SysAdm

To import in the keychain and force to be considered as “authoritative” a self-signed cert use:

$ sudo certtool i certnew.crt k=/System/Library/Keychains/X509Anchors

or

$ sudo certtool i certnew.cer d k=/System/Library/Keychains/X509Anchors

The former is for certs in PEM format, the second for those in DER format.

$ certtool y k=/System/Library/Keychains/X509Anchors

shows the certs in the system X509Anchors file.

Boot pressing Command-S; you'll land in single user mode. From there you can mount RW the root filesystem:

  # /sbin/mount -wu /

You then should start a few basic services (the most important could be Netinfo, that contains the account details):

  # /sbin/SystemStarter

Now you can perform the needed maintenance task; to reset a user's password you can use the usual command:

  # passwd <username>

You can replace the name of a port with metanames. The most useful are:

• all
• active
• inactive
• installed
• outdated

  port installed | grep -v active | awk '/^  / {print "sudo port -u uninstall", $0}' | sh -x

You can create a graph of the dependencies of the installed ports in graphviz format with:

#!/bin/sh
# Graphviz graph of installed ports dependencies
# Create a svg graph using "dot -Tsvg file.dot"

DOTFILE=$0.dot

echo "GETTING INSTALLED PORTS"
port installed | tail +2 | awk '{print $1}' > $0.lista

echo "digraph hello {" > $DOTFILE

sed 's/^/"/;s/$/"/' < $0.lista >> $DOTFILE

for p in `cat $0.lista` ; do
 echo GETTING DEPENDENCIES FOR $p
 #port dependents $p | awk '/depends on/ {print $4,"->",$1}' >> $DOTFILE
 port dependents $p | awk '/depends on/ {print "\"" $4 "\"" ,"->", "\"" $1 "\""}' >> $DOTFILE
done

rm $0.lista

echo "}" >> $DOTFILE

To see which DHCP server lent you the address, use:

ipconfig getoption "" server_identifier

If Cisco VPN client gives errors try to perform:

cd /System/Library/StartupItems/CiscoVPN
sudo ./CiscoVPN restart

dscacheutil -cachedump -entries host
dscacheutil -flushcache

Note that formerly the command used was lookupd.

Use scutil(8). See Apple forum for insights. Hint:

sudo scutil --set HostName host.doma.in
sudo scutil --set ComputerName bonjourName

Enabling:

$ sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist

Now tftpd is enabled, using /private/tftpboot as a working dir. It's chrooteed, so you'll read and write to the root tftpd directory. You can see the daemon logs using Console.app.

Disabling:

$ sudo launchctl unload /System/Library/LaunchDaemons/tftp.plist

If you prefer a GUI, use TftpServer (download)

1. Insert the Mac OS X Install DVD
2. Restart the Mac
3. Immediately after the bong hold down the C key until the Apple logo appears
4. When the Installer reaches the Introduction phaze, click on Utilities menu and select Disk Utility
5. Click the First Aid tab
6. Highlight the boot hard drive volume or partition
7. Click Repair Disk.

1. Reboot the Mac
2. Immediately press and hold Command-S, until text begins to scroll on screen. In a few seconds the Unix command line prompt (%) appears
3. Issue a fsck –fy
4. Keep fsck-ing until you don't see anymore the ”***** FILE SYSTEM WAS MODIFIED *****” line
5. When fsck exits with a ”The volume <name of disk> appears to be OK.” you can issue a reboot.

• Launch ‘System Preferences’
• Click the ‘Sharing’ icon
• Type in what you want your new computer name to be

sudo mdutil -i on /Volumes/name_of_image

hdiutil convert imagefile.dmg -format UDTO -o imagefile.iso
mv imagefile.iso.cdr imagefile.iso

sudo diskutil umountDisk /dev/diskX
sudo dd if=my-image.img of=/dev/diskX bs=1024k

hdiutil mount MyImage.dmg

This works in 10.4.

To hide:

sudo defaults write /Library/Preferences/com.apple.loginwindow \
HiddenUsersList -array-add account1 account2 account3

To unhide

sudo defaults write /Library/Preferences/com.apple.loginwindow \
HiddenUsersList -array-add

See http://www.macworld.com/weblogs/macosxhints/2006/08/hidelogin/index.php for details.

From the commandline, to see if a file has a resource fork you can look at the (fake) /rsrc subdir:

ls filename/rsrc

To look inside it, use:

/Developer/Tools/DeRez filename

You can wipe / shred /secure erase a file using the command line command srm(1). srm uses the 35-pass Gutmann algorithm.

To enable Posix ACLs in Mac Os X you must issue:

# fsaclctl -p /mntpoint -e

To set the extended attributes, you use the usual chmod command:

# chmod +a "joe allow read,write"

To see the extended permissions, use the -e parameter in ls:

$ ls -le pippo.dat

The fastest way to delete an extended permission entry is:

1. Find the number of the relevant entry;
2. Delete it by number:

  $ ls -le pippo.dat
  -rw-r--r-- + 1 ap  wheel  0 Aug 29 20:48 pippo.dat
   0: user:ap deny delete
   1: user:ap allow read,append
  $ chmod -a# 0 pippo.dat

If you want to go the graphical way, one free GUI, Sandbox, is at http://www.mikey-san.net/sandbox/

A lot of information regarding the users (traditionally held in /etc/passwd in standard Unices) in Leopard are stored in a DB .

You can access and edit them via the dscl(1) command. Example:

  $ dscl localhost -list /Local/Default/Users
  $ dscl localhost -read /Local/Default/Users/ap UserShell
  $ dscl localhost -readall /Local/Default/Users UserShell

With ls, use those flags:

  
  -@      Display extended attribute keys and sizes.
  -e      Print the Access Control List (ACL) associated with the file, if present.
  -O      Include the file flags in a long (-l) output.

Modify the file flags (like uchg, hidden … ) with the chflags(1) command. Example:

  $ chflags nouchg file.txt
  $ chflags -R nouchg somedir

• Query Expression Syntax
• Common Metadata Attributes

drutil eject

It's called dtruss, and is based on dtrace

pmset sleepnow