File System & Permissions
By James Reynolds - Revised: 2014-01-23 richardClass Notes from October 24th and January 18th, 2008
Some of this content is from my other Unix and Terminal tutorials.
----------------------------------------
Single user mode
Nice webpage (but not completely accurate)
http://www.westwind.com/reference/OS-X/commandline/single-user.html
To get network in single user mode on 10.4 (after running fsck -fy and mount -uw /):
/usr/libexec/kextd
/usr/sbin/configd
/usr/sbin/lookupd
To get network in single user mode on 10.5 (after running fsck -fy and mount -uw /):
cd /System/Library/LaunchDaemons/
launchctl load com.apple.kextd.plist
launchctl load com.apple.notifyd.plist
launchctl load com.apple.configd.plist
launchctl load com.apple.DirectoryServices.plist
You would be interested in
/Library/Preferences/SystemConfiguration/preferences.plist
/Library/Logs
/var/log
Booting verbose mode
boot-args=-v
nvram -p
boot-args=-v
----------------------------------------
Partitioning from the command line
resizeVolume
http://www.macgeekery.com/tips/cli/nondestructively_resizing_volumes
For the Finder:
disktool -r
----------------------------------------
Mount an AFP volume
Mounting a disk is an existential act. First, you must have a plain (but empty) folder. If you want, you can create a new one using mkdir. For example:
[Computer:/Volumes] james% mkdir "/Volumes/A Very New Disk"
[Computer:/Volumes] james% ls -l
total 8
drwxr-xr-x 2 james admin 68 Oct 7 20:52 A Very New Disk
lrwxr-xr-x 1 root admin 1 Sep 27 09:35 Macintosh HD -> /
It’s there. But it’s empty:
[Computer:/Volumes] james% ls -l "/Volumes/A Very New Disk"
[Computer:/Volumes] james%
Now you can proceed.
Mount a volume (so you don’t have to type your password, which keeps the password out of the history file):
mount_afp -i afp://user@server.example.com/Disk_Name "/Volumes/A Very New Disk"
Mount a volume with the password (for a script):
mount_afp afp://user:password@server.example.com/Disk_Name /Volumes/A Very New Disk"
If the disk mounts and the Finder doesn’t notice, try this to update the Finder:
disktool -r
To unmount it:
umount /Volumes/A Very New Disk
Very simple (yet very mystical).
Another example mounting the disk in your home directory:
[Computer:~] james% mkdir Radical
[Computer:~] james% mount_afp -i afp://secret@secret.example.com/A Disk Radical
Password:
mount_afp: the mount flags are 0000 the altflags are 0020
The disk name is “A Disk” but the mount point is “Radical”. And even more interesting is that “Radical” is located in my home directory! After I did this, Finder hid “Radical” from me and instead put it in my sidebar (how helpful…). Terminal did the correct thing and allowed me to cd into it and do what I wanted. I don’t know why Finder would go through the trouble to hide it. After all, it is very unlikely that a user would accidentally mount something in their home folder…
----------------------------------------
Mount a disk image file (dmg)
hdiutil mount <file.dmg>
[Computer:~/Desktop] james% hdiutil mount *dmg
Checksumming Single Volume (Apple_HFS : 0)...
.................................................................................
Single Volume (Apple_HFS : 0): verified CRC32 $A1000E0F
verified CRC32 $DAAF9163
/dev/disk2 /Volumes/SomeDMG
Unmounting:
[Computer:~/Desktop] james% hdiutil unmount /Volumes/SomeDMG
"disk2" unmounted successfully.
----------------------------------------
Mount disk image as shadow file system
/usr/bin/hdid /path/to/file.dmg -shadow /tmp/shadowfile
----------------------------------------
Ignoring permissions of a mounted volume
Apple allows users to bypass Unix permissions on mounted volumes. To check to see if permissions are ignored on a volume:
vsdbutil -c /Volumes/Diskname
To ignore permissions on the volume:
vsdbutil -d /Volumes/Diskname
To use Unix permissions on a volume:
vsdbutil -a /Volumes/Diskname
For example:
[Computer:/] root# vsdbutil -c /Volumes/Disk
Permissions on '/Volumes/Disk/' are enabled.
Permissions are on.
[Computer:/] root# ls -l /Volumes/Disk
...
-rw-r--r-- 1 james admin 994 Jul 12 13:39 getip.pl
-rwxr-xr-x 1 root admin 433544 Jun 26 14:12 hping_fat
drwxrwxr-x 3 unknown unknown 102 May 12 11:45 iMacSMCUpdate.pkg
-rwxr-xr-x 1 unknown unknown 2374 Dec 28 2005 indexLoops
drwxr-xr-x 30 james admin 1020 Sep 5 11:18 modo
drwxrwxrwx 52 unknown unknown 1768 Sep 19 21:53 ruby
drwxr-xr-x 10 unknown unknown 340 Sep 19 21:53 textmate
-rw-r--r-- 1 unknown unknown 983820084 Aug 15 15:47 xcode_2.4_8k1079_6936199.dmg
Notice the unknown user and group? That is because I created those files while permissions were off. I’ll now turn off permissions, and see what havoc breaks loose.
