How do I delete a network interface using Terminal

Question

Level 1

21 points

How do I delete a network interface using Terminal

Question:

How do I delete a network interface using Terminal?

Background:

I would think this would be fairly straight forward, but I have not been able to find information on how to do this. We are a school district and have a decent number of computers. We want the machines to be using Wired Ethernet and ONLY that. Students were connecting to neighbors WiFi and skirting around the network content filter.

I do not just want to "down" and interface using "sudo ifconfig en1 down". I want to delete the interface entirely. I realize this is pretty easy using the GUI, but I don't want to touch the machines manually. I am looking to send an ARD Unix command.

Any help would be appreciated. We are using 10.6.2 and 10.4.11.

MacBook Pro 15, Mac OS X (10.6.2), MacBook Pro 15, iMac 20 lab, xserves, AD integration

Posted on Feb 8, 2010 8:35 AM

Reply

Answer 1

MartinR

Level 6

19,217 points

Feb 8, 2010 8:56 AM in response to CRoth2

Won't ARD support a +System Prefs > Network > Airport > Make Service Inactive+ command?

Of course, you would not want your students logging into an Administrator account, because then they could reactivate via System Prefs. Hopefully they are only allowed to log in as Users.

Reply

Answer 2

varjak paw

Level 10

170,206 points

Feb 8, 2010 9:09 AM in response to CRoth2

Try this command using the Send UNIX Command option in ARD, using "root" (sans quote marks) in the "send command as" field:

networksetup -removenetworkservice <networkservice>

You will need the precise name of the network service for <networkservice>. You can get a list via:

networksetup -listnetworkserviceorder

or

networksetup -listallhardwareports

Regards.

Reply

Answer 3

CRoth2 Author

Level 1

21 points

Feb 8, 2010 11:48 AM in response to MartinR

I may just be overlooking something. Could you provide a more step by step as to what to click? I don't see what you are suggesting I do as an available option.

Reply

Answer 4

CRoth2 Author

Level 1

21 points

Feb 8, 2010 11:55 AM in response to varjak paw

This seems closer to what I am looking for but it is not working either.

This is what I did locally in terminal before trying to use it in ARD:
=======================================================================

basd-ml-19061:~ admin$ sudo -s
bash-3.2# networksetup -listallhardwareports

Hardware Port: Bluetooth DUN
Device: Bluetooth-Modem
Ethernet Address: N/A

Hardware Port: Ethernet
Device: en0
Ethernet Address: 00:19:e3:47:b8:7c

Hardware Port: FireWire
Device: fw0
Ethernet Address: 00:1c:b3:ff:fe:95:cb:8e

Hardware Port: AirPort
Device: en1
Ethernet Address: 00:1c:b3:b8:56:95

VLAN Configurations
===================
bash-3.2# networksetup -removenetworkservice AirPort
You cannot remove AirPort because there aren't any other network services on AirPort.
** Error: The parameters were not valid.
bash-3.2# networksetup -removenetworkservice Ethernet
You cannot remove Ethernet because there aren't any other network services on Ethernet.
** Error: The parameters were not valid.
bash-3.2# networksetup -removenetworkservice FireWire
You cannot remove FireWire because there aren't any other network services on FireWire.
** Error: The parameters were not valid.
bash-3.2# networksetup -removenetworkservice "Bluetooth DUN"
You cannot remove Bluetooth DUN because there aren't any other network services on Bluetooth DUN.
** Error: The parameters were not valid.
bash-3.2#

Reply

Answer 5

varjak paw

Level 10

170,206 points

Feb 8, 2010 12:28 PM in response to CRoth2

OK, sorry about that. Then you'll just have to disable the service, e.g.

networksetup -setnetworkserviceenabled AirPort off

As long as the users don't have administrator privileges to the systems, they won't be able to turn the service back on.

Regards.

Reply

Answer 6

CRoth2 Author

Level 1

21 points

Feb 8, 2010 12:44 PM in response to varjak paw

I appreciate all of your help thus far. I am well beyond where I got on my own using your suggestions. However, I findit hard to believe the GUI will allow me to do something that I can't do in Terminal. I would believe it if the tides were turned, but not in GUI and not commandline.

Do you or anyone else have any other ways of accomplishing my original goal of actually Deleting the interface?

The process I am following in the GUI is:

1) System Preferences
2) Network
3) Highlight the network interface
4) Click the [-] (minus button)
5) Rinse repeat for all interfaces other than "Ethernet"
6) Apply changes

Reply

Answer 7

MartinR

Level 6

19,217 points

Feb 8, 2010 1:48 PM in response to CRoth2

You cannot delete the last remaining service for a hardware port in OS X. In an iMac there is only 1 each Ethernet, Airport, FireWire and BlueTooth network port, that's why you cannot delete it. You can only disable it through the GUI or by using the setnetworkservice command.

Reply

Answer 8

CRoth2 Author

Level 1

21 points

Feb 8, 2010 2:05 PM in response to MartinR

If there was a way for me to upload an image to the forum I would. Using the GUI with the steps I mentioned I now see only one (1) interface. Ethernet, Firewire, Bluetooth, etc are not even shown in the GUI. I am using my laptop for testing purpose and am connected via Wireless which is why I did not leave only the Ethernet, which is what I would want to do with the Lab.

