UNIX: Working the Command Line in OS X

today we’re going to talk a little bit about the command line some of the benefits some of the reasons why I like it and hopefully it’ll entice some of you to dig a little bit deeper and start to learn it and explore quite a bit more because there is so much power in it now toward the end of the session we get a little more advanced we talk about binding scripts we talk about access control lists and how to deal with them in command line so this is meant to be a foundation level class write an introduction to it to try to get your feet wet a little bit also if you guys want them and please take them I don’t want to carry them back with me we have screen wipes which work great for glasses and sunglasses as well up here take as many as you want we have mouse pads to take or great for coasters as well big coasters for big drinks but work well for coasters yeah we spent a lot of money on them I go through them pretty quick they’re great all right without further ado let’s go ahead and jump right into it so why do I use the command-line why should you use the command line as though is the bigger question now I had an engineer that did everything from the command line and one time I decided to ask him I said Dan why is it that you love the command line so much because some of the stuff he was doing could easily be done from the GUI and probably just as efficiently and he said because whenever there’s a customer looking over my shoulder as soon as I jump to the command line they walk away and they leave me ever alone the rest of the day I’m like alright I like that one I’m going to keep using that the GUI is like an automatic transmission right it does most of the work for you you don’t have to put a lot of thought into it sometimes you do but it does most of the stuff for you whereas going to the command line is like a stick shift transmission right you have to think about when to change gears you have to think about what you’re doing at any given time and the command line isn’t as forgiving as the GUI is but there’s so much power so much strength using the GUI on it it really makes it a benefit to you as an administrator to get to know it and I’m going to teach you some resources where you can learn more about the command line and become more familiar because there’s a lot of free resources out there that are just excellent now I had stated that we teach a lot of the the certification classes and what I’ve found is when we’re doing the system administrator level classes it’s about half command line half GUI we show you how to do it in the GUI then we show you how to do it in the command line and I find that there’s a lot of people that I lose as soon as we hit the command line side but when they see okay they’re doing the same thing but look how much more efficient is there like oh okay I get it right so they end up learning a lot about command line that they didn’t think they were going to through our classes so it gives us advanced configuration and features that you may not see elsewhere there’s a lot of things that you can do from the command line that you may not know how to do from gooeys though there seems to be an app for just about everything these days you can run the command as a different user so I can jump in as Russell and change over to administrator I can elevate my own privileges to route user does everybody know that the difference between an admin and a root user the root user has the power to do anything they want in the operating system including deleting the live operating system while you’re working on it it’s not going to say are you sure you want to do this right it just does it for you much more efficiency all right some of the very simple commands if if you’re doing a get info on a window and waiting for it to spin and calculate you’ll find that a disk usage command comes up in about 65 percent of the time it’s it’s just a lot faster and a lot more efficient and then being able to do remote administration and troubleshooting is a real big plus in my book so if you don’t feel like getting getting out of your desk getting away from your desk and walking across campus to work on something I can always remote shell into somebody else’s system and possibly do a fix for them okay and this includes things like fixing printers right we do the printers all the time this way um mostly I deal a lot with servers have any of you ever had a server that went dumb on you that you couldn’t get into from the GUI right so I leave it with SSH turned on servers so that I can hit it from the command line and kickstart ard if you haven’t used that command before look it up it’s a great command when ard goes goes deaf on you and it’s happened probably to all of us at one time that it says they can’t see the client you’re like I know the clients on and I know it’s awake why can’t I hit it right so ard just possibly went deaf on you four primary ways that we can get into command line from the login screen if you type in greater than console it

takes you to a command line shell the most common way of getting into it is going to be launching the terminal app they all give you the same power okay another way is to ssh into a system so secure shell those are a little smaller thing by the way I will make these slides available to anybody if you just drop me a business card I’ll give you a link to the Dropbox they’re kind of large I think it’s 70 Meg’s in size so I can’t email them to you but I’ll give you a link to the Dropbox invite you in so you can download the curriculum and it’ll have the curriculum for my iOS mobility class that we did on Tuesday as well so just you can leave me a business card or give me your email address and my email address will be on here at the end as well ok so greater than console terminal SSH in and we also have single user mode if you haven’t used single user mode it is a great troubleshooting tool right when a mission when you’re not able to get into a system probably because you can’t authenticate into it being able to go into single user mode allows me to blow out directory services basically killing my binding and then I’m able to log in again but without that ability I’d have some difficulty trying to get to it I still have to boot off another system so instead of having a boot off another drive single user mode is a great troubleshooting scenario now there’s six basic shells that we can get into under OS 10 and the default shell is bash or bourne-again shell this is real popular on the Linux side as well but I’ve come across people that have been using UNIX for 40 years and they say I don’t like bash I like T shell or I like just shell or seashell you can switch over to whichever environment is most comfortable for you it’s extremely rare that I ever have to change this for a user most of them say yeah okay bash that’s fine that works for me okay but you can make the change into any shell you want does everybody know where to make that change by the way if you haven’t gone in under system preferences go to users users and groups and right-click or control-click on the user takes you to the Advanced Options and from there you can change the shell and there’s a couple other ways to do it as well but that’s one of the easiest so there’s a couple things to note about any user shell that you’re going to be in and you can pull a man page a man page is basically the manual on how to use that particular command a lot of people say well how do I remember all this stuff about UNIX nobody remembers everything about how the commands work I jump to the man pages all the time when I forget how do I do this inside of our sink right and the man pages tell you exactly the usage that you can have with it and the syntax that can be used with it as well but take a look if if I’m in a particular user I have some hidden files that are located there and you guys understand that anytime you see a period before a filename or a folder that means it’s hidden all right so what I’ve got here is the ability to go in and take a look at this user’s bash profile I can take a look at the bash history so if you’ve ever come across and you think there’s a student that’s been trying to hack at one of your servers if they aren’t wise enough to hide their tracks go into their bash history it tells you what they’ve been doing in there right so you have some information that’s given to you just by being able to log into the user now you might say well I don’t have their password how can I look at their bash history it’s in their user folders protected right how do we get around that root you log in as root user the sudo command and you can get in as any other user you want to and you can navigate the system so you’d be able to see that history file as well okay so a couple of ways the very first one this is really one of my favorites disco if you’ve worked with directory services in the past and had any issues binding systems in or joining them to a domain disco liz directory services command line this gives you full access to the entire LDAP structure and whether you’re using Active Directory or open directory they’re both built off of x500 which is the open LDAP standard right the one that was created by Novell isn’t that ironic that both Microsoft and Apple are using Novell zinc implementation of it for those that are using older versions well actually it still even exists now workgroup manager allows us to change the shell okay so it is still out there hasn’t been quite deprecated yet server app server preferences going into users in groups the terminal app allows us to change the shell write the CH SH means change shell and it’s a permanent change it’s not a

