How can I be a real sysadmin under MacOSX?

Question

How can I be a real sysadmin under MacOSX?

Other than the obvious way: pulling up a terminal window and doing everything from the command line. I've become somewhat leery of doing that because MacOSX isn't quite UNIX. Even if one follows the man pages, doing things from the command line can have unexpected consequences. The bright, candy-colored wrapping seems to be designed to resist intelligent administration, and the admin "tools" on this machine are a joke.

What do I need to install so I can:

set file permissions without having to use a sledge hammer and a crowbar

see all groups and accounts in the pull-down menu -- as in I need to change the file to being owned by "system", but the only way to do that right now is "chown root <filename>", and if I want it to be readable by group "wheel" I have to "chgrp wheel <filename>" instead of just using the pulldown. This used to be simple to do! In the course of making the system idiot-proof, they've now made it a pain to run if you have a brain.

(beginning to understand why a friend wiped his Macbook Pro and installed Linux)

QuickTime-OTHER, Mac OS X (10.6.8), 2.7 GHz Core i5, 12GB 1333 DDR3

Posted on Jul 4, 2011 1:56 PM

Reply

Answer 1

Kappy

Level 10

362,007 points

Jul 4, 2011 2:04 PM in response to Lee Thompson-Herbert

BatChmod 1.6.3. It's a little old but still works. Why do you need to make these permissions changes in the first place?

Reply

Answer 2

X423424X

Level 6

14,271 points

Jul 4, 2011 2:18 PM in response to Lee Thompson-Herbert

Enable root user and login in as "root".

Here's an apple doc that shows one way to do it. There are other ways. For example, look here. If you are curious google "enable root in os x in 10.6".

Edit:

I may have misread your post. I thought you just wanted to become a super user to change things.

Reply

Answer 3

Jul 4, 2011 2:14 PM in response to Lee Thompson-Herbert

Right-click on the file, choose 'get info'. At the bottom of the info window is the file permissions. Unlock and authenticate to edit.

Reply

Answer 4

Jul 4, 2011 4:17 PM in response to noondaywitch

Root is already enabled (no brainer, I do that for all my systems).

Clicking the little lock and and attempting to edit no longer gives the same results that it did in older versions of the OS. As I jumped several full releases from the old G4 system to this brand new one, I'm not sure when it happened. However, at one time you actually got a pop-up menu of users rather than getting shunted to the "Users" window. It actually showed all the user and group names in use on the system, not just the ones the GUI wants you to see. So I actually could just go to the permissions, click the lock, then from the pop-up select "wheel" as the group, "system" as the owner, with the appropriate read/write permissions. Yes, I'd have to type in the administrator password, but that's also a no-brainer.

Now I click the permissions and if the "user" isn't listed on GUI user admin tool, I can't chown a file to them. It wants me to ADD A NEW ACCOUNT to get it on the list. Then gets confused because that account already exists.

Why do I want to change file permissions? Several reasons: for when my third-party backup software gets confused and quits running as admin (I've only seen it happen once, but it sucked until I fixed it). It's a quick and dirty way to restore/replace system files if you know exactly where they're supposed to go and what permissions they're supposed to have. Since my backup software makes bootable copies of files, I can replace corrupted/mangled files by just pasting in a clean copy (usually the permissions aren't an issue there). And yes, I'm bad and install fonts by slapping them directly into the /System/Library/Font directory sometimes.

But the main reason to need to mess with permissions this time was disaster recovery. I managed to salvage the hard disk out of the extremely dead G4, but not everything was saved. Some things had to be put back by hand and then tweaked some to get them to work again. Since 98% of the files were backed up on external disks, it didn't seem unreasonable to try and recover the others ... until I started finding out that this version of the OS has been made more idiot-proof than before.

Do I have to run the Server package to get real admin tools?

Reply

Answer 5

Kappy

Level 10

362,007 points

Jul 4, 2011 4:21 PM in response to Lee Thompson-Herbert

Maybe this, Apple Server Admin Tools 10.6.5 is what you want.

Reply

Answer 6

Barney-15E

Level 10

122,300 points

Jul 4, 2011 4:25 PM in response to Lee Thompson-Herbert

Root is already enabled (no brainer, I do that for all my systems).

Why?

I managed to salvage the hard disk out of the extremely dead G4, but not everything was saved. Some things had to be put back by hand and then tweaked some to get them to work again.

Just mount the recovered drive and set it to ignore ownership on that drive.

Do I have to run the Server package to get real admin tools?

It doesn't sound like you are using a server, so why do you need the Server Admin Tools?

Reply

Answer 7

Linc Davis

Level 10

209,739 points

Jul 4, 2011 4:46 PM in response to Lee Thompson-Herbert

MacOSX isn't quite UNIX ... beginning to understand why a friend wiped his Macbook Pro and installed Linux

I'm afraid you have that backwards. Mac OS X is Open Group certified UNIX -- the only desktop OS with that certification. It's Linux that "isn't quite UNIX."

The bright, candy-colored wrapping seems to be designed to resist intelligent administration ...

For GUI user management, extract Workgroup Manager from the Server Admin Tools. Throw the rest of the Tools away, unless you need to manage an OS X Server. Authenticate to "localhost" as admin.

There is no reason to enable local root logins. There may, of course, be a reason to enable remote root logins via SSH. I assume you already know how to do that.

Reply