From news at metzger.cc Tue May 1 14:18:02 2007 From: news at metzger.cc (Matthew Metzger) Date: Tue May 1 14:18:48 2007 Subject: hdiutil permissions error In-Reply-To: References: Message-ID: Dan Shoop wrote: > At 3:58 PM -0500 4/26/07, Matthew Metzger wrote: >> Hello, >> >> here's a little puzzle that I haven't been able to understand. I had >> been using the "hdiutil" program to backup folders and files that were >> read/write -everyone permissions. I have had to change those >> permissions to limit access. After I changed permissions, my backup >> command stopped working and gave this error: (the command is first, >> the error after that). >> >> ------- >> sudo hdiutil create -ov -anyowners -srcfolder "/Users" -format UDZO >> -volname "$date" /Volumes/BackUP01/Users/$date.dmg >> >> Password: >> ....................................................................................................................................2007-04-24 >> 09:31:26.143 copy-helper[9409] >> bomCopierFileCopyError:/Users/./sysadmin/Desktop/Safari.app, error 5 >> 2007-04-24 09:31:26.143 copy-helper[9409] Error 5 (Input/output error) >> encountered copying "/Users/Users/./sysadmin/Desktop/Safari.app" >> (canceling) >> >> could not access /Users/./sysadmin/Desktop/Safari.app - Input/output >> error >> hdiutil: create failed - Input/output error >> ------- >> >> Any help in figuring out why the error is happening would be very >> helpful. I'm using sudo, so I assumed that that would override any >> permissions issues. > > It's not a permissions issue, as it states it's an I/O error. Fix yoru > filesystem. Thanks for the tip Dan. There was a problem with the file system. I booted from an install CD and ran Disk Utility -> Repair Disk. I had to run it twice. The first time it fixed some errors, but not all. I was a bit worried, but I ran it again and Disk Repair was successful in fixing all the errors. thanks again, Matthew From lists at colorremedies.com Tue May 1 16:44:38 2007 From: lists at colorremedies.com (Chris Murphy) Date: Tue May 1 16:45:04 2007 Subject: G4 XServe hangs when hot swapping drives Message-ID: <57E31F7D-1D36-447B-8BAE-F018927135BC@colorremedies.com> Whenever removing these drives (drag icon to trash, wait, push handle, wait for drive to spin down, pull drive), shortly thereafter the machine is unresponsive. It's not possible to even ssh into the machine. This occurs the vast majority of the time, at least 8 in 10 attempts. To prepare them, they're inserted, and initialized using Disk Utility. The drives are Apple drives, in Apple sleds. We've gone through a dozen drives, and have used three different bays and the problem is the same. Clearly the machine doesn't like what we're doing. Is there something else that should be done when hot swapping these drives? Capacity: 465.76 GB Model: Hitachi HDS725050KLAT80 Revision: K2ABA20A Machine Name: Xserve Machine Model: RackMac1,2 CPU Type: PowerPC G4 (3.3) Number Of CPUs: 2 CPU Speed: 1.33 GHz Memory: 512 MB Boot ROM Version: 4.6.5f3 Mac OS X: 10.4.8 Chris Murphy Color Remedies (TM) New York, NY ---------------------------------------------------------------------- Co-author "Real World Color Management, 2nd Ed" From daniel at highdesertchurch.com Wed May 2 09:40:29 2007 From: daniel at highdesertchurch.com (Daniel Hazelbaker) Date: Wed May 2 09:42:58 2007 Subject: Apple Mail & Quotas Message-ID: <926D6BA3-391F-4A05-8B80-203BC8483E56@highdesertchurch.com> We have a large number of users (50+) using Apple Mail in Tiger. We also have about 10 people still using Entourage (2004 version). We are using the Tiger mail server (cyrus) with 2GB quotas per user. The quotas are working fine. And yes we do fill those quotas up. We e-mail a lot of large pictures, movies and audio files around doing our jobs so things can add up after a few months of "neglect". Entourage will display the alert when they are nearing quota so the user knows (or at least calls to ask what is going on) to delete some mail. Apple Mail, however, does not display the warnings from the server. Is there something I have to do on the server and/or the client to make that happen or does it just not work? Thanks, Daniel Hazelbaker From saigon at ufl.edu Wed May 2 11:29:15 2007 From: saigon at ufl.edu (Trang Le) Date: Wed May 2 22:11:24 2007 Subject: print charge Message-ID: What software do you use to charge for printing in your labs? What system is the best to manage the print charge (MAC, Windows or Unix)? Trang Le University of Florida From bsilver at chrononomicon.com Thu May 3 08:30:29 2007 From: bsilver at chrononomicon.com (Bart Silverstrim) Date: Thu May 3 08:31:09 2007 Subject: print charge In-Reply-To: References: Message-ID: <463A0015.5030107@chrononomicon.com> Trang Le wrote: > What software do you use to charge for printing in your labs? What > system is the best to manage the print charge (MAC, Windows or Unix)? We use a combination of banner pages that give info on the user that is printing the job and an older woman named Mabel who's worked many years here and has worked long enough to hate her job, so she's really tough on people when it comes to keeping accurate records. Since she's been here so long and is good friends with a couple of the higher ups no one dares question her authority for fear of making their lives miserable or having their print job mysteriously "jam" the printer and get shredded. From shoop at iwiring.net Thu May 3 11:03:07 2007 From: shoop at iwiring.net (Dan Shoop) Date: Thu May 3 11:03:18 2007 Subject: print charge In-Reply-To: References: Message-ID: At 2:29 PM -0400 5/2/07, Trang Le wrote: >What software do you use to charge for printing in your labs? What >system is the best to manage the print charge (MAC, Windows or Unix)? I guess that kinda depends of your policy and how you're charging. tea4cups allows you to do just about anything you want off the output stream so you could pipe it through a filter/accounting system of your choosing. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 "The wise man doesn't give the right answers, he poses the right questions." -- Claude Levi-Strauss ------------------------------------------------------------------------ iWiring provides systems and networks support for Mac OS X, unix, and Open Source application technologies at affordable rates. From newslists at autonomy.caltech.edu Thu May 3 11:15:21 2007 From: newslists at autonomy.caltech.edu (Roland Torres) Date: Thu May 3 11:15:27 2007 Subject: Errors after applying Security Update v1.1 Message-ID: <29657539-0E4C-4101-A77B-F3A72C2FEED6@autonomy.caltech.edu> We have a PPC 2x2GHz system that won't boot up fully anymore. It's running OSX 10.4.9, and has suddenly (after applying the latest security update) begun to spew forth a torrent of error messages in the various log files, which are getting quite huge: -rw-r--r-- 1 root wheel 781840174 May 3 11:14 crashreporter.log -rw-r----- 1 root admin 49721036 May 3 11:14 system.log -rw-r--r-- 1 root wheel 233518213 May 3 11:14 asl.log From crashreporter.log: Thu May 3 10:57:59 2007 crashreporterd[107]: error reading from crashdump. errno: 9 Thu May 3 10:57:59 2007 crashreporterd[107]: crashdump[26020] exited due to signal 11 Thu May 3 10:57:59 2007 crashreporterd[107]: reaping /var/db/ crashdump/crashdump.lock Thu May 3 10:57:59 2007 crashreporterd[107]: crashdump[26021] exited due to signal 11 ?????????A ??k????/L??? ????????`??W???W???W???W??????????????????0??,? D" ??.\????Thu May 3 10:57:59 2007 crashreporterd[107]: reaping /var/ db/crashdump/loginwindow.lock Thu May 3 10:57:59 2007 crashreporterd[107]: error writing to crashdump Thu May 3 10:57:59 2007 crashreporterd[107]: error reading from crashdump. errno: 9 Thu May 3 10:57:59 2007 crashreporterd[107]: crashdump[26023] exited due to signal 11 Thu May 3 10:57:59 2007 crashreporterd[107]: reaping /var/db/ crashdump/crashdump.lock Thu May 3 10:57:59 2007 crashreporterd[107]: crashdump[26024] exited due to signal 5 Thu May 3 10:57:59 2007 crashreporterd[107]: reaping /var/db/ crashdump/loginwindow.lock Thu May 3 10:57:59 2007 crashreporterd[107]: crashdump[26025] exited due to signal 11 Thu May 3 10:57:59 2007 crashreporterd[107]: reaping /var/db/ crashdump/crashdump.lock From system.log: May 3 10:57:59 launchd: /System/Library/CoreServices/loginwindow.app/ Contents/MacOS/loginwindow port /dev/console exited abnormally: Segmentation fault May 3 10:57:59 launchd: /System/Library/CoreServices/loginwindow.app/ Contents/MacOS/loginwindow port /dev/console exited abnormally: Segmentation fault May 3 10:57:59 launchd: /System/Library/CoreServices/loginwindow.app/ Contents/MacOS/loginwindow port /dev/console exited abnormally: Segmentation fault May 3 10:57:59 launchd: /System/Library/CoreServices/loginwindow.app/ Contents/MacOS/loginwindow port /dev/console exited abnormally: Segmentation fault May 3 10:57:59 launchd: /System/Library/CoreServices/loginwindow.app/ Contents/MacOS/loginwindow port /dev/console exited abnormally: Segmentation fault From asl.log: [Time 2007.05.03 17:57:59 UTC] [Facility launchd] [Sender launchd] [PID -1] [Message /System/Library/CoreServices/loginwindow.app/ Contents/MacOS/loginwindow port /dev/console exited abnormally: Segmentation fault] [Level 4] [UID -2] [GID -2] [Time 2007.05.03 17:57:59 UTC] [Facility launchd] [Sender launchd] [PID -1] [Message getty repeating too quickly on port /dev/console, sleeping] [Level 4] [UID -2] [GID -2] ...etc. We ran DiskWarrior on the boot drive, but there's no change. There is 101GB free on the drive. The machine won't come up fully - I can ssh into it, but the login window never appears, just a gray screen with the spinning beach ball of death. The system is *very* busy writing to all of the logs. Maybe something associated with the loginwindow program got corrupted? The checksum of "loginwindow" matches that of another system, so I guess that's not it. Any ideas? Thanks! Roland From newslists at autonomy.caltech.edu Thu May 3 12:01:05 2007 From: newslists at autonomy.caltech.edu (Roland Torres) Date: Thu May 3 12:01:12 2007 Subject: Errors after applying Security Update v1.1 In-Reply-To: <29657539-0E4C-4101-A77B-F3A72C2FEED6@autonomy.caltech.edu> References: <29657539-0E4C-4101-A77B-F3A72C2FEED6@autonomy.caltech.edu> Message-ID: The logs indicate that only System Update 2007-004 V1.0 was applied, not v1.1. Could this be the problem? Is there a way to install the v1.1 update without GUI access to the system (i.e., via ssh)? Roland On May 3, 2007, at 11:15 AM, Roland Torres wrote: > We have a PPC 2x2GHz system that won't boot up fully anymore. It's > running OSX 10.4.9, and has suddenly (after applying the latest > security update) begun to spew forth a torrent of error messages in > the various log files, which are getting quite huge: > > -rw-r--r-- 1 root wheel 781840174 May 3 11:14 crashreporter.log > -rw-r----- 1 root admin 49721036 May 3 11:14 system.log > -rw-r--r-- 1 root wheel 233518213 May 3 11:14 asl.log > > From crashreporter.log: > > Thu May 3 10:57:59 2007 crashreporterd[107]: error reading from > crashdump. errno: 9 > Thu May 3 10:57:59 2007 crashreporterd[107]: crashdump[26020] > exited due to signal 11 > Thu May 3 10:57:59 2007 crashreporterd[107]: reaping /var/db/ > crashdump/crashdump.lock > Thu May 3 10:57:59 2007 crashreporterd[107]: crashdump[26021] > exited due to signal 11 > ?????????A ??k????/L??? > ????????`??W???W???W???W??????????????????0??,? > D" ??.