temporary change but you can always go back and change it back again now one of the best things that we can do as administrators is to make our lives a little bit easier automation anything that’s repetitive that you do on a daily basis or weekly basis or a monthly basis try automating it right there’s very little chance of human error dealing with a script once the script is working it’s it’s it’s going and it’s working for you and I’m going to talk about ways to automate and and we’ll pull apart-er script take a look at how it’s actually built but if you is so even though this class is an intro into working in the command-line shell scripting is the next step forward right learning how to write stuff that’s going to make your job easier now I don’t know about you guys I’m pretty lazy so anything I can automate I do automate makes my life a little bit easier too when you take a look at a command it’s easy to break down into four different sections so the very first part right here is the actual BSD command the UNIX command the second part all the options you’ll hear some people say flags I use that all the time as well but those are all the options the third part are the arguments what does this command apply to typically it’s going to be a file or folder right last part is if we needed it redirection of output or any other commands that we’re going to tag along with it so we can do multiple commands and string them together to have it produce a process for us you can always go to the man pages for any command that you see so it’s the BSD command you type into space just man space and the command name right and you’re going to find that there’s a lot of documentation on commands they are not all current but they’re fairly up-to-date and I’ve had people ask about how do I print out all of this right can I do a man on the man pages yeah you can but that’s a last count I think it was a thousand 50 pages or so you’re much better buying one of the books from O’Reilly or peach-pit press on UNIX like the pocket guides that make it all very simple for you so it’s just something that a small book that you can keep on your bookshelf or carry around with you and reference it for simple examples on how to use the command line okay as I said every just about every command has a man page some of them are better than others so as you get a little bit deeper a little bit more advanced and you say well you know what I administer servers as well from the server side those commands aren’t as well delineated in the man pages right like the server admin command that’s one of the the great commands out there but it doesn’t have a whole lot of documentation until you go to third-party resources basically people that have just been tinkering with it until they find exactly how it works and then they document it as well but being able to pull up a man page certainly makes your job easier especially when you’re on the spot you can use wildcards in your scripts or any command line commands now wildcards if you’ve done any level of programming at all you’re probably already used to the wild-card figure so like a question mark question mark means any character can go in this position right and it’s positioned by position whereas the asterisks it says anything after what I’ve already typed take any input so if we take a file if I’m asking it to find any file that starts with Russell and I want to find in particular anything that says Russell ke Y or PDF I can do Russell asterisks and it’s going to find anything that starts Russell period it doesn’t matter what exists after it it will find those files for me right so some good commands that we can we can make a little bit more powerful just by putting in some of our wildcards here I mentioned this a minute ago the root user interface is the most powerful area that you can get into in the operating system any of you that come from the os9 days we are running as root users right it gave us the same power under OS 9 as the root user does now root is disabled by default on OS 10 client and OS 10 server and that’s a good thing in my opinion and I’ll give you a real quick story as to why I think that’s such a good thing just a minute but with roofing disabled by default you can turn it on inside a directory utility so it’s on on the system permanently and all I’m

doing at this point by turning on inside of directory utility is giving access to the GUI so I can log in as the root user from the login screen I prefer to always leave it off because whenever I need root access I’m just going to issue the sudo command from the command line and I’ve got the root access temporarily okay so I told you I was going to get to this story I went into a very large biotech firm where they’re having problems with the systems and they said we want to figure out why we’re having the problems and if you guys can fix it I’m not sure that we can fix it but let’s take a look so I walk up to the first gentleman and I see him inside of the system library fonts folder and he was throwing away a font no dialog came up I’m like uh-oh big red flag because to change anything in the system folder you have to put in your admin credentials what’s your name so Tim I saw you just throwing away fonts how are you doing that inside of your system in the system library folder I’m logged in as root okay do you what why did you do that well the admin said it’s just easier if we self-service our machines so so everybody here in our department just stays logged in as root all the time thirty-two Mac users that were all logged in as root is there anybody here that can fix the problem on 32 systems how do we reverse engineer that how do we know exactly what he did or he did or he did so you guys have heard the phrase new can pave I don’t take credit for creating that basically that’s one of those scenarios where we have to new can pave we don’t know what each person has done to their system different than the others but now we know why they have so much instability with their systems they shouldn’t be in there so I leave a root access off by default on servers and on client machines all the time I do turn SSH on on servers and that’s it I do not turn it on on client machines and for one simple reason I don’t want somebody tinkering I don’t want somebody getting into it and even on the client side and figuring out what the passwords are the server’s I have locked down so that I know I can only hit them from certain IP addresses or when I VPN in I can hit them from that as well so I always have a back door into the sir into the servers now you will always have a change in the prompt oh I don’t even have it up here it’s going to be a hash mark right the pound sign so as soon as you’re in is root user you’ve got your cursor has changed to the pound sign but as I said be very careful I have gotten into a very bad habit every time I launch a shell I type in sudo – s what’s the problem with that I’m leaving it as root user if I walk away just to go to the restroom I forget to close out sometimes and so it you’re better but but then as I said I’m lazy so if I do sudo – yes I don’t have to keep trying in sudo also keep in mind I’m not sure if it’s considered a flaw with the operating system when you type in sudo and your command name it’s going to ask you for the password it remembers that password for five minutes no matter what you do is that a little scary no matter what you do short of restarting the system so if I do an exit to get out of the shell if I do a quitting of terminal app and I launch it back up again within five minutes if I type in sudo lets me write in with no password okay so just be careful timing wise on how that works now it’s not five minutes from the time you quit you sudo session it’s five minutes from the mint from the second that you put your password in so that can still be considered a security compromise best practice always to exit out and quit out exit out of the shell and then quit out of the terminal app as well now there’s a lot of different commands that we can use to move files around play with files a couple of them you’re probably familiar with and most people it’s interesting in our certification classes we get about half the admins coming from the windows side and some of the the windows admins are coming in like I have to be in this class I hate it I have to be in this class and usually by the end when they see it’s not so different it’s just a different name for the tool and different way of working there they’re pretty open to it but if they’ve had any experience with dos they pick up the command-line pretty quick right so command-line has been around for 40-plus years actually 47 years I think it is now same amount of time as I’ve been around that’s kind of scary huh so we