[Computer:/] root# vsdbutil -d /Volumes/Disk
[Computer:/] root# vsdbutil -c /Volumes/Disk
Permissions on '/Volumes/Disk/' are disabled.
Permissions are now off. Notice I’m the root user.
[Computer:/] root# ls -l /Volumes/Disk
-rw-r--r-- 1 unknown unknown 994 Jul 12 13:39 getip.pl
-rwxr-xr-x 1 unknown unknown 433544 Jun 26 14:12 hping_fat
drwxrwxr-x 3 unknown unknown 102 May 12 11:45 iMacSMCUpdate.pkg
-rwxr-xr-x 1 unknown unknown 2374 Dec 28 2005 indexLoops
drwxr-xr-x 30 unknown unknown 1020 Sep 5 11:18 modo
drwxrwxrwx 52 unknown unknown 1768 Sep 19 21:53 ruby
drwxr-xr-x 10 unknown unknown 340 Sep 19 21:53 textmate
-rw-r--r-- 1 unknown unknown 983820084 Aug 15 15:47 xcode_2.4_8k1079_6936199.dmg
That’s different… Now I’ll become the user named “mac” (a local account on my computer) and look at the permissions.
[Computer:/] root# su mac
[Computer:/] mac% ls -l /Volumes/Disk
-rw-r--r-- 1 mac mac 994 Jul 12 13:39 getip.pl
-rwxr-xr-x 1 mac mac 433544 Jun 26 14:12 hping_fat
drwxrwxr-x 3 mac mac 102 May 12 11:45 iMacSMCUpdate.pkg
-rwxr-xr-x 1 mac mac 2374 Dec 28 2005 indexLoops
drwxr-xr-x 30 mac mac 1020 Sep 5 11:18 modo
drwxrwxrwx 52 mac mac 1768 Sep 19 21:53 ruby
drwxr-xr-x 10 mac mac 340 Sep 19 21:53 textmate
-rw-r--r-- 1 mac mac 983820084 Aug 15 15:47 xcode_2.4_8k1079_6936199.dmg
Shazam! The user named “mac” owns all those files! Now I’ll become a different user and see what happens.
[Computer:/Volumes] mac% exit
exit
[Computer:/Volumes] root# su james
[Computer:/Volumes] james% ls -l Radmind Ignores/
-rw-r--r-- 1 james james 994 Jul 12 13:39 getip.pl
-rwxr-xr-x 1 james james 433544 Jun 26 14:12 hping_fat
drwxrwxr-x 3 james james 102 May 12 11:45 iMacSMCUpdate.pkg
-rwxr-xr-x 1 james james 2374 Dec 28 2005 indexLoops
drwxr-xr-x 30 james james 1020 Sep 5 11:18 modo
drwxrwxrwx 52 james james 1768 Sep 19 21:53 ruby
drwxr-xr-x 10 james james 340 Sep 19 21:53 textmate
-rw-r--r-- 1 james james 983820084 Aug 15 15:47 xcode_2.4_8k1079_6936199.dmg
Double shazam! Now the user “james” owns the files!
What does this mean? If you allow other users SSH access to your computer and you think that they can’t access mounted volumes, you better make sure by checking that permissions are not ignored. If permissions are ignored on a volume, every user that logs in will be the owner of everything on that volume.
----------------------------------------
Open a CD tray
drutil eject
Use scripts that synchronize their times with their IP and send the command via Apple Remote Desktop that open and close the trays of rows of computers in front of large crowds of Apple system admins in order to pretend that you are Steve Hayman.
----------------------------------------
Find disk usage
Terminal can tell you how much space you have left just like the Finder.
[Computer:~] james% df -lh
Filesystem Size Used Avail Capacity Mounted on
/dev/disk0s2 74G 68G 5.8G 92% /
/dev/disk1s2 74G 68G 5.8G 92% /Users/james
I happen to be using encrypted home folders, and wouldn’t you know it, /Users/james is a mounted disk! It is kinda odd it is the same size as the hard disk though.
And ironically, no matter how big hard drives get, I always push my usage above 90%.
Display the amount of disk space a folder/file is taking up.
du -hd0 <path>
It counts everything right then and there, so if you run du -hd0 /, you might want to go find something else to do.