\????Thu May 3 10:57:59 2007 crashreporterd[107]: reaping / > var/db/crashdump/loginwindow.lock > Thu May 3 10:57:59 2007 crashreporterd[107]: error writing to > crashdump > Thu May 3 10:57:59 2007 crashreporterd[107]: error reading from > crashdump. errno: 9 > Thu May 3 10:57:59 2007 crashreporterd[107]: crashdump[26023] > exited due to signal 11 > Thu May 3 10:57:59 2007 crashreporterd[107]: reaping /var/db/ > crashdump/crashdump.lock > Thu May 3 10:57:59 2007 crashreporterd[107]: crashdump[26024] > exited due to signal 5 > Thu May 3 10:57:59 2007 crashreporterd[107]: reaping /var/db/ > crashdump/loginwindow.lock > Thu May 3 10:57:59 2007 crashreporterd[107]: crashdump[26025] > exited due to signal 11 > Thu May 3 10:57:59 2007 crashreporterd[107]: reaping /var/db/ > crashdump/crashdump.lock > > From system.log: > > May 3 10:57:59 launchd: /System/Library/CoreServices/ > loginwindow.app/Contents/MacOS/loginwindow port /dev/console exited > abnormally: Segmentation fault > May 3 10:57:59 launchd: /System/Library/CoreServices/ > loginwindow.app/Contents/MacOS/loginwindow port /dev/console exited > abnormally: Segmentation fault > May 3 10:57:59 launchd: /System/Library/CoreServices/ > loginwindow.app/Contents/MacOS/loginwindow port /dev/console exited > abnormally: Segmentation fault > May 3 10:57:59 launchd: /System/Library/CoreServices/ > loginwindow.app/Contents/MacOS/loginwindow port /dev/console exited > abnormally: Segmentation fault > May 3 10:57:59 launchd: /System/Library/CoreServices/ > loginwindow.app/Contents/MacOS/loginwindow port /dev/console exited > abnormally: Segmentation fault > > From asl.log: > > [Time 2007.05.03 17:57:59 UTC] [Facility launchd] [Sender launchd] > [PID -1] [Message /System/Library/CoreServices/loginwindow.app/ > Contents/MacOS/loginwindow port /dev/console exited abnormally: > Segmentation fault] [Level 4] [UID -2] [GID -2] > [Time 2007.05.03 17:57:59 UTC] [Facility launchd] [Sender launchd] > [PID -1] [Message getty repeating too quickly on port /dev/console, > sleeping] [Level 4] [UID -2] [GID -2] > > ...etc. > > We ran DiskWarrior on the boot drive, but there's no change. There > is 101GB free on the drive. The machine won't come up fully - I can > ssh into it, but the login window never appears, just a gray screen > with the spinning beach ball of death. The system is *very* busy > writing to all of the logs. > > Maybe something associated with the loginwindow program got > corrupted? The checksum of "loginwindow" matches that of another > system, so I guess that's not it. > > Any ideas? > Thanks! > Roland > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From dez at mac.com Thu May 3 12:53:33 2007 From: dez at mac.com (Derek Chesterfield) Date: Thu May 3 12:53:36 2007 Subject: Errors after applying Security Update v1.1 In-Reply-To: References: <29657539-0E4C-4101-A77B-F3A72C2FEED6@autonomy.caltech.edu> Message-ID: <336DC030-3C95-4650-8CF4-706E7A560DB7@mac.com> On 3 May 2007, at 20:01, Roland Torres wrote: > Is there a way to install the v1.1 update without GUI access to the > system (i.e., via ssh)? man softwareupdate From shoop at iwiring.net Fri May 4 11:23:51 2007 From: shoop at iwiring.net (Dan Shoop) Date: Fri May 4 11:24:05 2007 Subject: Errors after applying Security Update v1.1 In-Reply-To: References: <29657539-0E4C-4101-A77B-F3A72C2FEED6@autonomy.caltech.edu> Message-ID: At 12:01 PM -0700 5/3/07, Roland Torres wrote: >The logs indicate that only System Update 2007-004 V1.0 was applied, >not v1.1. Could this be the problem? Is there a way to install the >v1.1 update without GUI access to the system (i.e., via ssh)? I doubt that this is your only issue. But *reading* the crashdumps might be helpful ;) However I'd have to ask why you didn't just roll back to the backup you took before modifying a production server when you experienced the problem. It's still probably your best bet. Of course this presumes the system wasn't fubar right before this too and you didn't know it b/c the system had already launched the problematic processes. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 "The wise man doesn't give the right answers, he poses the right questions." -- Claude Levi-Strauss ------------------------------------------------------------------------ iWiring provides systems and networks support for Mac OS X, unix, and Open Source application technologies at affordable rates. From newslists at autonomy.caltech.edu Fri May 4 11:44:49 2007 From: newslists at autonomy.caltech.edu (Roland Torres) Date: Fri May 4 11:44:55 2007 Subject: Errors after applying Security Update v1.1 In-Reply-To: References: <29657539-0E4C-4101-A77B-F3A72C2FEED6@autonomy.caltech.edu> Message-ID: <2C70F3F2-6C58-4EA4-95D2-DEE659F0D161@autonomy.caltech.edu> On May 4, 2007, at 11:23 AM, Dan Shoop wrote: > At 12:01 PM -0700 5/3/07, Roland Torres wrote: >> The logs indicate that only System Update 2007-004 V1.0 was >> applied, not v1.1. Could this be the problem? Is there a way to >> install the v1.1 update without GUI access to the system (i.e., >> via ssh)? > > I doubt that this is your only issue. But *reading* the crashdumps > might be helpful ;) ?? > > However I'd have to ask why you didn't just roll back to the backup > you took before modifying a production server when you experienced > the problem. It's still probably your best bet. Of course this > presumes the system wasn't fubar right before this too and you > didn't know it b/c the system had already launched the problematic > processes. Point taken, although this isn't a production server, but a support processing system. We do have it backed up, even though there's really nothing much to back up outside the OS. Command-line softwareupdate resulted in a segmentation fault. Reinstalling OSX 10.4 and reapplying patches worked fine, and the system was back online in about an hour, with no loss of data. I still suspect the v1.0 security update, but it's a moot point now. Roland From shoop at iwiring.net Fri May 4 12:16:22 2007 From: shoop at iwiring.net (Dan Shoop) Date: Fri May 4 12:16:39 2007 Subject: Errors after applying Security Update v1.1 In-Reply-To: <2C70F3F2-6C58-4EA4-95D2-DEE659F0D161@autonomy.caltech.edu> References: <29657539-0E4C-4101-A77B-F3A72C2FEED6@autonomy.caltech.edu> <2C70F3F2-6C58-4EA4-95D2-DEE659F0D161@autonomy.caltech.edu> Message-ID: At 11:44 AM -0700 5/4/07, Roland Torres wrote: >On May 4, 2007, at 11:23 AM, Dan Shoop wrote: > >>At 12:01 PM -0700 5/3/07, Roland Torres wrote: >>>The logs indicate that only System Update 2007-004 V1.0 was >>>applied, not v1.1. Could this be the problem? Is there a way to >>>install the v1.1 update without GUI access to the system (i.e., >>>via ssh)? >> >>I doubt that this is your only issue. But *reading* the crashdumps >>might be helpful ;) > >?? The crashdumps due tell you what happened. That's why they exist. ;) -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 "The wise man doesn't give the right answers, he poses the right questions." -- Claude Levi-Strauss ------------------------------------------------------------------------ iWiring provides systems and networks support for Mac OS X, unix, and Open Source application technologies at affordable rates. From newslists at autonomy.caltech.edu Fri May 4 12:59:15 2007 From: newslists at autonomy.caltech.edu (Roland Torres) Date: Fri May 4 12:59:19 2007 Subject: Errors after applying Security Update v1.1 In-Reply-To: References: <29657539-0E4C-4101-A77B-F3A72C2FEED6@autonomy.caltech.edu> <2C70F3F2-6C58-4EA4-95D2-DEE659F0D161@autonomy.caltech.edu> Message-ID: On May 4, 2007, at 12:16 PM, Dan Shoop wrote: > At 11:44 AM -0700 5/4/07, Roland Torres wrote: >> On May 4, 2007, at 11:23 AM, Dan Shoop wrote: >> >>> At 12:01 PM -0700 5/3/07, Roland Torres wrote: >>>> The logs indicate that only System Update 2007-004 V1.0 was >>>> applied, not v1.1. Could this be the problem? Is there a way to >>>> install the v1.1 update without GUI access to the system (i.e., >>>> via ssh)? >>> >>> I doubt that this is your only issue. But *reading* the >>> crashdumps might be helpful ;) >> >> ?? > > The crashdumps due tell you what happened. That's why they exist. ;) Which crash dumps are you referring to, if not those I posted? Those seemed to tell me no clear tale. Roland From julia at julialandau.com Mon May 7 08:19:42 2007 From: julia at julialandau.com (Julia Landau) Date: Mon May 7 08:21:26 2007 Subject: (Default Catch in Open Firmware) Message-ID: Hi Chris- (sorry if this is outdated but maybe you have a word of wisdom) I recognized your problem with the "Default Catch" error. I just installed Mac OS X 10.3 onto a desktop that had 10.2.8 And now it gives me a DEFAULT CATCH error...followed by some Apple company codes and then Welcome to Open Firmware, the system time and date is: I am troubleshooting myself and finding no help! From smt at vgersoft.com Mon May 7 11:01:05 2007 From: smt at vgersoft.com (Steve Thompson) Date: Mon May 7 11:01:14 2007 Subject: OS-X + LDAP + netgroups Message-ID: clients: OS-X 10.4.9, Intel & PPC. server: OpenLDAP 2.3.32, RFC 2307 schema. I have some Mac systems getting authentication and automount information from an OpenLDAP directory with no problems. However, I have been unable to find out how to configure the Mac clients to read netgroup information from LDAP, and googling and reading Apple's documentation has not shone the light on this for me. If anyone out there has got this working, or knows that it cannot be done, I'd appreciate a nod in the right direction. TIA, Steve From bsilver at chrononomicon.com Thu May 10 12:35:25 2007 From: bsilver at chrononomicon.com (Bart Silverstrim) Date: Thu May 10 12:35:46 2007 Subject: Question about Windows list Message-ID: <464373FD.9040907@chrononomicon.com> I know this is off-topic, but I'm hoping someone on this list can recommend a mailing list that is aimed at Windows 2000/xp/2003/vista/etc. administrators. I've tried getting into the ISP-Windows list but I think it must be getting caught in a spam filter along the way. Are there any good lists other admins can recommend for Windows administration questions? From brianw at sounds.wa.com Thu May 10 13:05:02 2007 From: brianw at sounds.wa.com (Brian Willoughby) Date: Thu May 10 13:05:35 2007 Subject: What starts postfix when "Enabled SMTP" is unchecked? Message-ID: Hi all, I have Mac OS X Server running on an Xserve, but I disabled "postfix" in Server Admin under "Mail" by unchecking "Enable SMTP" on the "Settings" page. I compiled sendmail, moved postfix aside by renaming /usr/sbin/sendmail as /usr/sbin/postfix-sendmail, and then installed sendmail as /usr/sbin/sendmail ... sendmail seems to be running fine and doing everything I configured it for. However, I still get a few messages delivered by postfix, such as the daily email from calendar (I added a line to /etc/daily.local which runs "/usr/bin/calendar -a" and works rather nicely) /var/log/mail.log shows entries from postfix/qmgr and postfix/pipe, so I'm wondering how these daemons even got started. postfix/qmgr is running as a daemon with the command line "qmgr -l -t fifo -u" - I've even searched /etc/ and /System/Library/StartupItems/ for "qmgr" and "-l -t fifo -u" and can't see anything that might start the daemon. I also searched the text of /usr/bin/calendar for "postfix" to see if it directly calls postfix somehow for delivery. The thing is, I get two emails from calendar, one delivered by sendmail and one delivered by postfix. If anyone has a clue as to what is starting the postfix qmgr daemon, I'd be happy to know how to defeat it. The only thing I haven't tried is deleting my postfix-sendmail backup entirely, but I can't see how any existing code is finding this unless it's checking by inode number, or by some other filename which is hard-linked to the old (postfix) sendmail. I did a find -inum and didn't see any hard links. I've run out of ideas! Brian Willoughby Sound Consulting From noam at maccentricsolutions.com Wed May 16 12:16:01 2007 From: noam at maccentricsolutions.com (Noam Birnbaum) Date: Wed May 16 12:31:24 2007 Subject: routable dual WAN devices? Message-ID: <36D4922C-F16A-4497-93CC-9FCD6CB03EBA@maccentricsolutions.com> Hey all, We have a client who will be running Rumpus on their server, using the HTTP interface, not FTP. This would work great, except their upload speeds are too slow for their clients downloads. We're looking for a router that support dual routable WAN interfaces -- not just for load balancing or failover. For example, we could route all outgoing http/port 80 and ftp traffic through a dedicated upload service, and route incoming traffic through the other. We've used some dual-WAN routers before, but never in this kind of routing capacity. Any thoughts? Thanks! Noam Birnbaum http://maccentricsolutions.com/ 510.332.3828 (cell) 877.luv.macs x89 (main) From shoop at iwiring.net Wed May 16 13:10:59 2007 From: shoop at iwiring.net (Dan Shoop) Date: Wed May 16 13:11:12 2007 Subject: routable dual WAN devices? In-Reply-To: <36D4922C-F16A-4497-93CC-9FCD6CB03EBA@maccentricsolutions.com> References: <36D4922C-F16A-4497-93CC-9FCD6CB03EBA@maccentricsolutions.com> Message-ID: At 12:16 PM -0700 5/16/07, Noam Birnbaum wrote: >Hey all, > >We have a client who will be running Rumpus on their server, using >the HTTP interface, not FTP. This would work great, except their >upload speeds are too slow for their clients downloads. > >We're looking for a router that support dual routable WAN interfaces >-- not just for load balancing or failover. For example, we could >route all outgoing http/port 80 and ftp traffic through a dedicated >upload service, and route incoming traffic through the other. Um... that would break IP. You can't have requests going to one IP address and getting returned from another. