MacOSX Site News at A.P.Lawrence.com

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.

I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. If you have any question, please do feel free to contact me.

Prevent deletion or moving of files

Linux,MacOSX,Shell 2009/10/27

You need to let users create files in a common directory, but you don't want them to be able to delete other's files. Or you've put certain files, directories or symlinks into a user's home directory and don't want them to be able to mess with any of those. What can you do?

"t" bit

If you create /foo and do "chmod 1777 /foo", you'll have a world-writeable directory with the "text bit" set. Any user can create files here, but they can only delete files that they own (root can still rm anything). That's ownership as listed in the "owner" column of an "ls -l". Group ownership doesn't come into play here although it does change responses a bit.

Let's see what happens when Sam tries to remove Pete's files in a directory with the text bit set:

[sam@localhost foo]$ ls -ld .
drwxrwxrwt 2 root root 4096 Sep 18 06:00 .
[sam@localhost foo]$ ls -l
total 12
-rw-rw-r-- 1 pete pete  29 Sep 18 05:52 pete
-rw-rw-r-- 1 pete apl   29 Sep 18 06:00 peteapl
-rw-rw-r-- 1 pete wheel 29 Sep 18 06:00 petewheel
[sam@localhost foo]$ id
uid=502(sam) gid=502(sam) groups=502(sam)
[sam@localhost foo]$ rm *
rm: remove write-protected regular file `pete'? y
rm: cannot remove `pete': Operation not permitted
rm: remove write-protected regular file `peteapl'? y
rm: cannot remove `peteapl': Operation not permitted
rm: remove write-protected regular file `petewheel'? y
rm: cannot remove `petewheel': Operation not permitted

Now watch what happens when a user in the "wheel" group does the same thing:

[apl@localhost ~]$ cd /foo
[apl@localhost foo]$ ls -l
total 12
-rw-rw-r-- 1 pete pete  29 Sep 18 05:52 pete
-rw-rw-r-- 1 pete apl   29 Sep 18 06:00 peteapl
-rw-rw-r-- 1 pete wheel 29 Sep 18 06:00 petewheel
[apl@localhost foo]$ id
uid=500(apl) gid=500(apl) groups=10(wheel),500(apl)
[apl@localhost foo]$ rm *
rm: remove write-protected regular file `pete'? y
rm: cannot remove `pete': Operation not permitted
rm: cannot remove `peteapl': Operation not permitted
rm: cannot remove `petewheel': Operation not permitted
[apl@localhost foo]$ 
[apl@localhost foo]$ 
[apl@localhost foo]$ rm peteapl
rm: cannot remove `peteapl': Operation not permitted
[apl@localhost foo]$ rm petewheel
rm: cannot remove `petewheel': Operation not permitted
[apl@localhost foo]$ rm pete
rm: remove write-protected regular file `pete'? y
rm: cannot remove `pete': Operation not permitted

Having write permission makes rm proceed without caution, only to be brought up short by the restrictions of the "t" bit.

mount --bind

If the problem is removal of a directory and it is not terribly inconvenient for you to have that directory actually be on a separate filesystem, then "mount" can make the directory safe from removal. You can read more at mount --bind, but it's not very complicated. Let's say we have /dev/foo mounted at /foo and I want a "link" to that under /home/fred. All I have to do is:

mount --bind /foo /home/fred/foo

Fred can have full write permissions on /foo if he needs it, but he will not be able to remove /home/fred/foo. Not even root can:

# rm -rf /home/fred/foo rm: cannot remove directory '/home/fred/foo': Device or resource busy

Now THAT is removal protection!

ACL's

Typically, ACL's let you avoid complicated groups by setting specific permissions for specific users. Other than setting a file as "immutable" (chattr +i filename on some Linuxes), you really can't prevent removal of a file. Of course setting it that way may also make it useless, as even the owner can't modify or remove it either without doing "chattr -i" first.. See ACL's for more on that.

[pete@localhost foo]$ id
uid=501(pete) gid=501(pete) groups=501(pete)
[pete@localhost foo]$ chattr +i pete
[pete@localhost foo]$ rm -f pete
rm: cannot remove `pete': Operation not permitted
[pete@localhost foo]$ mv pete /tmp/
mv: cannot move `pete' to `/tmp/pete': Operation not permitted
[pete@localhost foo]$

Comments: Click Here.