2.3G /System/
Change the number after the d option to show more details. For example 3 shows the sizes of everything 3 levels deep:
[Computer:/Applications] james% du -hd3 /Library/Application Support/Luxology/modo 201/Documentation
8.0K /Library/Application Support/Luxology/modo 201/Documentation/help/common/css
56K /Library/Application Support/Luxology/modo 201/Documentation/help/common/img
4.0K /Library/Application Support/Luxology/modo 201/Documentation/help/common/script
68K /Library/Application Support/Luxology/modo 201/Documentation/help/common
525M /Library/Application Support/Luxology/modo 201/Documentation/help/pages/clips
18M /Library/Application Support/Luxology/modo 201/Documentation/help/pages/imgs
1.6G /Library/Application Support/Luxology/modo 201/Documentation/help/pages/video
2.1G /Library/Application Support/Luxology/modo 201/Documentation/help/pages
2.2G /Library/Application Support/Luxology/modo 201/Documentation/help
2.2G /Library/Application Support/Luxology/modo 201/Documentation
Thus we see that “help/pages/video” is 1.6 GB and “help/pages/clips” is 525 MB, totaling 2.1 GB, the bulk of modo’s documentation (each folder contains video files).
----------------------------------------
: vs /
----------------------------------------
Aliases vs links
----------------------------------------
lsof
----------------------------------------
fs_usage
----------------------------------------
asr restore --source source --target target [options]
----------------------------------------
ditto /source /destination
cp -R /source /destination
----------------------------------------
fsck
----------------------------------------
rm -s
----------------------------------------
lsbom and Pacifist
----------------------------------------
Open a file:
open <filename>
Open a file with TextEdit:
open -e <filename>
Open a file with default text editor (determined by LaunchServices—the “Open With” setting in Get Info):
open -t <filename>
Open a file with a particular application:
open -a <path to app> <filename>
Open a directory (in Finder):
open <directory>
Launch an application:
/path/to/application.app/Contents/MacOS/appname
Example
/Applications/Safari.app/Contents/MacOS/Safari
If you run an app using the above technique, it is no different than running any other command, such as rm. The difference is that rm runs and quits very quickly (well, sudo rm -r / will probably take awhile). If you want to launch the app and keep using the terminal, then just “detach” it by putting a space and ampersand at the end, like this:
/Applications/Safari.app/Contents/MacOS/Safari &
Any app can print to the terminal, and that is exactly what command line apps do. GUI apps can do that too, but most do not. So if you use the ampersand, and text suddenly appears in your terminal, it could be from the command you detached. The text does nothing, so you can ignore it if you want (and if you can—you may need to clean up your display).
----------------------------------------
10.4:
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister
10.5:
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister
lsregister: [OPTIONS] [-domain { system | local | user | network }]... [path]...
Search the paths for application bundles and add each found item to the Launch
Services database. For domain specifications, ask CF for the list of application
locations in the given domain(s).
-kill Reset the global Launch Services database before doing anything else
-lint Print information about plist errors while registering bundles
-convert Register apps found in older LS database files
-lazy n Sleep for n seconds before registering apps if the local cache
is aleady populated.
-r Recursively register directory contents, do not recurse into
packages or invisible directories.
-R Recursively register directory contents, including the contents
of packages and invisible directories.
-f force-update registration info even if mod date is unchanged
-v Display progress information.
-dump Display full database contents after registration.
-h Display this help.
----------------------------------------
Hidden files
If a file begins with a period “.” (like “.DS_Store”) it is invisible in the Finder and with ls. ls -A (or ls -a) is how you view all of the invisible stuff. The Finder will never show you invisible items. Also, the root directory, “/”, contains hidden files that are not visible by the Finder but don’t begin with “.”. The Finder looks at the file “/.hidden” (if it exists) and hides everything listed in the file. Finder also has meta file information that can hide a file that doesn’t begin with a dot. You can view this meta information with something like GetFileInfo.
[Computer:/Library] james% /Developer/Tools/GetFileInfo /private
directory: "/private"
attributes: aVbstclinmedz
created: 04/17/2006 23:27:37
modified: 10/02/2006 20:59:54
Notice the V in the attributes line. Capital means it is invisible. (Type “man GetFileInfo” for more information—you must have the developer tools installed.)
To make a file invisible the Unix way just use a period as the first character in the name. Note, the Finder will not let you do this.
To make a file or folder invisible to the Finder, use SetFile.
[Computer:~] james% /Developer/Tools/GetFileInfo /Users/james/Desktop
directory: "/Users/james/Desktop"
attributes: avbstclinmedz
created: 09/13/2006 09:59:23
modified: 10/07/2006 14:57:12
[Computer:~] james% /Developer/Tools/SetFile -a V /Users/james/Desktop
[Computer:~] james% /Developer/Tools/GetFileInfo /Users/james/Desktop
directory: "/Users/james/Desktop"
attributes: aVbstclinmedz
created: 09/13/2006 09:59:23
modified: 10/07/2006 14:57:12
To make it visible, use a lowercase “v”
[Computer:~] james% /Developer/Tools/SetFile -a v /Users/james/Desktop
----------------------------------------
File locking
In the Finder, you can select “Get Info” on any file or folder and there is a checkbox to “Lock” it. This makes it so you can’t delete or change the file. You can do this in the Terminal too.
