I recently came across a situation where I had to setup a shared folder on an AIX filesystem. Usually I would use ACLs to setup permission inheritance but there is no ACL support for Mac OS X on an AIX filesystem. So I had to resort to changing the users’ umask.
There are several places where you can specify a umask. There can different different umasks for:
- Applications (EX: Finder, TextEdit, etc…)
- Terminal sessions (EX: SSH)
- System processes
- LaunchDaemons & LaunchAgents
For most cases you would only need to specify a umask for applications and terminal sessions. However, I’ll cover all after the jump.
The title of this post just rolls off the tongue.
I wrote a Ruby CLI utility that can batch check iMac serial numbers for their eligibility into the 1 TB Seagate HDD replacement program. The utility takes either an Excel sheet (xlsx, or xls), or a txt file as an argument. If you’re using an Excel sheet you’ll first need to:
sudo gem update --system
sudo gem install roo
- Format your spreadsheet properly:
- Serial numbers need to be in column A and start on row 2.
- Anything can be in column B but it would be best if it’s something identifiable such as hostnames, or IP addresses.
If you’re using a txt file then you only need to make sure it contains one column of serial numbers. You can grab a copy of the utility from my Github page:
If you run into any problems or have any questions please let me know! I hope it helps.
I once had to deal with Macs that weren’t properly updating their DNS A and PTR records. The effect of which was that some Macs were getting the wrong hostname and that was causing issues with the Active Directory plug-in. At the time DNS was located on a Windows Domain Controller, and DHCP was coming from a Cisco router. I fixed the problem by handing the DHCP responsibility to the DC and configuring it to update DNS A and PTR records on behalf of the clients. If you’re in a similar situation and can have a Windows server handle DHCP; the options needed to configure this are in the properties on the DHCP scope underneath the DNS tab:
- Tick “Enable DNS dynamic updates according to the settings below:”
- Always dynamically update DNS A and PTR records
- Tick “Discard A and PTR records when lease is deleted”
- Tick “Dynamically update DNS A and PTR records for DHCP clients that do not request updates (for example, clients running Windows NT 4.0)”
Once this is done you may want to consider purging the current DNS A and PTR records for the DHCP range so that you’re starting fresh.
Related to my last post, I needed to figure out a way to create local homes for SSH only users automatically on their first login. If the Mac is bound to a directory server it can use the user’s network home if one has been specified, but sometimes that’s not what you want. There are two ways of achieving this functionality, and I’ll let you know what they are after the jump.
You’re bound to Active Directory and get a Kerberos TGT on a GUI login great, right? Well what if you also wanted to get one automatically when you authenticate via SSH? It’s actually pretty easy to do! Assuming of course that you can successfully get one using kinit, and that you’re using 10.6 or later (10.5 and below does not have the required PAM module). The ticket was (sorry, couldn’t resist) editing the /etc/pam.d/sshd file, and more specifically changing the following line:
auth optional pam_krb5.so use_kcminit
auth optional pam_krb5.so default_principal
There should be no need to restart. If all went well the next time you log in via SSH you should receive a TGT. You can view Kerberos credentials by using the klist command. If you’re only bound to Open Directory and have everything set up correctly, you shouldn’t need to do this as the pam_krb5 module, by default, tries to obtain the principal from the user’s OpenDirectory record. By specifying the default_principal option you tell the module to construct the principal from the authenticating user’s username. Let me know in the comments if this worked for you or if have any questions!
Special thanks to my co-worker who helped me discover this.
A little introduction.
Greg Neagle put together a wonderful third party Apple Software Update Service (SUS) called Reposado. In short, the top three greatest features Reposado offers are the ability to create separate update branches, the ability to offer deprecated updates, and it does not need to be run on Mac OS X hardware.
Reposado is great and if you’re using Apple’s SUS solution I recommend you switch. Reposado does have one drawback though, it’s command line only. While that isn’t a problem for most administrators, there may be times when you want someone else, who doesn’t feel comfortable at the command line, to manage updates. Or, perhaps you want the convenience and speed of a GUI. Jesse Peterson filled this void with Margarita, a web front end for Reposado that also runs on Mac or Linux.
We run Reposado on a Red Hat Enterprise Linux (RHEL) 6 server, and I recently installed and configured Margarita incase someone else needed an easy way to add an update to a branch. The only unfortunate part about Margarita on Linux is that it doesn’t startup automatically. If you plan to use Reposado and Margarita on a Mac, Jesse has a launchd task to accomplish this.
After the jump, I’ll explain to how to install the Margarita startup script I wrote for our RHEL 6 server.
Just when I thought I was done writing my last AppleScript, I was forced to write another one! And this time it had to be launched by a login hook.
I needed a script that would display a warning to users, and the one thing I do find handy about AppleScript is its ability to easily create dialog boxes. I also find a login hook best suited for deploying warnings because the desktop won’t appear until the login hook process is finished, meaning that it can’t be as easily ignored 🙂 I’m evil, I know.
If you find yourself in the same boat, some helpful tips are after the jump.