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.

Plenty of space here

Shell,Linux,MacOSX 2009/10/21

"Type ess-see-pee-SPACE-john-ATSIGN-192-DOT". The person at the other end of the phone line interrupted me: "Hold on, I typed an extra space".

"You mean before 'john''?", I asked, "That doesn't matter".

"Why doesn't it matter? It always has", he asked, obviously confused.

I could understand that. Like many people, my customer doesn't understand spaces in command lines. Unlike most, he's not one to leave spaces out - no, he's more likely to insert gratuitous spaces where none are wanted. For example, in an earlier "scp" command, he had added a space after "john". I had chastened him not to add any spaces unless I specifically said to, so it seemed reasonable to him to think that two spaces in a row would also be an error. I needed to explain that multiple spaces would be ignored, indeed not even seen by "scp".

His confusion is easier to understand than that of people who leave spaces out. I understand that part of that came from DOS. Being able to do things like "DIR/P" created a lot of this. But can that really be responsible for all of it? Many people today might have never, ever used a DOS command line - why would spaces still confuse them?

Putting a space after "john" isn't illogical. The "scp" command could have been written to parse the user name as a separate argument. You'd probably need "to" and "from" to specify the direction of the copy; you'd type things like "scp /tmp/foo from 192.168.7.2 john /tmp/foobar" and change "from" to "to" if you needed to go the other way. Some people might find that less confusing than the present syntax.

But if our goal is to not confuse users, maybe we shouldn't have command line arguments at all? Our user would type "scp", press enter, and the program itself would ask the appropriate questions. For a command like "scp", which is meaningless without additional parameters, it wouldn't be difficult to design it to act on any supplied arguments and prompt if none were offered. Interfaces like that are hardly without precedent, but few Unix/Linux commands bother to do that, simply because it's not so easy to do. Take a refresher look at "man scp" and think about how many questions you'd need to ask!

Spaces will continue to confuse for as long as there are command lines. I'll be intoning "ess-see-pee-SPACE-john-ATSIGN-192-DOT" for at least a few more years.

Comments: Click Here.

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.

Friends shouldn't let friends buy Windows PC's

Microsoft,MacOSX 2009/10/18

Even among the most enthusiastic of Windows champions, few advise upgrading an older XP or earlier machine to Vista or Windows Seven. The reason is simple enough: these new versions demand too much from hardware and your performance will suffer.

The ill-advised "upgrade" is actually a complete reinstall, overwriting and wiping out everything currently on the machine.

Microsoft agrees. At Can my PC run Windows 7?, they say:

"And while we don't recommend it, should you choose to upgrade your current PC from Windows XP or another operating system to Windows 7, we recommend that you get help with this process from your local computer service provider. You'll need to back up your current files and settings, perform a custom (clean) installation, and then reinstall your files, settings, and programs."

Coming from Vista may not brighten your heart that much: Microsoft also notes that a Windows 7 upgrade could take nearly a day on "mid end" hardware (not "low end", not "high end", "mid end") .

So you'll get to hang around for a few hours. Better have a UPS - this is not something you'd want crashing mid-way!

Why not just get a Mac?

Really. If you are coming from XP, you need a new machine. Your XP programs aren't going to work, some of your old hardware may not work, you need to transfer data - it's a lot of trouble. Sure, you might be able to get help with all that from wherever you buy that new Windows 7 PC, but then again, if you are buying on-line or at a discount store, you probably won't get any help.

If you buy a Mac, you can bring your old XP machine to the local Apple store and for $99.00 they'll do all that:

"Just drop off your old computer - Mac or PC - and we'll transfer your files, install any new Apple software you've purchased, and put it all in the right places."

Your new Mac is going to be safer than running Windows. It's not just because there are very few Mac viruses and exploits to start with, although that is true. The design of OS X is simply much more secure than XP and any previous Windows version. Vista and Win7 are also more secure, and it would be fair to say that they match OS X in that were it not for one thing: the incredibly easy ability to disable much of that security for "convenience". Win 7 is supposed to be less annoying than Vista, but it's annoying enough that the controls for disabling security prompt entirely are built right in to Control Panel.