Lock a file/folder:
chflags uchg <path>
Lock a directory and everything in it:
chflags -R uchg <path>
Unlock a file:
chflags nouchg <path>
Unlock a directory and everything in it:
chflags -R nouchg <path>
----------------------------------------
You can use Spotlight from the command line!
mdfind <text to find>
----------------------------------------
Class Notes from October 24th 2008
Basic permissions
http://arstechnica.com/reviews/os/macosx-10-4.ars/8
-------------
10.5 can create directory hard links, was added for Time Machine.
-------------
Extended attributes and ACL's
http://arstechnica.com/reviews/os/macosx-10-4.ars/7
http://arstechnica.com/reviews/os/mac-os-x-10-5.ars/11
ls -el
chmod +ai "guest allow write" Public/
chmod -a# 1 Public/
chmod -a# 0 Public/
To remove all acl's recursively:
chmod -R -N Public/
-------------
ls -@l
ls -l@ Web/Utilities/watch_log.pl
-rwxrwxr-x@ 1 u0076374 admin 2779 Mar 10 2008 Web/Utilities/watch_log.pl
com.apple.FinderInfo 32
com.apple.ResourceFork 470
http://forthescience.org/blog/2007/12/11/macosx-leopard-extended-ls/
-------------
/usr/bin/xattr (10.5)
usage: xattr [-l] file [file ...]
xattr -p [-l] attr_name file [file ...]
xattr -w attr_name attr_value file [file ...]
xattr -d attr_name file [file ...]
The first form lists the names of all xattrs on the given file(s).
The second form (-p) prints the value of the xattr attr_name.
The third form (-w) sets the value of the xattr attr_name to attr_value.
The fourth form (-d) deletes the xattr attr_name.
options:
-h: print this help
-l: print long format (attr_name: attr_value)
xattr some_file.txt
com.apple.FinderInfo
com.apple.ResourceFork
xattr -p com.apple.FinderInfo watch_log.pl
TEXTPLdb
xattr -p com.apple.ResourceFork watch_log.pl
??2?,?+????????dbgVi?iP?P
?
?}A}?@??23??2PLdt
???
xattr -lp com.apple.ResourceFork watch_log.pl
com.apple.ResourceFork:
0000 00 00 01 00 00 00 01 A4 00 00 00 A4 00 00 00 32 ...............2
0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0100 00 00 00 A0 00 00 00 06 00 2C 00 04 03 A5 04 2B .........,.....+
0110 00 00 00 00 00 00 00 00 D8 F1 D8 F1 00 00 00 00 ................
0120 D8 F1 D8 F1 00 00 00 00 00 00 00 00 00 00 00 00 ................
0130 00 00 00 00 00 00 00 00 64 62 67 56 00 00 00 00 ........dbgV....
0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0150 00 00 00 00 00 00 00 69 00 00 00 8C 00 00 00 69 .......i.......i
0160 00 00 00 50 00 00 00 8C 00 00 00 50 00 00 00 01 ...P.......P....
0170 00 00 0A 87 00 00 0A 87 00 00 00 02 00 00 00 7D ...............}
0180 00 00 00 41 00 00 00 00 00 7D 00 00 00 C8 00 00 ...A.....}......
0190 00 00 01 00 01 00 00 00 00 00 00 00 00 00 1C 40 ...............@
01A0 00 00 00 00 00 00 01 00 00 00 01 A4 00 00 00 A4 ................
01B0 00 00 00 32 00 33 00 80 03 8D 00 00 00 1C 00 32 ...2.3.........2
01C0 00 00 50 4C 64 74 00 00 00 0A 00 80 FF FF 00 00 ..PLdt..........
01D0 00 00 00 00 00 00 ......
-------------
To remove extended attrs
for i in $(ls -Rl@ | grep '^ ' | awk '{print $1}' | sort -u); do echo echo Removing $i ... >&2; find . | xargs xattr -d $i 2>/dev/null ; done
for i in $(ls -Rl@ | grep '^ ' | awk '{print $1}' | sort -u); do echo echo Removing $i ... >&2; find . -print0 | xargs -0t xattr -d $i 2>/dev/null ; done
The space after the caret in the grep command is produced by typing Ctrl-V and then Tab, to insert a Tab character.
http://zzamboni.org/brt/2008/05/07/removing-all-extended-attributes-from-a-directory-tree/
-------------
Disable acls (not recommended in 10.5):
sudo fsaclctl -p /Volumes/<yourVolume> -d
Enable acls:
udo /usr/sbin/fsaclctl -p / -e
------------