have the touch command the touch command will if there is no file with that same name we’ll a file with that name just creating an empty text file a true text file or if I touch a file that already exists it’s going to change the modification date now think about this for a minute if I’m changing the modification date of a file just by hitting this command what implication could that have on you guys as administrators and I’m thinking more towards when my backup programs are running right my backups are doing in incremental what does that mean those files that I touched are going to do it sees them has changed it’s going to back them up all over again and there may be a a principal or an administrator that says I don’t care if you’ve already backed these up I want them backed up every single night great I can hit the touch command and I know that they’re going to be backed up again tonight even if it’s nothing has changed in the last day or two okay how many have seen the des store file it’s a hidden file nobody’s played okay so there’s programs out there that clean up these DS store files right they go through and you see it chugging away and deleting a hundred thousand des store files wow it just cleaned up my system what’s going to happen next they will all be recreated immediately so is there a problem with its directory structure is there a problem with these DS files in general no but when you go and open a window and it just spins and spins and spins and isn’t opening the window or displaying it for a long time that des store file could be corrupt and just simply deleting it out of there might fix that corruption I’ve had that happen a lot of times so that’s a good that’s a good troubleshooting tip right there you also have trash there is a trash folder at every level of the operating system even though we see it in the dock down in one central location within the OS there’s a Trash folder that we can get to from say the users folder a lot of the commands when you take a look at the name gives away what it’s doing right MV is move CPS copy RM is removed so some of the commands sound very you know what that’s not even true anymore UNIX command does recognize the resource fork at this point so a lot of the commands are give away exactly what they’re going to do others are very well masked and it’s hard to figure out without playing or doing pulling a man page on it now as you’re navigating the operating system couple commands that can help us out there the push command it remembers where you were so you can jump back to it real quick right especially if you’re scripting or use a common directory all the time and you can’t keep having to change around so use the push command to remember where we were currently at we use the pop D to pop back to that current directory okay a lot of people when they first see PWD oh that’s password now that’s present working directory or print working directory depending on what version of UNIX you come from so it just shows you where you’re at there’s a lot of times where I get lost in the in the command line I’m like wait where am I at again okay make directory copy directory remove directory now we can use wildcards in all of these areas we’re also going to use different operands one of the best operands that I use quite often actually there’s two and it depends on what command you use this with if I use the flag of – our or – capital R or – F I mean if you know what the – our command is recursion yeah it means do it to this folder and then everything within it okay so if I’m removing a directory RM space – are everything within that directory is going to be gone the – F command I won’t get much into case sensitivity but sometimes you’ll have a different result using capital R then you’ll have with lower R but – F typically means force this right have you ever gone through and told it to delete some files and it keeps saying are you sure you want to delete this file or this file is locked and then you say delete and next and you just keep having to do it keep having to do it the – app just answers yes do it – all of this especially if you issue it with the sudo command yeah okay let me take a look at that at the end now being a UNIX based operating system our default privileges are going

to be based on POSIX POSIX don’t give us as much flexibility as access control lists access control lists were created by Microsoft and Apple started using them in 10.4 X and it was a welcome addition for us so when you take a look at POSIX from both the GUI and the command line side I know this is a little bit hard to see because it’s blurry but you basically have user group and other from POSIX terminology it’s called user group and other from Apple terminology its owner group and everyone means the exact same thing okay and we have only three options read write and execute so I seem like three options over here when you take a look at it the first letter here tells me whether it is a directory with a D a file with a dash or an L for symbolic link so before I move on who can tell me what a symbolic link is reference to a different location so I heard the word alias it works very much like an alias except an alias is movable a symbolic link is not it’s hard-coded to a place in the operating system typically created by the operating system itself but you can do it from the command line as well then you have three groups of three so that’s the owner group and everyone else so over here on the get info side how come I don’t have execute I have read I have write I have read and write and I have no access how come I don’t have execute yeah it’s implied if I double-click on a folder and don’t have execute rights it’s not going to open up so it’s an implied command or an implied privilege now when you start working from the command line it’s a it’s a very standardized interface very straightforward when you know how it works so at our normal command prompt this actually tells us who the user is that’s logged in that’s their short name and because it has a dollar sign there that means they are logged in as a standard user or an admin but not route they don’t have root access at this point we list our command write this command is is simply listing everything that’s in the directory in long format with attributes shown our command results show back up down here and then it drops us right back to a command line prompt saying okay I’m done what do you want to do next right so it’s pretty straightforward this part of it doesn’t change the power comes in knowing the commands that are available to you and how to utilize them now there’s a number of different things that Apple has given us tools in our belt that make our job a little bit easier for navigating the command line and this one I’m going to show you real quick because I use it quite often the top two tab completion and drag folder to terminal completion that makes my job a whole lot easier so probably want to see it on your screen huh there we go now you guys all have good eyes so I don’t need to make this thing bigger do I so if I want to change directories let’s start at the root level CD slash takes us to the root level and I do a listing in long format right so if I want to change over to something say a library application support CD library I type in the first letter or two letters hit tab it’s automatically going to complete it for me this is a great time-saving feature now I type in application support why is there a backslash in there yeah backing out the space UNIX doesn’t like the space so it’s going to back it out for me which is kind of nice that it throws it in there now one other way and if I you can see where this work rate on a long path name it’s a lot less typing one other way I’m going to just grab a folder so I am on my other system right now I’m going to grab something from my users library real quick so if I want to quickly jump over to user library application support I can start off by typing in the command and then I drag and drop from my library application support there it is and it’ll autocomplete it for me right so two methods that make our job a whole lot easier and there’s a couple other things in here I don’t use them as much but I still use anything I can to make my job a little bit easier I will use it so jumping around on a line especially on a long line you got the control commands in there scape F moves forward one word escape B backward one word control C stops where you’re at in most cases