Imagine that - Microsoft KNOWS that people will hate these features and gives you a way to bypass them! Many users will do that, leading to increased possibility of attacks.

As to Mac's being more expensive, that's simply misdirection. You CAN buy low end PC's for less than the lowest cost Mac. However, those bargain basement machines will be low quality and low power - they aren't going to run Vista well and they are more likely to have quality issues. If you really compare apples to apples, Macs often cost LESS than comparable PC's - that's a subjective judgement, of course, but I say it with good reason.

For most users, there is simply no reason NOT to use a Mac. Equivalent or identical software is almost always available, quality is definitely better, and although we don't yet know how Windows 7 will do on security, a Mac is likely to be safer.

And, if you really miss XP: you can run it inside Mac OS X with Parallels or VMware (Win 7 Premium offers the same ability).

Friends shouldn't let friends buy Windows PC's. It's as simple as that.

Comments: Click Here.

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.

Is Linux the One True Religion?

Linux,MacOSX,Lighter 2009/10/06

I don't know when or why I wrote this. It couldn't have been too long ago; I first bought an iBook in December of 2002. It apparently was in response to someone who said their professor advised them not to use Linux. Whatever, whenever, here it is:

Oh, I found it at Plex86.org. I thank them for preserving it - I had forgotten it entirely.

There is only one true religion, though it's impossible to know whether it's Linuxism, BSDism or SysVism. Some extremely deluded folks once thought it was McBridism but that's generally considered to have been falsified. So you have a one in three shot at salvation.

The problem is, if you guess wrong, you are doomed to spend eternity crawling through the Mines of Misery with a Tandy Model 100 computer as your only companion. The Gods of *ix are jealous gods and won't stand for competition and false idolatry.

The only certain thing is that the Microsoft guys are screwed. If you worship at the altar of Linux, you may end up pecking at the Model 100's keys while the stench of Unicorn dung fills your nostrils, but at least you have a shot at your own Camel Beast and all the other perks that go along with having chosen the Right Religion.

My feeling is to embrace 'em all and believe in nothing. You might call me a Secular Posixist. I'm typing at an iBook keyboard, have one terminal window open to a Linux website I run, and another to my BSD based site. May the gods have mercy on my soul, but I still have some SCO customers here and there (though I've moved more than a few to Linux).

Who cares what some P-thing (Pastor or Professor) thinks? Linux is not real Unix, but Unix isn't real Linux either. Think for yourself - it may seem strange at first, but it's habit forming. Just imagine making up your own mind about something.. I know, it's scary taking responsibility for your own opinions. When you do that, you can't say "God says I have to hate gays" or "My professor says I shouldn't use Linux". Nope, you'll have to take full responsibility for your own opinions. I don't mean that you have responsibility to other people necessarily; primarily your responsibility is to yourself. You are the captain of your ship and shouldn't be letting other people tell you how to trim the sails. Sure, you'll listen to the tales of those with more experience, but remember that ultimately it's your course to chart, not theirs.

So give the Professor a big old smile and agree wholeheartedly:

Yessiree, Linux is not real Unix. And so?

Comments: Click Here.

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.

Network Know-How

Books,Reviews,Networking,Microsoft,Linux,MacOSX 2009/10/07

Index by Subject

Network Know-How
John Ross
1593271913

This is the book I'd give to someone who needed to learn a lot about computer networking quickly.

I'm tempted to say that this isn't a geekish book, but it is. It just doesn't read like a geekish book. You'd need to be very tech-phobic to feel frightened by this: the author explains things very gently, yet very completely.

I was very impressed that he did not ignore Linux or Mac OS X. The text regularly refers to those other Operating System choices and he has a few pages that give a very fair comparison of their respective stregths and weaknesses. Not only that, but he recognizes that:

In a very small business, the numbers will probably work out in favor of free or inexpensive server software unless you have to pay for outside support.

Oh, I could quibble that he didn't need the "outside support" qualifier and didn't need to restrict this to "very small business", but as most advice of this sort is often very Windows biased, I was happy to see that.

This is complete, from running wiring to what you can do with a network after it's working. It covers wireless security, vpn's, print servers, setting up routers, everything. What made it particularly great for me was that as I read along, I'd start to think, "Ah, but you are ignoring.." and then, bam, he'd hit my complaint in the next paragraph.