Which the above in mind, I don't think your statement is entirely correct. Am I misunderstanding something?

Edit: screenshot ( http://img714.imageshack.us/img714/5742/screenshot20100208at452.png )

Message was edited by: CRoth2

Reply

Answer 9

MartinR

Level 6

19,217 points

Feb 8, 2010 2:08 PM in response to CRoth2

By clicking the + you can readily add the service back to the list, so you haven't actually deleted the underlying service, port or physically turned off the Airport hardware. While I don't know exactly what is going on behind the GUI, I suspect it's doing a setnetworkservice command to turn the service on or off; and deleting the name of the service from the list that is visible in the GUI.

Reply

Answer 10

varjak paw

Level 10

170,206 points

Feb 8, 2010 2:39 PM in response to CRoth2

I findit hard to believe the GUI will allow me to do something that I can't do in Terminal.

That's not uncommon in Mac OS X. Some settings and configurations are done only in preference files and have no command-line equivalent. In this case that setting seems to be held in the preferences.plist file in /Library/Preferences/SystemConfiguration (in 10.6, anyway; I don't have a 10.5 system at hand to see if it's the same there) and I know of no command-line way of changing it.

I'm not sure what the difference is if the user's can see the interface but not activate it, but it's your lab.

Reply

Answer 11

R C-R

Level 6

17,782 points

Feb 8, 2010 4:48 PM in response to varjak paw

I findit hard to believe the GUI will allow me to do something that I can't do in Terminal.

That's not uncommon in Mac OS X. Some settings and configurations are done only in preference files and have no command-line equivalent.

I don't think that is correct. Terminal provides access to just about anything, including setting preferences with the "defaults" binary that have no GUI equivalent. The problem is that unless there is a well documented high level binary, users have to do everything manually that the GUI hides & does for them automatically. This includes presetting required variables, running low level routines that set everything up for the desired task, recovering from errors, & so on.

IOW, it isn't so much that there is no CLI equivalent as that the equivalent of a single GUI click can involve dozens of CLI commands & substantial knowledge of how to use them.

Reply

Answer 12

CRoth2 Author

Level 1

21 points

Feb 9, 2010 2:47 AM in response to varjak paw

First off, thank you all for your input!

Maybe I have been going about this the wrong way. As Dave Sawyer mentioned, if these settings are held in a PLIST, maybe I can just ARD copy a preconfigured PLIST file to the machines and then force reboot them (if a reboot is necessary).

Does this sound viable? I am not sure how the PLISTs work.

Reply

Answer 13

varjak paw

Level 10

170,206 points

Feb 9, 2010 6:34 AM in response to R C-R

I don't think that is correct. Terminal provides access to just about anything, including setting preferences with the "defaults" binary that have no GUI equivalent.

Not all of the settings in the preference files have domains, RCR. The preference file I mentioned, for instance, doesn't appear to have one, at least none that I can find though I could have missed it.

Reply

Answer 14

varjak paw

Level 10

170,206 points

Feb 9, 2010 6:38 AM in response to CRoth2

if these settings are held in a PLIST, maybe I can just ARD copy a preconfigured PLIST file to the machines and then force reboot them (if a reboot is necessary).

You can try it, but I'm not sure whether the preference file has any machine-specific information. The preference file uses a long alphanumeric string to identify each of the network services and I don't know where it gets that string, from a generic interface type that would work on all machines or from the system itself. You can try copying the pref file to a test machine, though, and see if it works.

Good luck.

Reply

Answer 15

R C-R

Level 6

17,782 points

Feb 9, 2010 10:30 AM in response to varjak paw

Not all of the settings in the preference files have domains, RCR. The preference file I mentioned, for instance, doesn't appear to have one, at least none that I can find though I could have missed it.

The domains do exist, but there is a trick to using the 'defaults' utility that is easy to miss. If you enter (for example):

+defaults read /Library/Preferences/SystemConfiguration/NetworkInterfaces.plist+

to read the domain's preferences in Terminal, you will indeed get a reply saying "Domain SystemConfiguration/NetworkInterfaces.plist does not exist."

However, this is because the defaults binary is picky -- as the defaults Mac OS X Manual Page mentions, you must strip the ".plist" extension from the path name when using the filepath domain specifier option. So, instead of the above, enter:

+defaults read /Library/Preferences/SystemConfiguration/NetworkInterfaces+

to read the domain info for this plist.

Similarly, you can use this type of domain specifier with the write domain key 'value' form to change any single property value, or the write domain 'plist' form to replace the entire plist with a property list representation of an entire plist dictionary. (See the man page write examples in the "DESCRIPTION" section if this nomenclature is unclear.)

Of course, this is only half the battle. You still must know what values are acceptable & do all you need to do. I can guess that setting "AllowEnable" in the /Library/Preferences/SystemConfiguration/com.apple.airport domain to '0' would disable that network interface, but it may not be the only value in the only domain that needs to be set to do what the OP wants.

Reply