sometimes you have to hit just a Q clear clears the screen give you a nice clean break there now be very careful because it’s easy to confuse characters from the command line when you see them printed and it really depends what fonts is in the book so a lot of times you’ll see it a mono space font like courier or I forget what the other one is but couriers a common font so that it’s easy to see the difference between a zero and a no write an L and a one or a dash and a tilde by the way what is tilde mean yeah the current user’s home folder so that’s a quick way if I do a CD slash tilde that’s going to jump me to my home folder so quick way to take a look at it case sensitivity is not as important from the command lines perspective right so on the commands itself it’s important but the path names it’ll still figure it out so it’s a case insensitive operating system right now but exact path names are very important spaces and file names and paths can have unexpected results and if you’ve ever had a user that saved a file with a period at the start of it and then calls you up for tech support they can’t find that file they just saved it to the server where is it right the space excuse me the period made it hidden other things they can do to really wreak havoc for you guys they put a slash in this in the name okay because what can that do spinning out of control some of your most powerful tools are only done from the root level meaning if I want to change permissions on a file or a folder or change ownership on a file or folder those have to be preceded by the sudo command now most of us have probably had users call up saying I just saved a whole bunch of files to the server now I have read-only access to it right so here’s a quick way that you can go and modify that by using the change modification command or the CH own command now the choke command is basically changing ownership and you can change ownership with the user level or the group level the chmod command changes our read write and execute permissions now if you look at it you can do this numerically – and as you get more advanced it tends to work out in your favor but until you’ve gotten to that point you’re using the cheat chmod command from with one section from the first one from the second and one from the third generally so in other words I’ve got a file that has read-only access and I want to give myself right access to that file right and I’m part of the group so I would do chmod G + W give the group write permissions or take away write permissions – W and then the file name and the path and remember if it’s a folder you probably want to change everything inside of it as well so what’s the flag we use to do it inside of that folder as well – r-right we want to make we want to turn on recursion there’s a number of text editors that you can use TextEdit is not my favorite it creates RTF files by default so you’ve got to go to the preferences and change it so it doesn’t do RTF because command-line does not like those you can download text wrangler which is free it’s a great tool it does everything for proper unix convention if you like it from the command-line better you’ve got three different built-in command line editors you’ve got VI and those that have been with unix for a long time oh yeah VI is the best right it’s what you learned that that’s usually the best I usually tell people nano or Pico they map to the same product now I can’t remember I think it was Pico that was deprecated one of them was but it’s still matched to the same place is usually a good start for people just getting into this because it gives you hints at the top and the bottom of the screen of what’s going on hey hit ctrl W if you want to do this and Emacs less popular one but but it’s pretty good as well so any one of those VI is the most challenging but you can navigate through it the fastest so as you become a UNIX expert you probably will be going with VI now we already know what the user sees on the system is going to be the actual applications that are running they’re going to get a top level overview not as much information what we’re looking for as administrators is what’s going on with all the demons and processes okay and we have several commands that can help us with this in fact we have a GUI as well activity monitor gives us a great insight to what’s going on on the system now of course most of you know that when you launch Activity Monitor it shows you

your processes only by default so you have to change it to all processes and it’ll remember that from here on out using the top command gives you the same information that you see from Activity Monitor very fast very efficient the kill command can kill a single process or daemon or you can do a kill all to take a whole group of processes out meaning the the main daemon and any threads that are running underneath it okay some of the processes you have to use the sudo command so if you see that the owner of it is system or root you or a different user in fact because I to do that as well you may have to issue the sudo command okay so top kill kill all are the main command-line tools for managing our processes and demons now we have one more listed up there it’s called process status the PS command shows us all running instances of a process and their current state where can that benefit you why do we need to know that as opposed to it’s just running or not what’s that hyung job right you see a thousand instances of it why do we have a thousand instances right something may have spun out of control okay I don’t know how many of you are administering 10-9 servers okay have you ever seen when you have a time machine server turned on after a period of time you’ll have a user logged in with over 2,000 instances of logins over AFP why it’s because they kept closing their laptop and every time they reopen it initiates another login close open close open close open and they get a couple thousand going there and you’re thinking oh my gosh something’s wrong with the server the only way because even stopping the process doesn’t change their logins it doesn’t change that number down it’s shutting down AFP and restarting now remember Mavericks wants to go to SMB too but there are only two things that are still running AFP that’s time machine server you can’t change that we tried it breaks it and login changing your password you cannot change your password over SMB it has to be over AFP all right so we still do have to have it running and plus for any legacy support anybody on ten eight and lower still will need AFP generally how many of you are using arity that is a great tool I’m glad to see so many people using it so how do I deal with the client machine when I don’t turn on SSH or remote login I do it over ard and I pop the command out and the most fun command especially in a lab late at night there’s only one or two people in there you do the say command with the volume all the way up and have it say something to them I know I I think a geeky things like that all the time but you have full access to even put it in as the root user right to issue the sudo command so you have a high level of functionality from within ard I had alluded to the fact of automation a little bit earlier what is the whole purpose of this to make our jobs easier and when you think about the things that you do on a daily basis there’s probably one or more items that could be automated right so right now maybe it takes you 10 minutes to do it if you automate it and say fire this off at 8 o’clock every morning does it for you and it just saves you those 10 minutes so think about things in your normal workflow in your normal life that you may want to automate and start working on automation automating things right we want to eliminate the repetitive tasks we want to get some help with time-consuming tasks quality by avoiding mistakes if it’s automated Computers not going to enter bad information right that information comes from us ensure task execution and become more efficient that’s the whole nature of it in a lot of the sessions that you’ve seen this week deal with scripting and you’ll see a higher and higher emphasis as the technology involves on scripting and automation and you can use any of the built-in scripting languages you can add your own scripting languages they can all be tied together right the most common ones out out there that built into OS Perl Python PHP TCL Ruby Ruby on Rails and the different shell environments that you can jump into and you even have Apple zone technologies you have Automator I have a lot of students that start off building their scripts by doing in an Automator and then looking at what it’s doing and learning from what it said there you can go on to Apple’s web site apple.com slash Automator and download free scripts and as you’re looking through the list you might see scripts like ooh that’s cool I really would like to automate that it’s going to give you