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 "The wise man doesn't give the right answers, he poses the right questions." -- Claude Levi-Strauss ------------------------------------------------------------------------ iWiring provides systems and networks support for Mac OS X, unix, and Open Source application technologies at affordable rates. From u.hoffmann at tt-pixelmind.com Thu May 17 03:32:10 2007 From: u.hoffmann at tt-pixelmind.com (Ute Hoffmann) Date: Thu May 17 03:32:38 2007 Subject: ServerAdmin Tool no longer accessible Message-ID: Hello, We have a server (Mac Os X Server 10.4.x) which is no longer accessible via the Mac OS X ServerAdminTool (remote access via tool). It used to work. Nothing has changed before it stopped working (what we can tell) The server is up and I can connect successfully via terminal remotely Is there a way to check, whether the server admintool itself might be down (or is this not possible at all, that the tool itself had a crash)? Can low memory result in the serverAdminTool no longer being responding? Any other experience why this could be happening? Error-message: IP does not respond Webserver is up and running and responding, thus I suppose it cannot be a DNS-problem, right? Thanks for you help, regards Ute From brianw at sounds.wa.com Thu May 17 09:25:41 2007 From: brianw at sounds.wa.com (Brian Willoughby) Date: Thu May 17 09:25:45 2007 Subject: ServerAdmin Tool no longer accessible In-Reply-To: References: Message-ID: I seem to have this problem almost every time I use Update from within Server Admin. My workaround is to use the terminal connection to reboot the server, which always fixes the problem (although it is always a stressful moment waiting for it to come back up!). I assume that somehow the reboot after an Update does not work correctly for some strange reason. Brian On May 17, 2007, at 03:32, Ute Hoffmann wrote: > Hello, > We have a server (Mac Os X Server 10.4.x) which is no longer > accessible via the Mac OS X ServerAdminTool (remote access via tool). > > It used to work. Nothing has changed before it stopped working > (what we can tell) > > The server is up and I can connect successfully via terminal remotely > > Is there a way to check, whether the server admintool itself might > be down (or is this not possible at all, that the tool itself had a > crash)? > > Can low memory result in the serverAdminTool no longer being > responding? > > Any other experience why this could be happening? > > Error-message: IP does not respond > > Webserver is up and running and responding, thus I suppose it > cannot be a DNS-problem, right? > > Thanks for you help, > regards > > Ute From chris.thacker at ucsf.edu Fri May 18 08:35:01 2007 From: chris.thacker at ucsf.edu (Chris Thacker) Date: Fri May 18 08:35:13 2007 Subject: Apache 2 and Server Admin Message-ID: Can anyone provide instructions for installing Apache 2 on an XServe and tying it in to work with "Server Admin'? Thanks! Chris ____________ Chris Thacker Campus Life Services - Information Systems University of California at San Francisco [help desk] 415 502-5511 [direct line] 415 514-3373 Please note new email: chris.thacker@ucsf.edu From finlay.dobbie at gmail.com Fri May 18 10:08:04 2007 From: finlay.dobbie at gmail.com (Finlay Dobbie) Date: Fri May 18 10:08:08 2007 Subject: Apache 2 and Server Admin In-Reply-To: References: Message-ID: On 18/05/07, Chris Thacker wrote: > Can anyone provide instructions for installing Apache 2 on an XServe and > tying it in to work with "Server Admin'? There are no such instructions. See . -- Finlay From brianw at sounds.wa.com Fri May 18 11:04:09 2007 From: brianw at sounds.wa.com (Brian Willoughby) Date: Fri May 18 11:04:14 2007 Subject: What is starting the postfix daemon on Server? Message-ID: <8364A67E-FFB2-4998-A597-B9D1762A3EBD@sounds.wa.com> Hi all, Can anyone tell me how to prevent the postfix queue manager daemon from running on Mac OS X Server? I have Mac OS X Server running on an Xserve, but I disabled postfix in Server Admin under "Mail" by unchecking "Enable SMTP" on the "Settings" page. I compiled sendmail, moved postfix aside by renaming /usr/sbin/sendmail as /usr/sbin/postfix-sendmail, and then installed sendmail as /usr/sbin/sendmail ... sendmail seems to be running fine and doing everything I configured it for. However, I still get a few messages delivered by postfix, such as the daily email from calendar (I added a line to /etc/daily.local which runs "/usr/bin/calendar -a" and works rather nicely) /var/log/mail.log shows entries from postfix/qmgr and postfix/pipe, so I'm wondering how these daemons even got started. postfix/qmgr is running as a daemon with the command line "qmgr -l -t fifo -u" - I've even searched /etc/ and /System/Library/StartupItems/ for "qmgr" and "-l -t fifo -u" and can't see anything that might start the daemon. I also searched the text of /usr/bin/calendar for "postfix" to see if it directly calls postfix somehow for delivery. The thing is, I get two emails from calendar, one delivered by sendmail and one delivered by postfix. If anyone has a clue as to what is starting the postfix qmgr daemon, I'd be happy to know how to defeat it. The only thing I haven't tried is deleting my postfix-sendmail backup entirely, but I can't see how any existing code is finding this unless it's checking by inode number, or by some other filename which is hard-linked to the old (postfix) sendmail. I did a find -inum and didn't see any hard links. Unfortunately, ps does not reveal the full path to the executable in this case, and I don't think there is any way to determine what is running. I've run out of ideas! Brian Willoughby Sound Consulting From brianw at sounds.wa.com Fri May 18 11:04:09 2007 From: brianw at sounds.wa.com (Brian Willoughby) Date: Fri May 18 11:45:25 2007 Subject: What is starting the postfix daemon on Server? Message-ID: <8364A67E-FFB2-4998-A597-B9D1762A3EBD@sounds.wa.com> Hi all, Can anyone tell me how to prevent the postfix queue manager daemon from running on Mac OS X Server? I have Mac OS X Server running on an Xserve, but I disabled postfix in Server Admin under "Mail" by unchecking "Enable SMTP" on the "Settings" page. I compiled sendmail, moved postfix aside by renaming /usr/sbin/sendmail as /usr/sbin/postfix-sendmail, and then installed sendmail as /usr/sbin/sendmail ... sendmail seems to be running fine and doing everything I configured it for. However, I still get a few messages delivered by postfix, such as the daily email from calendar (I added a line to /etc/daily.local which runs "/usr/bin/calendar -a" and works rather nicely) /var/log/mail.log shows entries from postfix/qmgr and postfix/pipe, so I'm wondering how these daemons even got started. postfix/qmgr is running as a daemon with the command line "qmgr -l -t fifo -u" - I've even searched /etc/ and /System/Library/StartupItems/ for "qmgr" and "-l -t fifo -u" and can't see anything that might start the daemon. I also searched the text of /usr/bin/calendar for "postfix" to see if it directly calls postfix somehow for delivery. The thing is, I get two emails from calendar, one delivered by sendmail and one delivered by postfix. If anyone has a clue as to what is starting the postfix qmgr daemon, I'd be happy to know how to defeat it. The only thing I haven't tried is deleting my postfix-sendmail backup entirely, but I can't see how any existing code is finding this unless it's checking by inode number, or by some other filename which is hard-linked to the old (postfix) sendmail. I did a find -inum and didn't see any hard links. Unfortunately, ps does not reveal the full path to the executable in this case, and I don't think there is any way to determine what is running. I've run out of ideas! Brian Willoughby Sound Consulting From shoop at iwiring.net Fri May 18 14:38:15 2007 From: shoop at iwiring.net (Dan Shoop) Date: Fri May 18 14:38:29 2007 Subject: routable dual WAN devices? In-Reply-To: <75E864F3-1A3E-4741-9183-3F1A25502097@maccentricsolutions.com> References: <36D4922C-F16A-4497-93CC-9FCD6CB03EBA@maccentricsolutions.com> <75E864F3-1A3E-4741-9183-3F1A25502097@maccentricsolutions.com> Message-ID: At 1:15 PM -0700 5/16/07, Noam Birnbaum wrote: >Ah. Good point. > >So here's a revised scenario: > >One server, two WAN lines -- the 2nd WAN line's IP will be used for >incoming connections to Rumpus. Without a further, network diagram this is rather lacking. How, for instance, are you getting the two WAN "lines" to the server? It's this focus which is critical and you're ignoring. >Ideally, it would be nice to use this 2nd WAN line for failover, too. > >Does that open up routing possibilities? Load balancing of circuits and routing according to the best path are well solved problems. Don't try and invent something. Also, how big of a CIDR block are you getting? Can't you do BGP or something similar? -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 "The wise man doesn't give the right answers, he poses the right questions." -- Claude Levi-Strauss ------------------------------------------------------------------------ iWiring provides systems and networks support for Mac OS X, unix, and Open Source application technologies at affordable rates. From shoop at iwiring.net Fri May 18 14:40:03 2007 From: shoop at iwiring.net (Dan Shoop) Date: Fri May 18 14:40:11 2007 Subject: What is starting the postfix daemon on Server? In-Reply-To: <8364A67E-FFB2-4998-A597-B9D1762A3EBD@sounds.wa.com> References: <8364A67E-FFB2-4998-A597-B9D1762A3EBD@sounds.wa.com> Message-ID: At 11:04 AM -0700 5/18/07, Brian Willoughby wrote: >Hi all, > >Can anyone tell me how to prevent the postfix queue manager daemon >from running on Mac OS X Server? Yes, don't run it. Seriously. While you may disable it's launching, what's to prevent it from being invoked? >However, I still get a few messages delivered by postfix, such as >the daily email from calendar Which probably invoke it. >If anyone has a clue as to what is starting the postfix qmgr daemon, >I'd be happy to know how to defeat it. remove it or disable access to it via ACLs, POSIX permissions or ownership, ... -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 "The wise man doesn't give the right answers, he poses the right questions." -- Claude Levi-Strauss ------------------------------------------------------------------------ iWiring provides systems and networks support for Mac OS X, unix, and Open Source application technologies at affordable rates. From jmaymailing at pointinspace.com Fri May 18 17:06:34 2007 From: jmaymailing at pointinspace.com (John May) Date: Fri May 18 18:06:59 2007 Subject: [OT] OS 9 Network Interface Failover? Message-ID: Does anyone know of any way to do network interface failover in OS 9? Thanks! - John -- ------------------------------------------------------------------- John May : President Point In Space Internet Solutions jmay@pointinspace.com Professional FileMaker Pro, MySQL, Lasso & PHP Hosting From noam at maccentricsolutions.com Wed May 16 13:15:44 2007 From: noam at maccentricsolutions.com (Noam Birnbaum) Date: Sat May 19 14:19:49 2007 Subject: routable dual WAN devices? In-Reply-To: References: <36D4922C-F16A-4497-93CC-9FCD6CB03EBA@maccentricsolutions.com> Message-ID: <75E864F3-1A3E-4741-9183-3F1A25502097@maccentricsolutions.com> Ah. Good point. So here's a revised scenario: One server, two WAN lines -- the 2nd WAN line's IP will be used for incoming connections to Rumpus. Ideally, it would be nice to use this 2nd WAN line for failover, too. Does that open up routing possibilities? Thanks! noam Noam Birnbaum http://maccentricsolutions.com/ 510.332.3828 (cell) 877.luv.macs x89 (main) On May 16, 2007, at 1:10 PM, Dan Shoop wrote: > At 12:16 PM -0700 5/16/07, Noam Birnbaum wrote: >> Hey all, >> >> We have a client who will be running Rumpus on their server, using >> the HTTP interface, not FTP. This would work great, except their >> upload speeds are too slow for their clients downloads. >> >> We're looking for a router that support dual routable WAN >> interfaces -- not just for load balancing or failover. For >> example, we could route all outgoing http/port 80 and ftp traffic >> through a dedicated upload service, and route incoming traffic >> through the other. > > Um... that would break IP. > > You can't have requests going to one IP address and getting > returned from another. > -- > > -dhan > > ---------------------------------------------------------------------- > -- > Dan Shoop AIM: > iWiring > Systems & Networks Architect http:// > www.ustsvs.com/ > shoop@iwiring.net http:// > www.iwiring.net/ > 1-714-363-1174 > > "The wise man doesn't give the right answers, he poses the right > questions." -- Claude Levi-Strauss > > ---------------------------------------------------------------------- > -- > > iWiring provides systems and networks support for Mac OS X, unix, and > Open Source application technologies at affordable rates. > From shoop at iwiring.net Sat May 19 16:57:02 2007 From: shoop at iwiring.net (Dan Shoop) Date: Sat May 19 16:57:12 2007 Subject: [OT] OS 9 Network Interface Failover? In-Reply-To: References: Message-ID: At 8:06 PM -0400 5/18/07, John May wrote: >Does anyone know of any way to do network interface failover in OS 9? It would first have to support dual NIs. I believe that IPNetRouter might have done this. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 "The wise man doesn't give the right answers, he poses the right questions." -- Claude Levi-Strauss ------------------------------------------------------------------------ iWiring provides systems and networks support for Mac OS X, unix, and Open Source application technologies at affordable rates. From donkergroen at mac.com Mon May 21 23:13:08 2007 From: donkergroen at mac.com (Donkergroen bvba) Date: Mon May 21 23:13:18 2007 Subject: problem double-clicking shell scripts Message-ID: <38518619-8276-4C78-842D-0528086751BA@mac.com> I wrote a few shell scripts that do some stuff for me , that I keep in the finder sidebar. All off a sudden clicking them no longer works. I get the popup : "There is no default application specified to open the document "testScript" The script also lost its icon in the finder. ( the little terminal with exec ) All commands in /usr/bin also lost this icon. ( except for links in / usr/bin ) This is the same for another user. The only thing I have been doing is installing some software with the darwin port command. I have no idea how to fix this. ( googling didn't help ) Any ideas where to look ? Dirk From paul at subsignal.org Tue May 22 06:06:42 2007 From: paul at subsignal.org (paul) Date: Tue May 22 06:07:19 2007 Subject: changing opendirectory passwords Message-ID: Hi folks, we have a "Tiger" server for smb/afp fileserving and a few protected webpages authenticating off of open directory without client management. IOW, the clients (using mac,win and linux) are not in a "domain" context. I wonder how clients can change their passwords? The password is of type "open directory". I have tried changing the password with ldappasswd which does a ldap extended operation to change the userPassword field in open directory. The downside is, none of the passwords in password server are changed this way (in fact, using "open directory" passwords, you don't have a password in userPassword in the first place). Ideally the password change would update password server AND the opendirectory userPassword field. Any ideas? thanks Paul From shoop at iwiring.net Tue May 22 13:29:10 2007 From: shoop at iwiring.net (Dan Shoop) Date: Tue May 22 13:29:35 2007 Subject: problem double-clicking shell scripts In-Reply-To: <38518619-8276-4C78-842D-0528086751BA@mac.com> References: <38518619-8276-4C78-842D-0528086751BA@mac.com> Message-ID: At 8:13 AM +0200 5/22/07, Donkergroen bvba wrote: >I wrote a few shell scripts that do some stuff for me , that I keep >in the finder sidebar. >All off a sudden clicking them no longer works. I get the popup : >"There is no default >application specified to open the document "testScript" are they named something like myscript.sh? What application is defined for that type of file? (That will be the answer to your question.) >The script also lost its icon in the finder. Prolly for the same reason. >All commands in /usr/bin also lost this icon. ( except for links in /usr/bin ) >This is the same for another user. I'd expect this, yes, based on what you've described. >The only thing I have been doing is installing some software with >the darwin port command. > >I have no idea how to fix this. ( googling didn't help ) give them a useful extension (rather than none, or whatever it is which has obviously been reset) and define it? -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 From scott_ribe at killerbytes.com Tue May 22 13:46:15 2007 From: scott_ribe at killerbytes.com (Scott Ribe) Date: Tue May 22 13:47:02 2007 Subject: problem double-clicking shell scripts In-Reply-To: Message-ID: >> I have no idea how to fix this. ( googling didn't help ) > > give them a useful extension (rather than none, or whatever it is > which has obviously been reset) and define it? Shouldn't it be .command? -- Scott Ribe scott_ribe@killerbytes.com http://www.killerbytes.com/ (303) 722-0567 voice From kremels at kreme.com Tue May 22 16:11:25 2007 From: kremels at kreme.com (LuKreme) Date: Tue May 22 16:11:38 2007 Subject: problem double-clicking shell scripts In-Reply-To: References: Message-ID: <2692A6AB-0C0B-4611-809A-784A582B01D9@kreme.com> On 22-May-2007, at 14:46, Scott Ribe wrote: >>> I have no idea how to fix this. ( googling didn't help ) >> >> give them a useful extension (rather than none, or whatever it is >> which has obviously been reset) and define it? > > Shouldn't it be .command? .sh is shorter -- I do believe Marsellus Wallace, my husband, your boss, told you to take *me* out and do *whatever I wanted*. Now I wanna dance, I wanna win. I want that trophy, so dance good. From scott_ribe at killerbytes.com Tue May 22 17:08:57 2007 From: scott_ribe at killerbytes.com (Scott Ribe) Date: Tue May 22 17:09:48 2007 Subject: problem double-clicking shell scripts In-Reply-To: <2692A6AB-0C0B-4611-809A-784A582B01D9@kreme.com> Message-ID: >> Shouldn't it be .command? > > .sh is shorter Yes, but .command is known to the Finder to mean it's an executable that should be run when double-clicked. By default on OS X client, double-clicking a .sh file opens it in TextEdit. Any other behavior from double-clicking a .sh file means that either the file has type/creator info, or some other option has been set up in Launch Services db either via Get Info's "Open with" option, or some installer, or some application's bundle claiming ownership, etc... -- Scott Ribe scott_ribe@killerbytes.com http://www.killerbytes.com/ (303) 722-0567 voice From shawnce at gmail.com Tue May 22 19:27:35 2007 From: shawnce at gmail.com (Shawn Erickson) Date: Tue May 22 19:27:44 2007 Subject: problem double-clicking shell scripts In-Reply-To: References: Message-ID: On 5/22/07, Scott Ribe wrote: > >> I have no idea how to fix this. ( googling didn't help ) > > > > give them a useful extension (rather than none, or whatever it is > > which has obviously been reset) and define it? > > Shouldn't it be .command? Another option is to create an application bundle (you could even then give an icon)... SomeName.app/Contents/MacOS/SomeName << script in this file -Shawn From kremels at kreme.com Tue May 22 19:47:27 2007 From: kremels at kreme.com (LuKreme) Date: Tue May 22 19:47:39 2007 Subject: problem double-clicking shell scripts In-Reply-To: References: Message-ID: <4D3C2620-5C6D-49BD-9E4B-7D747DEF9FBD@kreme.com> On 22-May-2007, at 18:08, Scott Ribe wrote: >>> Shouldn't it be .command? >> .sh is shorter > > Yes, but .command is known to the Finder to mean it's an executable > that > should be run when double-clicked. Only if the file is actually marked as executable. creating a .sh and marking it to 'open with terminal' then "Change All..." is a one time price to pay, and I'm not even sure you have to do that. What happens if you make a .sh file, mark it as executable, and double click it? I mean, I know on my machine it runs in terminal, but who knows how long ago I might have set that up, if I did. I think I did, but if I recall correctly, it was because I installed SubEtha Edit and it took over the .sh extension... > By default on OS X client, double-clicking a .sh file opens it in > TextEdit. > Any other behavior from double-clicking a .sh file means that > either the > file has type/creator info, or some other option has been set up in > Launch > Services db either via Get Info's "Open with" option, or some > installer, or > some application's bundle claiming ownership, etc... .sh is still shorter, although to be fair, I usually use no extension. A no extension script file with the executable bit set opens in terminal and executes, as it should. -- Behind every great man there's a woman with a vibrator -- Hawkeye Pierce From scott_ribe at killerbytes.com Tue May 22 20:19:13 2007 From: scott_ribe at killerbytes.com (Scott Ribe) Date: Tue May 22 20:19:58 2007 Subject: problem double-clicking shell scripts In-Reply-To: <4D3C2620-5C6D-49BD-9E4B-7D747DEF9FBD@kreme.com> Message-ID: > What > happens if you make a .sh file, mark it as executable, and double > click it? It opens in TextEdit; I guess I should stated that in my last reply--executable bit makes no difference to the default action. -- Scott Ribe scott_ribe@killerbytes.com http://www.killerbytes.com/ (303) 722-0567 voice From donkergroen at mac.com Wed May 23 01:19:29 2007 From: donkergroen at mac.com (Donkergroen bvba) Date: Wed May 23 01:19:45 2007 Subject: problem double-clicking shell scripts In-Reply-To: <4D3C2620-5C6D-49BD-9E4B-7D747DEF9FBD@kreme.com> References: <4D3C2620-5C6D-49BD-9E4B-7D747DEF9FBD@kreme.com> Message-ID: <26F88F92-DCE5-46E7-8905-BE3766B6AEBC@mac.com> On 23 May 2007, at 04:47, LuKreme wrote: > A no extension script file with the executable bit set opens in > terminal and executes, as it should. Thats what I want and how it was. But why did it stop working ? Is there some DB or file where this info is stored ? I could put it inside an applescript app, but that wouldn't explain why it stopped working. Although I can't remeber if clicking the script in the sidebar opened a terminal window, if it did it was certainly in the background. Dirk From shoop at iwiring.net Wed May 23 07:57:43 2007 From: shoop at iwiring.net (Dan Shoop) Date: Wed May 23 07:58:05 2007 Subject: problem double-clicking shell scripts In-Reply-To: References: Message-ID: At 7:27 PM -0700 5/22/07, Shawn Erickson wrote: >On 5/22/07, Scott Ribe wrote: >> >> I have no idea how to fix this. ( googling didn't help ) >>> >>> give them a useful extension (rather than none, or whatever it is >>> which has obviously been reset) and define it? >> >>Shouldn't it be .command? > >Another option is to create an application bundle (you could even then >give an icon)... > >SomeName.app/Contents/MacOS/SomeName << script in this file TMTOWTDI -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 From kremels at kreme.com Wed May 23 10:40:54 2007 From: kremels at kreme.com (LuKreme) Date: Wed May 23 10:41:05 2007 Subject: problem double-clicking shell scripts In-Reply-To: References: Message-ID: <872D44D8-F8E0-46A3-8350-A4BD953FC1A4@kreme.com> On 23-May-2007, at 08:57, Dan Shoop wrote: > TMTOWTDI Perl monkey! :) -- Clark's Law: Sufficiently advanced cluelessness is indistinguishable from malice Clark Slaw: Anything that has been severely damaged or destroyed by application of Clark's Law From janos.lobb at yale.edu Wed May 23 12:05:29 2007 From: janos.lobb at yale.edu (=?ISO-8859-1?Q?J=E1nos?=) Date: Wed May 23 12:05:51 2007 Subject: X11 cannot open display saga Message-ID: <808AEEF1-6EDB-4EEB-811C-D6EEADC93DC5@yale.edu> Hi, On my local OSX 10.4.9 machine - 10.84.2.42 - ssh_config and sshd_config contain the X11Forwarding yes settings. The remote machine - 10.48.106.84 - sshd_config also contains X11Forwarding yes. on my local machine I do: bml0042:/Volumes/Home/janos janos$ xhost +10.48.106.84 10.48.106.84 being added to access control list then I do: bml0042:/Volumes/Home/janos janos$ ssh -X root@10.48.106.84 root@10.48.106.84's password: ************************************************************************ ******* * * * * * Welcome to AIX Version 5.3! * * * * * * Please see the README file in /usr/lpp/bos for information pertinent to * * this release of the AIX Operating System. * * * * * ************************************************************************ ******* {[root]elm:/:852}# According to the FAQ the -X or -Y should forward the DISPLAY over to the elm machine. However when I try xclock: {[root]elm:/:853}# xclock Error: Can't open display: {[root]elm:/:854}# What else should be done ? Here are the ssh related env variables from elm after the connection is established: SSH_CONNECTION=10.84.2.42 49582 10.48.106.84 22 SSH_CLIENT=10.84.2.42 49582 22 TERM=xterm-color on my own machine: TERM=xterm-color SHELL=/bin/bash SHLVL=2 DISPLAY=:0.0 What else must be done for xclock to work from the remote elm machine ? Thanks ahead, J?nos P.S. on my on local machine xclock works. From crazydiamond2153 at yahoo.com Wed May 23 20:12:32 2007 From: crazydiamond2153 at yahoo.com (Kenneth Robinson) Date: Wed May 23 20:12:36 2007 Subject: Bonjour over subnets Message-ID: <863392.44465.qm@web38412.mail.mud.yahoo.com> Hi, On my local OSX 10.4.9 machine - 10.84.2.42 - ssh_config and sshd_config contain the X11Forwarding yes settings. The remote machine - 10.48.106.84 - sshd_config also contains X11Forwarding yes. on my local machine I do: bml0042:/Volumes/Home/janos janos$ xhost +10.48.106.84 10.48.106.84 being added to access control list then I do: bml0042:/Volumes/Home/janos janos$ ssh -X root@10.48.106.84 root@10.48.106.84's password: ************************************************************************ ******* --------------------------------- Need Mail bonding? Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users. From shoop at iwiring.net Thu May 24 07:05:46 2007 From: shoop at iwiring.net (Dan Shoop) Date: Thu May 24 07:05:56 2007 Subject: problem double-clicking shell scripts In-Reply-To: <872D44D8-F8E0-46A3-8350-A4BD953FC1A4@kreme.com> References: <872D44D8-F8E0-46A3-8350-A4BD953FC1A4@kreme.com> Message-ID: At 11:40 AM -0600 5/23/07, LuKreme wrote: >On 23-May-2007, at 08:57, Dan Shoop wrote: >>TMTOWTDI > >Perl monkey! > >:) While taken up in part by the perl mongers as a mantra it does in fact pre-date them by a long shot. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 From shoop at iwiring.net Thu May 24 07:06:46 2007 From: shoop at iwiring.net (Dan Shoop) Date: Thu May 24 07:06:55 2007 Subject: Bonjour over subnets In-Reply-To: <863392.44465.qm@web38412.mail.mud.yahoo.com> References: <863392.44465.qm@web38412.mail.mud.yahoo.com> Message-ID: At 8:12 PM -0700 5/23/07, Kenneth Robinson wrote: >Hi, > >On my local OSX 10.4.9 machine - 10.84.2.42 - ssh_config and >sshd_config contain the X11Forwarding yes settings. > >The remote machine - 10.48.106.84 - sshd_config also contains >X11Forwarding yes. > >on my local machine I do: > >bml0042:/Volumes/Home/janos janos$ xhost +10.48.106.84 >10.48.106.84 being added to access control list > >then I do: > >bml0042:/Volumes/Home/janos janos$ ssh -X root@10.48.106.84 >root@10.48.106.84's password: >************************************************************************ >******* How is this Bonjour? -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 From bsilver at chrononomicon.com Thu May 24 07:14:13 2007 From: bsilver at chrononomicon.com (Bart Silverstrim) Date: Thu May 24 07:14:19 2007 Subject: Bonjour over subnets In-Reply-To: References: <863392.44465.qm@web38412.mail.mud.yahoo.com> Message-ID: <46559DB5.4000005@chrononomicon.com> Dan Shoop wrote: > At 8:12 PM -0700 5/23/07, Kenneth Robinson wrote: >> Hi, >> >> On my local OSX 10.4.9 machine - 10.84.2.42 - ssh_config and >> sshd_config contain the X11Forwarding yes settings. >> >> The remote machine - 10.48.106.84 - sshd_config also contains >> X11Forwarding yes. >> >> on my local machine I do: >> >> bml0042:/Volumes/Home/janos janos$ xhost +10.48.106.84 >> 10.48.106.84 being added to access control list >> >> then I do: >> >> bml0042:/Volumes/Home/janos janos$ ssh -X root@10.48.106.84 >> root@10.48.106.84's password: >> ************************************************************************ >> ******* > > How is this Bonjour? His machine is saying 'hello' to another computer. Does that count? From jwelch at bynkii.com Thu May 24 07:51:12 2007 From: jwelch at bynkii.com (John C. Welch) Date: Thu May 24 07:51:23 2007 Subject: Bonjour over subnets In-Reply-To: <46559DB5.4000005@chrononomicon.com> Message-ID: On 5/24/07 09:14, "Bart Silverstrim" wrote: >>> Hi, >>> >>> On my local OSX 10.4.9 machine - 10.84.2.42 - ssh_config and >>> sshd_config contain the X11Forwarding yes settings. >>> >>> The remote machine - 10.48.106.84 - sshd_config also contains >>> X11Forwarding yes. >>> >>> on my local machine I do: >>> >>> bml0042:/Volumes/Home/janos janos$ xhost +10.48.106.84 >>> 10.48.106.84 being added to access control list >>> >>> then I do: >>> >>> bml0042:/Volumes/Home/janos janos$ ssh -X root@10.48.106.84 >>> root@10.48.106.84's password: >>> ************************************************************************ >>> ******* >> >> How is this Bonjour? > > His machine is saying 'hello' to another computer. Does that count? See, this is why I want them to name it "Achtung!" When you communicate in German, there's no pissing about, you KNOW what's going on :-P -- John C. Welch Writer/Analyst Bynkii.com Mac and other opinions jwelch@bynkii.com From chris.thacker at ucsf.edu Thu May 24 08:56:00 2007 From: chris.thacker at ucsf.edu (Chris Thacker) Date: Thu May 24 08:56:37 2007 Subject: launchd process at user login Message-ID: I'm a little familiar with launchd and would like a script to run any time any user signs into their mac account. I'm using the app Lingon to help me. I've played with it a little and my script runs and works if executed manually but it's not running at user login. $ sudo launchctl start myscript.plist Which Launch Agent or Launch Daemon should I use for this process? Any other attributes that need to be in the .plist file? Thanks! Chris ____________ Chris Thacker Campus Life Services - Information Systems University of California at San Francisco [help desk] 415 502-5511 [direct line] 415 514-3373 Please note new email: chris.thacker@ucsf.edu From chad+macosx at objectwerks.com Thu May 24 09:05:47 2007 From: chad+macosx at objectwerks.com (Chad Leigh -- ObjectWerks Inc) Date: Thu May 24 09:05:43 2007 Subject: Bonjour over subnets In-Reply-To: References: Message-ID: <35D36806-06EB-4CF2-9041-BBB2953D27C5@objectwerks.com> On May 24, 2007, at 8:51 AM, John C. Welch wrote: > On 5/24/07 09:14, "Bart Silverstrim" > wrote: > >>>> Hi, >>>> >>>> On my local OSX 10.4.9 machine - 10.84.2.42 - ssh_config and >>>> sshd_config contain the X11Forwarding yes settings. >>>> >>>> The remote machine - 10.48.106.84 - sshd_config also contains >>>> X11Forwarding yes. >>>> >>>> on my local machine I do: >>>> >>>> bml0042:/Volumes/Home/janos janos$ xhost +10.48.106.84 >>>> 10.48.106.84 being added to access control list >>>> >>>> then I do: >>>> >>>> bml0042:/Volumes/Home/janos janos$ ssh -X root@10.48.106.84 >>>> root@10.48.106.84's password: >>>> ******************************************************************* >>>> ***** >>>> ******* >>> >>> How is this Bonjour? >> >> His machine is saying 'hello' to another computer. Does that count? > > See, this is why I want them to name it "Achtung!" > > When you communicate in German, there's no pissing about, you KNOW > what's > going on :-P A German prof I had for conversational German about 23 years ago explained why French was the language of international diplomacy: "You can say a lot and not mean any of it or say anything" Chad From kurt at shiftmanager.net Thu May 24 11:24:22 2007 From: kurt at shiftmanager.net (Kurt Werle) Date: Thu May 24 11:48:45 2007 Subject: Managine DNS (bind) information for OSX client Message-ID: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> I will soon start managing 2-3 domain's DNS information. I really don't enjoy editing named.conf by hand. I'm considering installing webmin to help deal with this, but thought I'd ask for suggestions for other tools. TIA, Kurt -- kwerle@pobox.com http://www.pobox.com/~kwerle/ Tired of spam? Control your Mailserver (or .forward)? http://tess.sf.net From janos.lobb at yale.edu Thu May 24 12:10:08 2007 From: janos.lobb at yale.edu (=?ISO-8859-1?Q?J=E1nos?=) Date: Thu May 24 12:10:46 2007 Subject: Bonjour over subnets In-Reply-To: <35D36806-06EB-4CF2-9041-BBB2953D27C5@objectwerks.com> References: <35D36806-06EB-4CF2-9041-BBB2953D27C5@objectwerks.com> Message-ID: <312CC65F-2806-4738-A3A2-A76F65356CDA@yale.edu> On May 24, 2007, at 12:05 PM, Chad Leigh -- ObjectWerks Inc wrote: > > On May 24, 2007, at 8:51 AM, John C. Welch wrote: > >> On 5/24/07 09:14, "Bart Silverstrim" >> wrote: >> >>>>> Hi, >>>>> >>>>> On my local OSX 10.4.9 machine - 10.84.2.42 - ssh_config and >>>>> sshd_config contain the X11Forwarding yes settings. >>>>> >>>>> The remote machine - 10.48.106.84 - sshd_config also contains >>>>> X11Forwarding yes. >>>>> >>>>> on my local machine I do: >>>>> >>>>> bml0042:/Volumes/Home/janos janos$ xhost +10.48.106.84 >>>>> 10.48.106.84 being added to access control list >>>>> >>>>> then I do: >>>>> >>>>> bml0042:/Volumes/Home/janos janos$ ssh -X root@10.48.106.84 >>>>> root@10.48.106.84's password: >>>>> ****************************************************************** >>>>> ****** >>>>> ******* >>>> >>>> How is this Bonjour? >>> >>> His machine is saying 'hello' to another computer. Does that count? >> >> See, this is why I want them to name it "Achtung!" >> >> When you communicate in German, there's no pissing about, you KNOW >> what's >> going on :-P > > A German prof I had for conversational German about 23 years ago > explained why French was the language of international diplomacy: > "You can say a lot and not mean any of it or say anything" > Well, as the OP let me remember that my algebra teacher said about "proving by induction": - For a German it true if it is true for i=1, i=2,.... and so on manually up to infinity. - For a Hungarian it is true if its true for i=1, i=2, assume to be true for i=k and prove for i=k+1 - For a French - especially from the Bourbaki group - it is true if it is true for i=1. - For a Russian - it is always true and false at the same time. From brianw at sounds.wa.com Thu May 24 12:28:39 2007 From: brianw at sounds.wa.com (Brian Willoughby) Date: Thu May 24 12:29:19 2007 Subject: Managine DNS (bind) information for OSX client In-Reply-To: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> References: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> Message-ID: Have you purchased Mac OS X Server? Are you serving the DNS information from a Mac OS X Server machine? If so, have you tried using the free Server Admin tool that Apple provides? They do have a GUI for DNS/BIND which seems to work. I quickly outgrew it, due to my hard-headed idea that I wanted to run a locally caching named server, but you might find it to be perfectly usable. But I don't think Server Admin will allow you to manage DNS information served by non-OSX servers. Brian Willoughby Sound Consulting On May 24, 2007, at 11:24, Kurt Werle wrote: I will soon start managing 2-3 domain's DNS information. I really don't enjoy editing named.conf by hand. I'm considering installing webmin to help deal with this, but thought I'd ask for suggestions for other tools. TIA, Kurt From janos.lobb at yale.edu Thu May 24 12:55:32 2007 From: janos.lobb at yale.edu (=?ISO-8859-1?Q?J=E1nos?=) Date: Thu May 24 12:55:41 2007 Subject: X11 cannot open display saga In-Reply-To: <808AEEF1-6EDB-4EEB-811C-D6EEADC93DC5@yale.edu> References: <808AEEF1-6EDB-4EEB-811C-D6EEADC93DC5@yale.edu> Message-ID: <4133E1CB-7F44-4634-9EDC-1F4198C2081E@yale.edu> Additional info: On the remote AIX machine in ssh_config I set: ForwardX11 yes So both on the local machine and the remote machine now in ssh_config: ForwardX11 yes in sshd_config: X11Forwarding yes I still unable to display xclock from the remote machine. On the remote machine there is no DISPLAY env variable. If I connect to another AIX machine and launch xclock there it displays magnificently and I also see in the env there: DISPLAY=localhost:10.0 so for some reason the elm machine does not take the forward. Any good hint ? Thanks ahead, J?nos P.S. Interestingly PC users using Reflection X have no problem running x applications from the elm machine. On May 23, 2007, at 3:05 PM, J?nos wrote: > Hi, > > On my local OSX 10.4.9 machine - 10.84.2.42 - ssh_config and > sshd_config contain the X11Forwarding yes settings. > > The remote machine - 10.48.106.84 - sshd_config also contains > X11Forwarding yes. > > on my local machine I do: > > bml0042:/Volumes/Home/janos janos$ xhost +10.48.106.84 > 10.48.106.84 being added to access control list > > then I do: > > bml0042:/Volumes/Home/janos janos$ ssh -X root@10.48.106.84 > root@10.48.106.84's password: > ********************************************************************** > ********* > * > * > * > * > * Welcome to AIX Version > 5.3! * > * > * > * > * > * Please see the README file in /usr/lpp/bos for information > pertinent to * > * this release of the AIX Operating > System. * > * > * > * > * > ********************************************************************** > ********* > {[root]elm:/:852}# > > According to the FAQ the -X or -Y should forward the DISPLAY over > to the elm machine. However when I try xclock: > > {[root]elm:/:853}# xclock > Error: Can't open display: > {[root]elm:/:854}# > > What else should be done ? > > Here are the ssh related env variables from elm after the > connection is established: > > SSH_CONNECTION=10.84.2.42 49582 10.48.106.84 22 > SSH_CLIENT=10.84.2.42 49582 22 > TERM=xterm-color > > > on my own machine: > TERM=xterm-color > SHELL=/bin/bash > SHLVL=2 > DISPLAY=:0.0 > > > What else must be done for xclock to work from the remote elm > machine ? > > Thanks ahead, > > J?nos > P.S. on my on local machine xclock > works._______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin From kurt at shiftmanager.net Thu May 24 13:03:27 2007 From: kurt at shiftmanager.net (Kurt Werle) Date: Thu May 24 13:03:31 2007 Subject: Managine DNS (bind) information for OSX client In-Reply-To: References: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> Message-ID: <35606.66.236.113.201.1180037007.squirrel@mail.shiftmanager.net> > Have you purchased Mac OS X Server? As per the subject: Managine DNS (bind) information for OSX client > On May 24, 2007, at 11:24, Kurt Werle wrote: > > > I will soon start managing 2-3 domain's DNS information. I really don't > enjoy editing named.conf by hand. I'm considering installing webmin to > help deal with this, but thought I'd ask for suggestions for other tools. > > TIA, > Kurt -- kwerle@pobox.com http://www.pobox.com/~kwerle/ Tired of spam? Control your Mailserver (or .forward)? http://tess.sf.net From kremels at kreme.com Thu May 24 16:56:44 2007 From: kremels at kreme.com (LuKreme) Date: Thu May 24 16:56:54 2007 Subject: Managine DNS (bind) information for OSX client In-Reply-To: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> References: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> Message-ID: On 24-May-2007, at 12:24, Kurt Werle wrote: > I will soon start managing 2-3 domain's DNS information. I really > don't > enjoy editing named.conf by hand. I'm considering installing > webmin to > help deal with this, but thought I'd ask for suggestions for other > tools. No on ENJOYS editing named.conf by hand, but I've never used a tool that really makes any of that much easier. Maybe webmin has really improved in the last 5 years, but when i last used it it was basically just a web portal into the named.conf and domain.tld files. I use bbedit locally and nvi on my servers, usually by doing: cp /etc/namedb/establisheddomain.tld /etc/named/newdomain.tld vi /etc/named/newdomain.tld vi /etc/namedb/named.conf shift-G # end of file yy # yank last line p # put /lastdomain.tld # find whatever domain is on the last line cw # ChangeWord newdomaint.tld # the new domain esc # exit edit mode n # find next occurance of lastdomain.tld . # do again (cw to newdomain.tld) ZZ # Save and exit nvi and then restart named Of course, then I have to go to my secondary DNS and edit named.conf there as well. -- You try to shape the world to what you want the world to be. Carving your name a thousand times won't bring you back to me. Oh no, no I might as well go and tell it to the trees. Go and tell it to the trees, yeah. From jldera at mac.com Fri May 25 07:54:51 2007 From: jldera at mac.com (Jason Deraleau) Date: Fri May 25 07:55:20 2007 Subject: changing opendirectory passwords In-Reply-To: References: Message-ID: On May 22, 2007, at 9:06 AM, paul wrote: > Ideally the password change would update password server AND the > opendirectory userPassword field. Any ideas? Using the passwd command to change the password should make the necessary system calls through DirectoryService to change the password in OD and PasswordServer. -- Jason Deraleau (jldera@mac.com) IT Professional (ACSA, MCSE, Linux+ SME) From jon at holicow.com Fri May 25 07:54:02 2007 From: jon at holicow.com (Jon Nolan) Date: Fri May 25 08:54:18 2007 Subject: Managine DNS (bind) information for OSX client In-Reply-To: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> References: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> Message-ID: <4656F88A.20503@holicow.com> Kurt, We've used QuickDNS for years. Never a problem and good support. http://www.miceandmen.com/solutions/suite Jon Kurt Werle wrote: > I will soon start managing 2-3 domain's DNS information. I really don't > enjoy editing named.conf by hand. I'm considering installing webmin to > help deal with this, but thought I'd ask for suggestions for other tools. > > TIA, > Kurt From paul at subsignal.org Fri May 25 12:21:20 2007 From: paul at subsignal.org (paul) Date: Fri May 25 12:31:47 2007 Subject: changing opendirectory passwords In-Reply-To: References: Message-ID: Jason Deraleau schrieb: > On May 22, 2007, at 9:06 AM, paul wrote: > >> Ideally the password change would update password server AND the >> opendirectory userPassword field. Any ideas? > > Using the passwd command to change the password should make the > necessary system calls through DirectoryService to change the password > in OD and PasswordServer. Thanks, but it doesn't work. With stock OD, i have to make the choice between "crypt" passwords which are stored in the LDAP part and "open directory" passwords. I need both, the former to replicate to our linux servers, the latter for samba/afp on the os X server locally. Guess I'll write my own tool since "passwd" isn't that userfriendly anyway ;) Anyway, thanks for your time and effort. cheers Paul From paul at subsignal.org Sat May 26 02:37:38 2007 From: paul at subsignal.org (paul) Date: Sat May 26 02:43:52 2007 Subject: restrict services by group membership Message-ID: Hi all, I wonder if it is possible to restrict access to a service by group membership; say VPN access to a group "vpnusers". Or is there another way to do this? thanks Paul From finlay.dobbie at gmail.com Sat May 26 05:59:57 2007 From: finlay.dobbie at gmail.com (Finlay Dobbie) Date: Sat May 26 06:00:01 2007 Subject: launchd process at user login In-Reply-To: References: Message-ID: On 24/05/07, Chris Thacker wrote: > I'm a little familiar with launchd and would like a script to run any time > any user signs into their mac account. launchd is not appropriate for this task. You want a "login hook". -- Finlay From jldera at mac.com Sat May 26 06:37:11 2007 From: jldera at mac.com (Jason Deraleau) Date: Sat May 26 06:37:23 2007 Subject: restrict services by group membership In-Reply-To: References: Message-ID: <6C2C12BE-CB0E-4A45-BC86-5A4F2F2C4ACB@mac.com> On May 26, 2007, at 5:37 AM, paul wrote: > I wonder if it is possible to restrict access to a service by group > membership; say VPN access to a group "vpnusers". Or is there > another way to do this? On Mac OS X Server, you can make use of Service ACLs. You'll find them in Server Admin when you select the server's DNS name or IP address from the list. It's on the very last tab of the Settings section. -- Jason Deraleau (jldera@mac.com) IT Professional (ACSA, MCSE, Linux+ SME) From Philip.Moetteli at tele2.ch Sat May 26 06:43:12 2007 From: Philip.Moetteli at tele2.ch (=?ISO-8859-1?Q?Philip_M=F6tteli?=) Date: Sat May 26 07:43:40 2007 Subject: Workgroup Manager and Linux LDAP server: Server Admin SSL and Web-ASIP Message-ID: <5B74ED73-76AE-442D-9326-BA4223ECFA5C@tele2.ch> Hello, I try to migrate the LDAP part of my OpenDirectory server to a Linux box. So far I have finally succeeded in making it run, authenticate as an administrator and changing the values of the LDAP attributes using Apple's Workgroup Manager. Unfortunately, I can't just directly connect to the LDAP server. I always have to connect to an OpenDirectory server and then changing the search path manually to the LDAP server on the Linux box. Which means, that I always need at least one OpenDirectory server available in our LAN, in order to administer the LDAP server. If I try to connect directly, so without the long way round an OpenDirectory server, I see the following error message in the console: /Applications/Server/Workgroup Manager.app/Contents/MacOS/Workgroup Manager: [664] ServerManager session failed in connect(ldapserver, 192.168.1.5,311): 61\n The port number 311 is marked in Server Admin as "Server Admin SSL, also Web-ASIP". I'm afraid, but this is probably something Mac OS X unique? So I can't offer it on a Linux box? And it seems, without that, Workgroup Manager refuses to connect directly? Thanks any help Phil From paul at subsignal.org Sat May 26 08:50:28 2007 From: paul at subsignal.org (paul) Date: Sat May 26 08:50:59 2007 Subject: restrict services by group membership In-Reply-To: <6C2C12BE-CB0E-4A45-BC86-5A4F2F2C4ACB@mac.com> References: <6C2C12BE-CB0E-4A45-BC86-5A4F2F2C4ACB@mac.com> Message-ID: Jason Deraleau schrieb: > On May 26, 2007, at 5:37 AM, paul wrote: > >> I wonder if it is possible to restrict access to a service by group >> membership; say VPN access to a group "vpnusers". Or is there another >> way to do this? > > On Mac OS X Server, you can make use of Service ACLs. You'll find them > in Server Admin when you select the server's DNS name or IP address from > the list. It's on the very last tab of the Settings section. > > > -- > Jason Deraleau (jldera@mac.com) > IT Professional (ACSA, MCSE, Linux+ SME) Great, this was exactly what I was looking for. thanks Paul From shoop at iwiring.net Sat May 26 10:35:21 2007 From: shoop at iwiring.net (Dan Shoop) Date: Sat May 26 10:35:34 2007 Subject: Managine DNS (bind) information for OSX client In-Reply-To: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> References: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> Message-ID: At 11:24 AM -0700 5/24/07, Kurt Werle wrote: >I will soon start managing 2-3 domain's DNS information. I really don't >enjoy editing named.conf by hand. I'm considering installing webmin to >help deal with this, but thought I'd ask for suggestions for other tools. Serious, the best tools for this is your favorite editor. GUI tools do not offer the richness and options that crafting well mannered zone files normally require. This of course also means you need to understand BIND's configuration, how DNS operates, best practices for zone files and why you don't do certain things. The "DNS and BIND" book and "DNS Cookbook" are both pretty much mandatory reading prior to your management of DNS, regardless of how you manage the underlying configuration and zones. However, you should first consider if you should be hosting your DNS. Unless you have a dual-homed WAN network you really don't qualify for hosting your DNS as the specifications call for two DNS servers for your zone on two different networks to assure availability. I'd suggest that if you don't have a dual-homed WAN that you consider using a DNS hosting service company, like dyndns. Most of these services offer excellent wed based GUIs. In many cases you can also implement the hosting company as a DNS slave and you maintain a local DNS master server that you then manage. Remember, even the big enterprises, for example Microsoft, don't host their own DNS, for a wide range of reasons. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 From shoop at iwiring.net Sat May 26 10:38:06 2007 From: shoop at iwiring.net (Dan Shoop) Date: Sat May 26 10:38:21 2007 Subject: Managine DNS (bind) information for OSX client In-Reply-To: References: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> Message-ID: At 5:56 PM -0600 5/24/07, LuKreme wrote: >Of course, then I have to go to my secondary DNS and edit named.conf >there as well. That's why there are masters and slaves. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 From shoop at iwiring.net Sat May 26 10:39:03 2007 From: shoop at iwiring.net (Dan Shoop) Date: Sat May 26 10:39:19 2007 Subject: launchd process at user login In-Reply-To: References: Message-ID: At 1:59 PM +0100 5/26/07, Finlay Dobbie wrote: >On 24/05/07, Chris Thacker wrote: >>I'm a little familiar with launchd and would like a script to run any time >>any user signs into their mac account. > >launchd is not appropriate for this task. You want a "login hook". Note tghis only works if the user logs into a workstation graphically. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 From kremels at kreme.com Sat May 26 11:16:33 2007 From: kremels at kreme.com (LuKreme) Date: Sat May 26 11:16:47 2007 Subject: Managine DNS (bind) information for OSX client In-Reply-To: References: <7796.66.236.113.201.1180031062.squirrel@mail.shiftmanager.net> Message-ID: <70617FA4-F5A4-48A9-B6C1-3C65AA9C2378@kreme.com> On 26-May-2007, at 11:38, Dan Shoop wrote: > At 5:56 PM -0600 5/24/07, LuKreme wrote: >> Of course, then I have to go to my secondary DNS and edit >> named.conf there as well. > > That's why there are masters and slaves. Yes, and you STILL have to edit named.conf on the slave when you add a new domain: zone "newdomain.tld" { type slave; masters {12.34.56.789; }; file "slave/newdomain.tld"; }; -- I know that you believe you understand what you think I said but I am not sure you realize that what you heard is not what I meant. From kremels at kreme.com Sat May 26 11:17:28 2007 From: kremels at kreme.com (LuKreme) Date: Sat May 26 11:17:44 2007 Subject: launchd process at user login In-Reply-To: References: Message-ID: <3D050553-3127-4AFE-8292-B77D435381B8@kreme.com> On 26-May-2007, at 06:59, Finlay Dobbie wrote: > On 24/05/07, Chris Thacker wrote: >> I'm a little familiar with launchd and would like a script to run >> any time >> any user signs into their mac account. > > launchd is not appropriate for this task. Say what? Why wouldn't it be? -- Why live in the world when you can live in your head? From finlay.dobbie at gmail.com Sat May 26 11:34:50 2007 From: finlay.dobbie at gmail.com (Finlay Dobbie) Date: Sat May 26 11:34:54 2007 Subject: launchd process at user login In-Reply-To: <3D050553-3127-4AFE-8292-B77D435381B8@kreme.com> References: <3D050553-3127-4AFE-8292-B77D435381B8@kreme.com> Message-ID: On 26/05/07, LuKreme wrote: > On 26-May-2007, at 06:59, Finlay Dobbie wrote: > > launchd is not appropriate for this task. > > Say what? Why wouldn't it be? Dave Zarzycki put it best: > I'm terribly sorry to report that LaunchAgents are for all practical > purposes, busted in Tiger. I'd advise against using them until Leopard. > Sorry. -- Finlay From zpamaral at gmail.com Sat May 26 14:23:39 2007 From: zpamaral at gmail.com (=?ISO-8859-1?Q?Jos=E9_Pedro_Sousa_do_Amaral?