXXXX

system_profiler SPPrintersDataType will give you all the information on the currently installed printers.

system_profiler SPFirewallDataType will tell you if the Firewall is on or off and if it’s on what rules are in effect. If the firewall is off you’ll get no return on the command.

admin :: Mar.28.2007 :: Management, System, Terminal :: Comments Off on Using System Profiler in Terminal

Where I work I have lots of people stopping in to ask questions. Usually this involves me getting up to work with them, often for long periods of time. I’m not very good at remembering to change my iChat status to “away” so I came up with this AppleScript.

I have it run via a cron job every 20 minutes. It checks to see if the screen saver is active. If it is then it changes my iChat status to “away’. Simple.

Paste this code into Script Editor and compile. Save it out as a script file.

[codesyntax lang=”applescript” lines=”no”]
tell application “System Events”
set theList to the name of every process
if theList contains “ScreenSaverEngine” then
tell application “iChat”
set theStat to status
if theStat is available then
set status to away
set status message to “Away”
end if
end tell
end if
end tell
[/codesyntax]

Now use something like Cronnix to set it up as a cron job for your account.

When running AppleScripts either in Terminal or for something like a cron job you need to use “osascript”. If you’re using Cronnix you can use the settings below. Click “OK” in the window and then “Save” in the main Cronnix window and you’re done!

admin :: Mar.23.2007 :: Applescript, Management, Scripts :: Comments Off on Using the Screensaver to change my iChat status

This hint is for people who don’t have Apple Remote Desktop 3.0 and may need to know whose been logging into a machine. This can come in particular use if you run a public computing lab and need to know whose been logging into your computers at 2 AM or need to know if a certain student was using a computer at a certain time.

The login stats are kept in /var/log/ in a file named wtmp

Go to Terminal to run the commands below. You either have to be logged in as root or run them as sudo.

To find out how many times people have logged in during the current month:

ac -p

To find out when people have logged in during the current month:

last

To find out this information for previous months you must unzip the log files in /var/log

Example:

gunzip /var/log/wtmp.0.gz will unzip the previous months log files

After you have unzipped you can run the following:

To find out when people logged in during that month:

last -f "path to unzipped file"

Example:

last -f /var/log/wtmp.0

To find out how many times people logged in that month:

ac -p -w "path to file name"

Example:

ac -p -w /var/log/wtmp.0

webmaster :: Mar.22.2007 :: Management, System, Terminal :: 1 Comment »

If you’re running an OS X server as an Open Directory master you can use this tip to check users passwords against a known password. For example, if you give all your users a default password and want to check if they’ve changed their password you can check with this technique. I know most people would say “Just check the box saying they have to change their password on login”. But, your users are Windows users that can cause a lot of headaches.

In Terminal enter the following:

/usr/bin/dscl /LDAPv3/127.0.0.1 auth matt knownpasswd

You either have to be logged into the server or have the server in your Directory Access authentication path for this to work. If you are logged into the server use “/LDAPv3/127.0.0.1” as the server path. If you are on a client machine and have it in your authentication path use the servers address. For example, “/LDAPv3/192.168.1.2”

This tests the password “knownpasswd” for the user matt in the LDAP directory. If the password is correct you’ll get no feedback. If the password is incorrect you’ll get a “-14090, eDSAuthFailed” error.

Look at man dscl for more information if needed.

admin :: Mar.21.2007 :: Server :: Comments Off on Checking a users password using “dscl”