ideas of what to automate okay so you can tie Apple script together you can tie Automator together and you can tie shell scripts together so if you don’t know how to do it in in bash then we build it in Automator we tell bash to fire it off and do all the extra stuff at the same time right so tying multiple different languages together and multiple different tools together works out great now what you’ll find is anytime you create your own script just like in programming it takes more time to test it fully and make sure that it’s working the way you thought and over time you might find different ways to make it even more efficient so you may go back and you might edit it again and make it a lot more efficient and have it run faster typically Automator scripts on average are going to run a little bit slower than a shell script that’s on average it’s usually because we put in so many extra steps ok and then Apple script was really designed to be a human-like programming language that people that didn’t want to do actual programming could pick it up and learn it right and it is a pretty easy scripting language our nest next task is to automate them set it up on a repetitive cycle what are the commands that we have to do this cron at periodic and I’m going to talk about all these because some of them are actually deprecated and it really depends what version of the operating system that you’re using we can also set them as startup items anytime a user logs in it’ll start it up or as a launch D item right launch D is one of those things that we’re going to talk about in just a minute here that does it has a lot of control over our operating system and generally makes our lives a whole lot easier as well okay so for scheduling we can set it to run always run on demand run at a specific time or run periodically like you guys have maintenance scripts that are running on your system at different times of the morning’s or different times of the month now cron is really considered deprecated you can still use it if you want to but the functionality has been replaced quite a bit by launch D and launch D is the super server the the super process that we’re going to talk about more so it executes periodic scheduled commands it only starts when it sees files in those two locations you see that we have some differences between the versions of OS that we’re running here and you’re going to notice that in nearly every version it gets moved to different places depending on how how emphasized it is in that particular version so the at command has been basically moved off of the system you can still turn it back on if you wanted to but as of 1052 it was pulled out of there and and you’ll see why in a minute because launch D can handle so much of this now a lot of the common scripts that are running on your system they’re running on a regular basis no matter how you look at it and these are the maintenance scripts so for those users that are shutting down their systems every single night these scripts aren’t running for them right when the system is asleep but when it’s in deep sleep these scripts aren’t running for them but you have daily scripts that are running at 3:15 in the morning you have weekly every Saturday at 3:15 and you have monthly the first day of the month at 5:30 we can coincide scripts to run with those as well right so examples of why we would set up a script you might set up a script that reimage is the system every week every Saturday so it goes through in the lab Monday through Friday and then no matter what the user is put on there it’s going to reimage it for us so that’s one example of how we can automate it pretty easily now to add your own scripts into the periodic side we only have to do a couple of different items here you have to put it in the right location depending on how frequently you want it to run you have to give it a numeric value so it shows what order of precedence that it takes and you have to change the ownership and the privileges you have to make it executable by route because now it’s got to be a route process so these items are pretty easy to put in place now startup items they’ve been deprecated or considered deprecated for quite some time but we we still see them in the operating system startup items in most cases can easily be re-written as a launch D and become quite a bit more okay the the number one example I know of is a an accounting program account edge on the Mac side that uses startup items and it’s so flaky if you just change it from a startup item to a launch D it’s no longer a flaky process okay so we still see them in there they just tend to be very inefficient compared to a launch d item now launch D