=) Date: Sat May 26 14:23:52 2007 Subject: Command line sound recorder for Mac OS X Message-ID: Hi, I am looking for a program that could be activated as a cron job to record sounds at given intervals. I am trying to plan a recording station out of an Apple TV. The sole function of the device would be to record a few minutes of sound with certain periodicities. Today, I dabbled a bit with sox. I compiled liboss, audiofile, esound, and sox but could not get sox to record. Do you have any suggestions? I confess that I would prefer not to use AppleScript. Thank you for your help. Cordially, ZP -- Jos? Pedro Sousa do Amaral By the yard, life is hard. By the inch, it's a cinch. From janssen at parc.com Sat May 26 14:39:03 2007 From: janssen at parc.com (Bill Janssen) Date: Sat May 26 14:47:13 2007 Subject: mounting NFS remote volumes on boot-up? Message-ID: <07May26.143908pdt."57996"@synergy1.parc.xerox.com> I'd like to mount some remote NFS volumes automatically on boot, but /etc/fstab.hd now has a scary warning in it... What's the modern way to go about this on OS X 10.4.9? Bill From fm-lists at st-kilda.org Sat May 26 15:04:01 2007 From: fm-lists at st-kilda.org (Fearghas McKay) Date: Sat May 26 15:19:57 2007 Subject: Command line sound recorder for Mac OS X In-Reply-To: References: Message-ID: On 26 May 2007, at 23:23, Jos? Pedro Sousa do Amaral wrote: > Hi, > I am looking for a program that could be activated as a cron job to > record sounds at given intervals. I am trying to plan a recording > station out of an Apple TV. The sole function of the device would > be to record a few minutes of sound with certain periodicities. > > Today, I dabbled a bit with sox. I compiled liboss, audiofile, > esound, and sox but could not get sox to record. > > Do you have any suggestions? I confess that I would prefer not to > use AppleScript. Sounds like a case for Rogue Amoeba's Audio Hijack Pro - it will mean using the GUI, but it does what you want out of the box. http://rogueamoeba.com/audiohijackpro/ There is a lite version as well that is half the price. f From nad at acm.org Sat May 26 15:26:47 2007 From: nad at acm.org (Ned Deily) Date: Sat May 26 15:27:07 2007 Subject: mounting NFS remote volumes on boot-up? References: <07May26.143908pdt."57996"@synergy1.parc.xerox.com> Message-ID: In article <07May26.143908pdt."57996"@synergy1.parc.xerox.com>, Bill Janssen wrote: > I'd like to mount some remote NFS volumes automatically on boot, but > /etc/fstab.hd now has a scary warning in it... What's the modern way > to go about this on OS X 10.4.9? Not exactly "modern" but one way is to create mount entries in your local netinfo domain, using Netinfo Manager.app or from the command line with "nicl" or "niload". The nfs volumes will then be automounted as needed. There are various ways to do this. See, for example: http://mactechnotes.blogspot.com/2005/08/mac-os-x-as-nfs-client_31.html I use something similar to the suggestion in the comments near the bottom of the page, that is using the "net" opts flag which causes the mount points to be automatically created under /Network/Servers/. The usual warnings about using caution when mucking around with netinfo apply. -- Ned Deily, nad@acm.org From kremels at kreme.com Sat May 26 15:27:02 2007 From: kremels at kreme.com (LuKreme) Date: Sat May 26 15:27:16 2007 Subject: mounting NFS remote volumes on boot-up? In-Reply-To: <07May26.143908pdt."57996"@synergy1.parc.xerox.com> References: <07May26.143908pdt."57996"@synergy1.parc.xerox.com> Message-ID: <3BFD467A-9448-4E63-87F3-5E7C0E25D7C3@kreme.com> On 26-May-2007, at 15:39, Bill Janssen wrote: > I'd like to mount some remote NFS volumes automatically on boot, but > /etc/fstab.hd now has a scary warning in it... What's the modern way > to go about this on OS X 10.4.9? Mount the share and then drag it to you Login Items. It's how I mount my SMB share on login. -- "I don't care how much melanin you have in your skin nor who you sleep with, you can't have my cheese." From daniel at highdesertchurch.com Sat May 26 15:46:13 2007 From: daniel at highdesertchurch.com (Daniel Hazelbaker) Date: Sat May 26 15:47:04 2007 Subject: Command line sound recorder for Mac OS X In-Reply-To: References: Message-ID: <9CA3D433-B481-4EFE-8A99-380135CEFAEE@highdesertchurch.com> I was able to accomplish the same thing (see reference to CLI Recording on this list about 2 months ago) using JackOSX and a program called jack_capture. It is a command line utility for recording from Jack that compiles under OSX. I use crontab's to schedule recordings from our sound board during programs. The only thing I had to change on jack_capture is I commented out the call to portnames_add_defaults() on line 826. Daniel On May 26, 2007, at 2:23 PM, Jos? Pedro Sousa do Amaral wrote: > Hi, > I am looking for a program that could be activated as a cron job to > record sounds at given intervals. I am trying to plan a recording > station out of an Apple TV. The sole function of the device would > be to record a few minutes of sound with certain periodicities. > > Today, I dabbled a bit with sox. I compiled liboss, audiofile, > esound, and sox but could not get sox to record. > > Do you have any suggestions? I confess that I would prefer not to > use AppleScript. > > Thank you for your help. > > Cordially, > ZP > -- > Jos? Pedro Sousa do Amaral > > By the yard, life is hard. > By the inch, it's a cinch. > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin From paul at subsignal.org Mon May 28 09:24:17 2007 From: paul at subsignal.org (paul) Date: Mon May 28 09:24:44 2007 Subject: Workgroup Manager and Linux LDAP server: Server Admin SSL and Web-ASIP In-Reply-To: <5B74ED73-76AE-442D-9326-BA4223ECFA5C@tele2.ch> References: <5B74ED73-76AE-442D-9326-BA4223ECFA5C@tele2.ch> Message-ID: Philip M?tteli schrieb: > If I try to connect directly, so without the long way round an > OpenDirectory server, I see the following error message in the console: > > /Applications/Server/Workgroup Manager.app/Contents/MacOS/Workgroup > Manager: [664] ServerManager session failed in > connect(ldapserver,192.168.1.5,311): 61\n > > > The port number 311 is marked in Server Admin as "Server Admin SSL, also > Web-ASIP". I'm afraid, but this is probably something Mac OS X unique? > So I can't offer it on a Linux box? And it seems, without that, > Workgroup Manager refuses to connect directly? Apple says it's https, you can change this to http (port 687) by disabling "secure connection" in Server Admin use a network sniffer and reverse engineer the protocol ;) cheers Paul BTW: I'm interested in your experience about OS X/Linux integration, I'm currently evaluating LDAP replication and having password information available on our linux servers (OpenDirectory as the main datasource). It's not fun. From janssen at parc.com Mon May 28 16:28:55 2007 From: janssen at parc.com (Bill Janssen) Date: Mon May 28 16:29:40 2007 Subject: mounting NFS remote volumes on boot-up? In-Reply-To: <3BFD467A-9448-4E63-87F3-5E7C0E25D7C3@kreme.com> References: <07May26.143908pdt."57996"@synergy1.parc.xerox.com> <3BFD467A-9448-4E63-87F3-5E7C0E25D7C3@kreme.com> Message-ID: <07May28.162903pdt."57996"@synergy1.parc.xerox.com> Thanks, that's how I mount my home directory, but these I want mounted on boot, regardless of who's logged in (they're used by some cron jobs). I suppose I could just add a system @reboot cron job to do the mount. Bill > On 26-May-2007, at 15:39, Bill Janssen wrote: > > I'd like to mount some remote NFS volumes automatically on boot, but > > /etc/fstab.hd now has a scary warning in it... What's the modern way > > to go about this on OS X 10.4.9? > > Mount the share and then drag it to you Login Items. It's how I > mount my SMB share on login. From brendan.mahony at dsto.defence.gov.au Mon May 28 16:42:43 2007 From: brendan.mahony at dsto.defence.gov.au (Dr. Brendan Patrick Mahony) Date: Mon May 28 16:49:25 2007 Subject: mounting NFS remote volumes on boot-up? In-Reply-To: <07May28.162903pdt."57996"@synergy1.parc.xerox.com> References: <07May26.143908pdt."57996"@synergy1.parc.xerox.com> <3BFD467A-9448-4E63-87F3-5E7C0E25D7C3@kreme.com> <07May28.162903pdt."57996"@synergy1.parc.xerox.com> Message-ID: If you want to static mount the file system you can use Netinfo Manager or niload at the command line. eg sudo niload -r /mounts / < ni_mounts where ni_mounts is a file of the form: { "name" = ( "mounts" ); CHILDREN = ( { "name" = ( "server:/the/path/to/folder1" ); "dir" = ( "/Network/Servers" ); "opts" = ( "net" ); "vfstype" = ( "nfs" ); }, { "name" = ( "server:/the/path/to/folder2" ); "dir" = ( "/Network/Servers" ); "opts" = ( "net" ); "vfstype" = ( "afp" ); } ) } Apparently Netinfo is on the way out though. On 29/05/2007, at 8:58 AM, Bill Janssen wrote: > Thanks, that's how I mount my home directory, but these I want mounted > on boot, regardless of who's logged in (they're used by some cron > jobs). I suppose I could just add a system @reboot cron job to do the > mount. IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email. From kremels at kreme.com Mon May 28 19:59:11 2007 From: kremels at kreme.com (LuKreme) Date: Mon May 28 20:00:18 2007 Subject: mounting NFS remote volumes on boot-up? In-Reply-To: <07May28.162903pdt."57996"@synergy1.parc.xerox.com> References: <07May26.143908pdt."57996"@synergy1.parc.xerox.com> <3BFD467A-9448-4E63-87F3-5E7C0E25D7C3@kreme.com> <07May28.162903pdt."57996"@synergy1.parc.xerox.com> Message-ID: On 28-May-2007, at 17:28, Bill Janssen wrote: > I suppose I could just add a system @reboot cron job to do the mount. You COULD, but you might find, as I did, the @reboot in root's cron job doesn't seem to work, or at least not consistently. -- I leave symbols to the symbol-minded - George Carlin From rpeskin at rlpcon.com Tue May 29 08:15:48 2007 From: rpeskin at rlpcon.com (Richard Peskin) Date: Tue May 29 08:26:18 2007 Subject: Directory access limit question Message-ID: I have encountered a server where user directory access is limited in the following sense. Instead of "/" referring to the actual root directory, "/" refers to the user's home directory. That is, when the user accesses (for example) "/somedir", "somedir" is a directory found at the top level of the user's home directory, not a directory found under the real root. How can one set up this sort of thing? thanks, --dick peskin ____________________________________ Richard L. Peskin, RLP Consulting, Londonderry, VT http://www.rlpcon.com http://www.caip.rutgers.edu/~peskin From finlay.dobbie at gmail.com Tue May 29 08:47:03 2007 From: finlay.dobbie at gmail.com (Finlay Dobbie) Date: Tue May 29 08:47:12 2007 Subject: Directory access limit question In-Reply-To: References: Message-ID: What kind of server? This is called a chroot, and you can't do it on OS X in general. On 29/05/07, Richard Peskin wrote: > I have encountered a server where user directory access is limited in > the following sense. Instead of "/" referring to the actual root > directory, "/" refers to the user's home directory. That is, when the > user accesses (for example) "/somedir", "somedir" is a directory > found at the top level of the user's home directory, not a directory > found under the real root. > > How can one set up this sort of thing? > > thanks, > --dick peskin > > > > > > ____________________________________ > Richard L. Peskin, RLP Consulting, Londonderry, VT > http://www.rlpcon.com > http://www.caip.rutgers.edu/~peskin > > > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From jwelch at bynkii.com Tue May 29 08:58:26 2007 From: jwelch at bynkii.com (John C. Welch) Date: Tue May 29 08:58:46 2007 Subject: Directory access limit question In-Reply-To: Message-ID: On 5/29/07 10:15, "Richard Peskin" wrote: > I have encountered a server where user directory access is limited in > the following sense. Instead of "/" referring to the actual root > directory, "/" refers to the user's home directory. That is, when the > user accesses (for example) "/somedir", "somedir" is a directory > found at the top level of the user's home directory, not a directory > found under the real root. Under what protocol? Doing this, ("chroot") with things like AFP/SMB/FTP is trivial. With SSH, not so much. What kind of access are you specifically talking about? -- John C. Welch Writer/Analyst Bynkii.com Mac and other opinions jwelch@bynkii.com From rpeskin at rlpcon.com Tue May 29 09:44:49 2007 From: rpeskin at rlpcon.com (Richard Peskin) Date: Tue May 29 09:45:02 2007 Subject: Directory access limit question In-Reply-To: References: Message-ID: <55E6BFC4-7D00-42EA-A673-DEC4B5760DA5@rlpcon.com> It was some ISP server and I don't know the OS. My interest would have been to do this under OS X (or OS X server). --dick peskin On May 29, 2007, at 11:47 AM, Finlay Dobbie wrote: > What kind of server? This is called a chroot, and you can't do it on > OS X in general. > > On 29/05/07, Richard Peskin wrote: >> I have encountered a server where user directory access is limited in >> the following sense. Instead of "/" referring to the actual root >> directory, "/" refers to the user's home directory. That is, when the >> user accesses (for example) "/somedir", "somedir" is a directory >> found at the top level of the user's home directory, not a directory >> found under the real root. >> >> How can one set up this sort of thing? >> >> thanks, >> --dick peskin >> >> >> >> >> >> ____________________________________ >> Richard L. Peskin, RLP Consulting, Londonderry, VT >> http://www.rlpcon.com >> http://www.caip.rutgers.edu/~peskin >> >> >> >> _______________________________________________ >> MacOSX-admin mailing list >> MacOSX-admin@omnigroup.com >> http://www.omnigroup.com/mailman/listinfo/macosx-admin >> > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > ____________________________________ Richard L. Peskin, RLP Consulting, Londonderry, VT http://www.rlpcon.com http://www.caip.rutgers.edu/~peskin From finlay.dobbie at gmail.com Tue May 29 09:50:00 2007 From: finlay.dobbie at gmail.com (Finlay Dobbie) Date: Tue May 29 09:50:09 2007 Subject: Directory access limit question In-Reply-To: <55E6BFC4-7D00-42EA-A673-DEC4B5760DA5@rlpcon.com> References: <55E6BFC4-7D00-42EA-A673-DEC4B5760DA5@rlpcon.com> Message-ID: FTP, SFTP, logging in to the Desktop, what? -- Finlay On 29/05/07, Richard Peskin wrote: > It was some ISP server and I don't know the OS. My interest would > have been to do this under OS X (or OS X server). > --dick peskin > On May 29, 2007, at 11:47 AM, Finlay Dobbie wrote: > > > What kind of server? This is called a chroot, and you can't do it on > > OS X in general. > > > > On 29/05/07, Richard Peskin wrote: > >> I have encountered a server where user directory access is limited in > >> the following sense. Instead of "/" referring to the actual root > >> directory, "/" refers to the user's home directory. That is, when the > >> user accesses (for example) "/somedir", "somedir" is a directory > >> found at the top level of the user's home directory, not a directory > >> found under the real root. > >> > >> How can one set up this sort of thing? > >> > >> thanks, > >> --dick peskin > >> > >> > >> > >> > >> > >> ____________________________________ > >> Richard L. Peskin, RLP Consulting, Londonderry, VT > >> http://www.rlpcon.com > >> http://www.caip.rutgers.edu/~peskin > >> > >> > >> > >> _______________________________________________ > >> MacOSX-admin mailing list > >> MacOSX-admin@omnigroup.com > >> http://www.omnigroup.com/mailman/listinfo/macosx-admin > >> > > _______________________________________________ > > MacOSX-admin mailing list > > MacOSX-admin@omnigroup.com > > http://www.omnigroup.com/mailman/listinfo/macosx-admin > > > > > > > > > ____________________________________ > Richard L. Peskin, RLP Consulting, Londonderry, VT > http://www.rlpcon.com > http://www.caip.rutgers.edu/~peskin > > > > _______________________________________________ > MacOSX-admin mailing list > MacOSX-admin@omnigroup.com > http://www.omnigroup.com/mailman/listinfo/macosx-admin > From janssen at parc.com Tue May 29 11:38:15 2007 From: janssen at parc.com (Bill Janssen) Date: Tue May 29 11:38:53 2007 Subject: mounting NFS remote volumes on boot-up? In-Reply-To: References: <07May26.143908pdt."57996"@synergy1.parc.xerox.com> <3BFD467A-9448-4E63-87F3-5E7C0E25D7C3@kreme.com> <07May28.162903pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07May29.113824pdt."57996"@synergy1.parc.xerox.com> Ned, Brendan, Thanks, I'll try that. Bill Ned Deily wrote: > Not exactly "modern" but one way is to create mount entries in your > local netinfo domain, using Netinfo Manager.app or from the command line > with "nicl" or "niload". The nfs volumes will then be automounted as > needed. There are various ways to do this. See, for example: > > http://mactechnotes.blogspot.com/2005/08/mac-os-x-as-nfs-client_31.html > > I use something similar to the suggestion in the comments near the > bottom of the page, that is using the "net" opts flag which causes the > mount points to be automatically created under /Network/Servers/. > > The usual warnings about using caution when mucking around with netinfo > apply. Brendan Mahoney wrote: > If you want to static mount the file system you can use Netinfo > Manager or niload at the command line. > > eg > sudo niload -r /mounts / < ni_mounts > > where ni_mounts is a file of the form: > > { > "name" = ( "mounts" ); > CHILDREN = ( > { > "name" = ( "server:/the/path/to/folder1" ); > "dir" = ( "/Network/Servers" ); > "opts" = ( "net" ); > "vfstype" = ( "nfs" ); > }, > { > "name" = ( "server:/the/path/to/folder2" ); > "dir" = ( "/Network/Servers" ); > "opts" = ( "net" ); > "vfstype" = ( "afp" ); > } > ) > } From shoop at iwiring.net Tue May 29 13:59:43 2007 From: shoop at iwiring.net (Dan Shoop) Date: Tue May 29 14:00:04 2007 Subject: Directory access limit question In-Reply-To: References: Message-ID: At 11:15 AM -0400 5/29/07, Richard Peskin wrote: >I have encountered a server where user directory access is limited >in the following sense. Instead of "/" referring to the actual root >directory, "/" refers to the user's home directory. That is, when >the user accesses (for example) "/somedir", "somedir" is a >directory found at the top level of the user's home directory, not a >directory found under the real root. It's called a chroot or a basedir, depending on the particulars. >How can one set up this sort of thing? Depends on what service(s) we're talking about. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 From shoop at iwiring.net Tue May 29 14:01:38 2007 From: shoop at iwiring.net (Dan Shoop) Date: Tue May 29 14:01:57 2007 Subject: Directory access limit question In-Reply-To: References: Message-ID: At 10:58 AM -0500 5/29/07, John C. Welch wrote: >On 5/29/07 10:15, "Richard Peskin" wrote: > >> I have encountered a server where user directory access is limited in >> the following sense. Instead of "/" referring to the actual root >> directory, "/" refers to the user's home directory. That is, when the >> user accesses (for example) "/somedir", "somedir" is a directory >> found at the top level of the user's home directory, not a directory >> found under the real root. > >Under what protocol? Doing this, ("chroot") with things like AFP/SMB/FTP is >trivial. With SSH, not so much. What kind of access are you specifically >talking about? Many things, like PHP, have concepts of basedir's, which aren't exactly chroots but do have a similar effect. / will refer to the root of the base, while there isn't actually a whole separate chroot'ed environment. -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 From shoop at iwiring.net Tue May 29 14:02:49 2007 From: shoop at iwiring.net (Dan Shoop) Date: Tue May 29 14:03:08 2007 Subject: Directory access limit question In-Reply-To: <55E6BFC4-7D00-42EA-A673-DEC4B5760DA5@rlpcon.com> References: <55E6BFC4-7D00-42EA-A673-DEC4B5760DA5@rlpcon.com> Message-ID: At 12:44 PM -0400 5/29/07, Richard Peskin wrote: >It was some ISP server and I don't know the OS. My interest would >have been to do this under OS X (or OS X server). >--dick peskin Again, set it up for what? Doing this for some serivces is easy (e.g. FTP) while others is more complicated (shells, e.g. bash or ssh.) -- -dhan ------------------------------------------------------------------------ Dan Shoop AIM: iWiring Systems & Networks Architect http://www.ustsvs.com/ shoop@iwiring.net http://www.iwiring.net/ 1-714-363-1174 From kremels at kreme.com Wed May 30 06:40:43 2007 From: kremels at kreme.com (LuKreme) Date: Wed May 30 06:41:06 2007 Subject: Directory access limit question In-Reply-To: References: Message-ID: <1814EA45-2EBF-4FCC-BB07-CBC35136D283@kreme.com> On 29-May-2007, at 09:15, Richard Peskin wrote: > I have encountered a server where user directory access is limited > in the following sense. Instead of "/" referring to the actual root > directory, "/" refers to the user's home directory. That is, when > the user accesses (for example) "/somedir", "somedir" is a > directory found at the top level of the user's home directory, not > a directory found under the real root. That would be chroot, also sometimes referred to as a 'chroot jail' > How can one set up this sort of thing? Well, for FTP access (or similar, AFP, WebDAV) it's pretty trivial. For anything else (SSH, login) it's more complex. MUCH more complex, unless something like rbash would work for you. ---cut If bash is started with the name rbash, or the -r option is supplied at invocation, the shell becomes restricted. A restricted shell is used to set up an environment more controlled than the standard shell. It behaves identically to bash with the exception that the following are disallowed or not performed: o changing directories with cd o setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV o specifying command names containing / o specifying a file name containing a / as an argument to the builtin command o Specifying a filename containing a slash as an argument to the -p option to the hash builtin command o importing function definitions from the shell environment at startup o parsing the value of SHELLOPTS from the shell environment at startup o redirecting output using the >, >|, <>, >&, &>, and >> redirection operators o using the exec builtin command to replace the shell with another command o adding or deleting builtin commands with the -f and -d options to the enable builtin command o Using the enable builtin command to enable disabled shell builtins o specifying the -p option to the command builtin command o turning off restricted mode with set +r or set +o restricted. These restrictions are enforced after any startup files are read. When a command that is found to be a shell script is executed (see COMMAND EXECUTION above), rbash turns off any restrictions in the shell spawned to execute the script. ---cut Note the huge importance of the last point there, as it means that a rbash login can be setup to do, basically, anything you want done. It just needs to be setup to do so in advance. -- ...when you're no longer searching for beauty or love, just some kind of life with the edges taken off. When you can't even define what it is that you're frightened of; this song will be here. From janssen at parc.com Wed May 30 09:27:12 2007 From: janssen at parc.com (Bill Janssen) Date: Wed May 30 09:27:31 2007 Subject: NIS broken on 10.4.9? Message-ID: <07May30.092712pdt."57996"@synergy1.parc.xerox.com> I see that the Bresink document now says that 10.4.9 is so riddled with startup inconsistencies and flaws, that it doesn't make sense to use NIS with it. He chiefly seems to be talking about the use of remote NIS login accounts, though. http://www.bresink.de/osx/nis.html#BugsTiger Any solution to these problems in sight? Bill From nigel at explanatorygap.net Wed May 30 09:34:38 2007 From: nigel at explanatorygap.net (Nigel Kersten) Date: Wed May 30 09:41:39 2007 Subject: Workgroup Manager and Linux LDAP server: Server Admin SSL and Web-ASIP In-Reply-To: <5B74ED73-76AE-442D-9326-BA4223ECFA5C@tele2.ch> References: <5B74ED73-76AE-442D-9326-BA4223ECFA5C@tele2.ch> Message-ID: <707B8867-CCA5-4F05-96B1-55900C49BD40@explanatorygap.net> On 26/05/2007, at 6:43 AM, Philip M?tteli wrote: > Which means, that I always need at least one OpenDirectory server > available in our LAN, in order to administer the LDAP server. You can always run this on a client that is connected to the directory... and go "View Directories" (Cmd-D) rather than connect to a specific server. Then you'll see the local NetInfo directory node, and you can choose to view and authenticate to any other directory nodes that this client is configured with. -- Nigel Kersten http://explanatorygap.net From jwelch at bynkii.com Wed May 30 09:55:33 2007 From: jwelch at bynkii.com (John C. Welch) Date: Wed May 30 09:55:47 2007 Subject: NIS broken on 10.4.9? In-Reply-To: <07May30.092712pdt."57996"@synergy1.parc.xerox.com> Message-ID: On 5/30/07 11:27, "Bill Janssen" wrote: > I see that the Bresink document now says that 10.4.9 is so riddled > with startup inconsistencies and flaws, that it doesn't make sense to > use NIS with it. He chiefly seems to be talking about the use of > remote NIS login accounts, though. > > http://www.bresink.de/osx/nis.html#BugsTiger > > Any solution to these problems in sight? For NIS? I can't see Apple putting a ton of time into it, anymore than they'd bring back the full AppleTalk suite. -- John C. Welch Writer/Analyst Bynkii.com Mac and other opinions jwelch@bynkii.com From fan at cns.nyu.edu Wed May 30 12:25:19 2007 From: fan at cns.nyu.edu (fan@cns.nyu.edu) Date: Wed May 30 12:40:05 2007 Subject: NIS broken on 10.4.9? Message-ID: <200705301925.l4UJPJw05754@calaf.cns.nyu.edu> "Bill Janssen" wrote: > I see that the Bresink document now says that 10.4.9 is so riddled > with startup inconsistencies and flaws, that it doesn't make sense to > use NIS with it. He chiefly seems to be talking about the use of > remote NIS login accounts, though. > > http://www.bresink.de/osx/nis.html#BugsTiger > > Any solution to these problems in sight? The following workaround on Bresink's page seems to work for the most part. You may have to restart your machine more than once though. ------------------------------------------------------ To increase the likelihood that the dependencies between the network interfaces, the DHCP client, the lookup service (lookupd), the directory services client, and its NIS plug-in are resolved in correct order, some users had success by sending lookupd a reconfiguration signal very late in the startup process. You can do this for example by adding the command /bin/kill -HUP `cat /var/run/lookupd.pid` --------------------------------------------------------- Best, Paul From janssen at parc.com Wed May 30 14:00:19 2007 From: janssen at parc.com (Bill Janssen) Date: Wed May 30 14:01:14 2007 Subject: NIS broken on 10.4.9? In-Reply-To: <200705301925.l4UJPJw05754@calaf.cns.nyu.edu> References: <200705301925.l4UJPJw05754@calaf.cns.nyu.edu> Message-ID: <07May30.140023pdt."57996"@synergy1.parc.xerox.com> > The following workaround on Bresink's page seems to work for the most part. > You may have to restart your machine more than once though. Thanks, yes, I've applied all of his work-arounds listed there. I've certainly seen the behavior he describes both on my old G5 PowerMac and my newer Mac Pro. Bill