as I’ve brought up several times it’s designed to be the super server it came out in 10.4 and it’s been improved upon each level each iteration of the operating system now launch these sounds a little bit daunting and I went and looked on on developer.apple.com for some documentation on launch D that can give my students a real easy kick starter to how it works and the whole PDF there’s only 28 pages long and it teaches you all about how to program a launch D item it’s pretty easy reading it’s not like the normal dried UNIX reading that you would see so if you want to learn more about launch D 28 page PDF on developer.apple.com and just do a google search for a launch d documentation okay so if you take a look why I called it the super server it is designed to replace all of those various processes okay most of those processes went away in 10 for some of them started going away in 10 5 and 10 6 pretty much all of these were gone by the time 10 7 came around so replaces a lot of things yes we’re putting a lot of emphasis on it so what happens when launch D fails launch D is designed to constantly monitor what’s going on with the operating system and if it did totally fail your system would restart because it’s going to try to respawn itself but it’s it’s extremely stable right we don’t we don’t have problems really with launch D unless you program your own launch D that had some problem in the coding that’s the only time where you might see it become unstable so it’s fully asynchronous bootstrap it’s got fault isolation and error recovery it’s designed to sniff out problems that are happening ok I had a I had a server just last night that was spinning a process out of control took it up to seven point nine terabytes for our plist file yeah I was probably not too far away from the server crash if it went any further but I caught it in time and launched II was monitoring it I didn’t actually catch it before launch d-did and it shut down the process created a new plist file and just left it as it put a dot b ad at the end of it I’m like cool it’s watching out for me like that it is pay-as-you-go so it only starts the processes on demand if it doesn’t need the process it’s not going to start it for you has a lot of security because it’s got privileges separation so when you’re talking to launch D from the command line prompt we’re using launch control launch control is the interface into it to fire off lists load unload debug start or stop a job and it’s as simple as that and that’s why it’s such a short PDF for the reading by the way there will be I know I go through this fast which is why I make my slides available to you guys but there’s a lot to cover and you obviously can’t learn everything there is about the command line in a one and a quarter hour session so there’s going to be a QA at the end and there will also be these slides available to anybody that wants them sent to them or tagged into the Dropbox there is one launch D for each user so if that launch D goes bad that’s on a user basis that is not the same one that’s running the system so the launch D only fires off for each user as that user is logged in and as soon as the user logs back out that instance gets shut down so it’s not using resources so probably all of you have had some experience with fast user switching and know that when you’ve got two users logged into the system its takes up a lot of resources right it’s it’s almost doubling the resources not quite almost doubling the resources so when it’s when you’ve got fast user switching on which we always recommend to have shut off there’s some minor instances where we say yeah fast user switching is good but generally keep it shut off so we’ve got launch deeds that are monitoring each environment and even more troublesome is when we’ve got a user in say Photoshop Photoshop six that’s a good one to use if the second user tries to get into Photoshop six they’re going to get resource busy Photoshop six was not a program that was written to true UNIX standards that could allow the full multitasking so a lot of resource busy would come up so you got a user that’s scanning in this huge item and you know it’s going to take an hour or they’re doing a Gaussian blur on an image that means that for the most part Photoshop is unusable for others now you can get in and do other things in Photoshop but if it crosses over into the same type of command it’s going to give you a resource busy right and then you shut down from from that particular product or process all right some great resources here that you guys can utilize from the command line to take a look at

the system CPU walk dot D measure which CPUs a process runs on have you ever seen an activity monitor or top where a process is taking up 130% how is that possible how can it ever be over a hundred percent yeah multiple cores right so if you’ve got a four core system you can it can go up to four hundred percent before it’s taxing the unit now all of you have probably seen on a laptop when you’re above a hundred percent on any one task those fans start firing off right and the more it goes up the faster those fans start firing so we can take a look at a particular process and see what CPUs is it using if it’s using all of one CPU and then trailing over into a different one it’s it’s not very well written and it’s definitely not written to 64-bit coding but if I see that it’s doing 28% on each of the four cores I know it’s properly written to UNIX standards current UNIX standards okay top – you where we talked about the top command but it lists processes by CPU usage this is typically the most common scenario when I’m going into activity monitor or top I want to see what’s taking up the most of my CPU one hundred seventy two point five percent in this case to take a look at what’s going on with memory first off what is VM was that stand for okay what’s faster virtual memory or RAM RAM quite a bit virtual memory is basically taking harddrive swap space and utilizing it as RAM so if you’ve got systems where you bought them with only four gigs of RAM and now you’re up to Mavericks and you know Mavericks Mavericks likes a lot more RAM the mountain lion did right even though the RAM requirements are still two gigs how many of you run Mavericks on a two gig machine and how many are happy about that performance right it it’s amazing just by going from two to four gigs how much more performance you get out of it so and that’s because everything’s being swapped to virtual memory when you have too little RAM I’ve had clients that don’t want to spend the money on RAM and they’re going to be using it for Photoshop right and so they’ve got an eight gig system and they’re trying to open up a two gig Photoshop image on it well Photoshop wants three to five times that amount in RAM so it immediately starts going to virtual memory which means the whole system is going to slow down quite a bit any change you make it’s going to rerender it okay so VM underscore stat shows us exactly what’s going on with virtual memory right the numbers when they’re lower that’s better less going into virtual memory there will always be something going into virtual memory no matter how much RAM you have that’s just the nature of UNIX it’s always keeping a pipeline open a virtual memory um and I’m seeing one command I forgot to put on here so to take a look at the disk the DF command dis free the D u command I have missing from here and the D u command I love that command because it’s so fast so efficient it shows if I do a D u – H human readable format with sudou turned on I can see the user folder and how many files are how much data is in every single folder in there and it’s coming back pretty quick in fact that’s the command that I use to find that 7.2 terabyte file plist file today ran across but very fast very efficient the IO stat reports io statistics you we’re going to talk about lists of open files when you launch Photoshop have you ever wanted to know what other processes fire off with it LSO F will show you as you launch it it’ll say spawn spawn spawn it’ll show you what’s spawning off on the system FS underscore usages filesystem usage it tells you what system calls are being made now as you start thinking about this this is great for troubleshooting right would you just do this just to be fun maybe right kind of in a geeky way but it helps quite a bit with troubleshooting especially if you’ve got an app that keeps crashing or beachball in your system most of these commands can help you narrow down the variables isn’t that the the whole issue with troubleshooting you’re trying to narrow down the variables to get it down to just one now of course sometimes it’s a lot easier to do the new could pave method where we just blast and say fixed it Oh what was the problem I don’t know but it’s fixed you really want me to go figure it out I’d probably good but okay on the networking side popular command out there Nets

net stat and TCP dump if you want to do any packet sniffing these commands will let you do all the packet sniffing that you want yes sir great question yeah and I didn’t explain that I that’s the section of the man pages it falls under and in previous versions nobody seems to care what section it falls under anymore but it used to be pretty important how its liking whatever so yeah you don’t really need to have the the parentheses items there it just shows the section of the man pages now if you’re going to do any true packet sniffing there’s some good programs out there I use Wireshark have any of you use that before okay that’s a fun one plug it into the enterprise level company and don’t tell the admins what you’re doing and let it run they come down on you pretty fast but remember that anytime you’re doing packet sniffing what’s the what’s the drawback to doing it on a switched network yes you only see your packets okay so if you’re on a switch network and most of us are how do you get around that yes so you can program a port on a managed switch or some of them have that console port you can tag into the console port and do it from there as well right now if you’re monitoring traffic on Wi-Fi what do you need to do Wi-Fi is the equivalent of a hub so you don’t have to do anything you’re seeing everybody’s traffic going through there it is not switched information okay I did mention the virtues of SSH SSH allows us to go into secure shell it’s a command line prompt from a different machine and from a different machine I’m opening it up as if I’m right there in front of it I have all the full access to it that I want to have some fun with it someone and SSH into their machine and do a sudo space open space slash applications asterisk all right see how long it locks our system up for as it opens every every application in there so some of the things that fall under the category of SSH are SCP which is secure copy it’s going to do it inside of the encrypted tunnel and add extra encryption on it or SFTP a lot of people think that SFTP is an extension of the FTP protocol and they’re entirely separate so when you set up an FTP server even on Apple’s FTP offering it is just FTP putting an SSL excuse me yes putting an SSL certificate on top of it does not make it SFTP it’s a different protocol there’s a lot of products that do SFTP and FTP and WebDAV all in one so SSH uses key pairs just like an SSL certificate would to identify both hosts and create an encrypted session between them SSH tends to be very fast very efficient and unlike you’ve heard over most things putting encryption in place here isn’t a huge drawback the overhead tends to be about six to eight percent whereas on a VPN tunnel you can have upwards of 40% overhead on that tunnel okay but they’re adding a lot more things into place some of your built-in command line tools we’ve talked about a few of these there’s my D u command that I like so much but this gives you a pretty good listing of ones that we haven’t gone in deeper and again this is one that when you download the slides you can or take a picture of it that will work too but can you get enough detail when you zoom in on it so good listing of commands that that we don’t get into you know there’s thousands of commands and for us to talk about all of them you guys would be asleep pretty quick I know I would I mean you’ve read the book on DNS and bind any administrators here how many times you fall asleep while reading it it’s 800 pages of riveting material right what’s that I was looking for the Cliff’s Notes but I couldn’t find them anywhere yeah UNIX reading tends to be a little bit dry unless you’re looking for something particular out of it you can only take it a piece at a time here all right so to assess service and process utilization we talked about Activity Monitor process status and top those are our primary tools for looking at process utilization take a look at hardware utilization in summary Activity Monitor does show us some vmstat is our virtual memory side of things system control ok system control gives us a lot of information and a lot of things that we can possibly change so system setup falls under that same category again these are commands that you can write down and start to hold man pages on and

take a look at it and if you’ve ever done a system profiler its system information now in ten nine but when you pull one those system reports they’re pretty long when you pull them from the command line they’re even longer right it’s a lot of information that it’s pulling there but it’s doing the same command just doesn’t look as pretty ok the disk you tell command this is a way we can go in and change encryption Blowout encryption it’s the same thing as running Disk Utility but you have more features from the command line than you do from the GUI side right and especially in regards to encryption or things like not not as effectively File Vault but turning on single encryption of extended drives make sure when you’re done with the command line especially if you went in with root user privileges that you log out or exit the shell and remember five minutes after you typed in your password it’s still going to remember it for you which is nice for me because I create so many different windows I just keep opening them up and type in sudo – s okay the reboot command will flush everything out of there so it does not remember your password of course it’s rebooting your system it’s doing it gracefully though the halt command does not do it gracefully what do I mean by gracefully versus not gracefully yeah yeah so it shuts it down properly all the header files and and tucks it away nice and pretty the halt command just says bye-bye gone so you might have some corruption when you bring your system back up it might take a little bit of time to bring it up after that now there’s a number of tools and in fact most of the GUI applications that are out there for backups rely on on some of these tools here our sink is probably one of the most popular right carbon-copy cloner uses our sink it’s just a GUI way into it because so many people are confused how our sink works and carbon-copy cloner is a great way to get in and utilize it from the GUI side if you don’t want to spend the time to learn our sink I know SuperDuper and quite a few others use our sink as well the data command complete duplicate system system including resource Forks you’ve got the ASR command now ASR is for Apple software restore if you’re doing too employment of images or deployment of packages it’s using ASR and ASR is very fast very powerful okay there is a server app command right so you can dig a little bit deeper and I don’t have it listed here but the server admin command that’s one that I use all the time when administering servers have you ever for those of you that administer a Mac server you ever had a time when DNS wasn’t working and you look in the GUI and it shows that it’s on then you go to the command line and it says stop I’ve seen that happen before and all I do is I force a stop to make sure all processes are shut down and then tell it to start again and sometimes the GUI will show that it shut down and turned back on sometimes it’ll just leave itself back on so faster more efficient from the command line that you’ve in you’re going to see from the GUI side of things okay a lot of third-party solutions for backups but most of them are going to be using some of the common tools that are available in UNIX they just do it in a much nicer cleaner way right they make their money by making your job easier because they say look all you have to do is click here click here and click here it’s the GUI interface now if you take a look at our sink as the command actually works it keeps backup data in sync with the original it is a one-way sync it’s not bi-directional synchronization it only copies files or blocks of files that have changed it can copy extended attributes which is important including the resource Forks right who knows what the resource Forks are yeah it’s the way that Apple used to deal with the old metadata right now it’s just considered metadata but that really is what a resource fork is okay it can backup via network using SSH which is a very fast very efficient method and I gave an example here of the our sink command but you’ve got quite a few operands that you’re going to be running with it because just by itself it’s not going to do a whole lot for you ditto command is a complete copy of a specified folder or volume and it grabs absolutely everything right and it it does a really good job it takes right because it even grabs the open space and tries to compress it as it’s going along and then ASR ASR if you’re doing it from the command line probably means that you’re doing multicast if you’re just doing unicast which comes standard with all of Apple’s tools you’re probably going to do it from the GUI and that’s fine it operates very fast very efficient multicast is

changeable via the command line here okay and I throw a couple other really good UNIX tools in play here that that’s some people use secure copy right to add extra encryption on top of it HD util the zip command the zip command does have capabilities of encryption but it’s not supported by the Apple GUI so if you do it from the command line just keep in mind that your users on the other end are going to have to decrypt it from the command line as well they can’t double click on that file ok good resources out there any of the books from O’Reilly including their pocket guides there they’re usually top-notch I list one site OSX FAQ com has a knowledge center it’s about a 40 hour tutorial on UNIX on the basics of Unix they also have an advanced site I just recommend that 40 hours you do straight don’t go to sleep and I didn’t even list Apple site there developer.apple.com you guys can all get a free account and they’ve got some an incredible volume of information training information videos PDFs that you can go through to learn the command line gate most powerful thing here we already saw what POSIX permissions look like it was user group another read write and execute Ackles which I mentioned at the very start of the session ackles allow us to go in and put some really granular permissions onto our files and folders so they really allow us to do our job better they allow us to set up nested groups so groups within groups we didn’t have that for a while we had it under Apple share IP for OS 9 but we didn’t have it under OS 10 until 10.4 came out allowed us to do it once again so your main commands here filesystem access control list control so FS a CL CTL is one of them chmod with the – a and the – EE commands you also have the listing command – l e shows your extended attributes in place so most of the tools have been supplemented with Akal lists so anytime you hear that that acronym Akal it stands for access control list right that’s the microsoft implementation here and you can see that with doing a regular listing you don’t get nearly this much data off of it but it shows you exactly what all the attributes are the security level that you have in place anything that was given with access control lists okay and then the last section here deals with binding a lot of our clients have had issues with binding they don’t like to do it from the GUI interface I’m not a fan of doing it from the GUI interface because I have intermittent results with it whereas I can just throw this script into Apple remote desktop and if I think I’ve got a problem with binding I’m going to break the binding and rebind them again right and it’s a matter of seconds and I don’t have to touch the machine so you have the DS config LDAP this is for tying into an open directory server there’s a lot of operands in it be very careful here you can see that I have a – P I have a password command in here if you’re going to embed the password into a script make sure you and maybe your other IT co-workers are the only ones that are seeing this because it’s clear text it’s clear text when you’re sending it out as well unless an ard you tell it to encrypt traffic under 10 8 traffic was unencrypted by default under 10 9 it’s encrypted by default so just be careful of sending this command out but here’s several different operands and the desk config LDAP command is extremely powerful you have a couple of ways to verify bindings so we talked about the disco command a little bit earlier directory services command line very powerful command that lets you traverse the entire directory structure whether it’s open directory or active directory so I can look at the client records I can look at the Machine Records I can look at the user records okay if you do an ID and the user name it’s going to give you feedback saying yep they exist right it’s a quick test to make sure that you’re tied into directory services properly if you do the ID – you it just shows you their UID UNIX ID okay so ID and disco commands easiest ways to do the checking here you can use dirt to verify the user authentication be careful when you use the dirt command it logs the password to the logs so it’s permanent record in your log files on that system okay if you’re having problems with Kerberos you can use the K init command to force a connection force a KT a TGT Kerberos ticket granting ticket you can do the K list command that shows you all the

Kerberos tickets that you have on your system currently and you can do the K destroy command to blow out all the tickets and restart again is this the same thing as going into ticket viewer absolutely but you’ll find that this is extremely fast and it’s not a sudo command just launch terminal kay destroy then do a K in it and a K list and you’re back in business again the whole binding process has a number of steps that we usually put into the script and I’ve got the steps listed there which is why it’s good thing to have the slides too but we’re basically saying going to director you totally set up the search path do a defaults right to tell it that LDAP v3 is active or active directory right depending on which one that we’re actually using use des config LDAP to bind in to the servers and then do a CPS search path to make sure that it’s viewing what you think it should view on your LDAP server it’s seeing it in the right order now you can use the ID command at this point as well now from time to time whether it’s a max server or a Mac client you find that it doesn’t bind to your domain controller properly right you go to join it and you say well it looks like it’s and why isn’t everything working and that’s because Kerberos didn’t fire off so it’s not getting a ticket granting ticket from Kerberos so I’ve given the command that we use here is the single sign-on utility that we use and it forces it into kebra zation so if it’s a server module from the Mac side forces it into Kerberos ation on the Active Directory domain controller okay we already talked about disco when you are doing binding to Active Directory it is des config ad the command looks almost identical but it’s not using des config LDAP right so it’s just two different commands that we use to do it but it’s in the exact same order that we saw previously now lastly we’ve got four minutes so I’m cutting a little close you have some specific options now this really depends on what version of OS 10 you’re running right because earlier versions 10 9 does a pretty good job without needing this but earlier versions 10 8 and below you had to tell it from the command line to turn on packets signing you had to tell it from the command line to turn on packet encryption to show it where the name space was hey don’t go back to the domain controller and pull credential information pull it from the local domain controller right in the last one pass interval a lot of windows administrators have this problem how do I change the password how do I synchronize the password on a Mac with my domain controller because we’ve got it set every 90 days to ask for a new password so I’m making my users go to a PC and do their password change and come back to the Mac this command puts it on the same sync interval it queries the domain controller and it says when’s this password going to change next and it puts into the Mac operating system and leverages the users and groups preference pane to change their password ok so now we don’t have that disconnect any longer was that too slow I know I have a lot of a lot of material to cover okay any questions yes sir okay yeah so with launch D Ling on is a great graphical interface utility that helps you to build launch D items okay uh-huh okay thank you what’s gonna look it up now I don’t need you all right so it’s help push all right any other questions okay so if you guys want copies of the curriculum just give me your email address or leave me your business card and please take these glass cleaners and mouse pads or drink holders thank you I know we go through so fast and that’s usually people say can you give us a printout next time I