Very, very well done. I have to give it a top rating.

Tony Lawrence 2009-10-06 Rating: 5.0

Order (or just read more about) Network Know-How from Amazon.com. Yes, I make a small referral fee if you use that link.

Comments: Click Here.

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.

Print file listings from the command line

MacOSX,Shell,Printing
Updated September 2009

The OS X Finder suffers from a rather amazing limitation: you can't print the list of files you see in a Finder window. You can grab them and paste the list into something that can print, or you can do a screenshot and print that, but that's almost all.

Directory Content Printer is the one of only a few third party products I found - apparently this isn't seen as needed by many people!.

Another is Print Window. There is also PrintFinder.

Of course you can get quick printing from the command line. For some reasion, that suggestion is seen as unpleasant by most users. Even my wife, sitting not three feet from me, acts like I asked her to dig through the garbage when I suggest she open Terminal to do something.

It's not so horrible, really. Open Terminal (hit Command-Space for Spotlight and type "Terminal" if you have no idea what I mean), and try:

 ls | lp
 ls /Applications | lp
 ls ~/Documents | lp
 ls -l | lp
 ls -lR | lp
 ls -l | sort -r +4 | lp

That "|" thingy is called a "pipe symbol". It's the broken vertical bar produced by SHIFT-\. That's right, hold Shift and hit "\".

The "ls ~/Documents" says to list the "Doocuments" directory under your Home ("~") directory. An "ls ~Pictures" would list your Pictures.

Was that painful? There's a lot more you can do at the command line and none of it is really hard. Read some of the "Shell" articles here and particularly see Take Control of the Mac Command Line with Terminalfor more.

Don't neglect reading the "ls" man page if you aren't familiar with it; there are a lot of options for showing the files in different ways. You'd type "man ls" while still in Terminal to do that.

Why don't you print it? Type

man -t | lp

Or send it to Preview:

man -t ls | open -f -a /Applications/Preview.app/

I'm really surprised that there is still no way to do this from Finder. Maybe OS X will eventually address this, but printing from the command line will probably always have more power and flexibility.

Comments: Click Here.

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.

How do I set up a network printer or print server?

FAQ,Linux,MacOSX,OSR5,Printing

Printing FAQ

How do I set up a network printer or print server?

Updated September 2009

LPR/LPD printers

Of course Unix/Linux systems know how to print to these. SCO called them "Remote" printers, but LPD (RFC1179) is what they meant (though uncheck the "extended protocol" unless the printer is on another SCO box).

In the absence of a printer config tool, you can easily add lpd printers to /etc/printcap - there's lots of information here about that.

Even Windows can print to LPD, but you have to install "Other Network File and Print Services" from "Add/Remove Windows Components". Windows can also be an LPD server; you need "Print Services For Unix" to get that.

Direct socket printers

HP printers, Netgear print servers and others often use direct socket printing. To print, you simply send data to a specific network port: 9100 for HP, 9101 for the second printer on a HP multiport print server, 4010 for Netgear and so on. There's no protocol, headers, trailers - whatever you send, the printer gets.

Linux/Mac

With CUPS, you can do this right from the command line:

sudo lpadmin -p laserjet6L -E -v socket://10.1.36.221:4010 -m laserjet

In that case, we want to call our printer "laserjet6L" and it lives at 10.1.36.221 on port 4010 (that's a Netgear Printserver).

You can do the same thing on OS X if it fails to find your printer by itself.

SCO (System V)

If your printer does LPD, you set it up as a Remote Printer.

If it does not, see the example of using "netcat" at How do I install a HP Network Printer or Print Server?. You'll need to know its IP address and /Jeffl/portnumbers.html.

Windows

Windows has a very strange setup for this. You'd logically think that you'd choose "Network Printer", but no, you need to choose "Local" and then create a new port, choosing TCP/IP as the port type. If this is a port 9100 printer (HP), that's "Generic"; otherwise you choose the port in the advanced configuration.

Perl

You can send data straight to any port printer:

#!/usr/bin/perl
use IO::Socket;
$host=shift @ARGV;
$port=shift @ARGV;
$socket=IO::Socket::INET->new(PeerAddr=> $host, PeerPort=> $port, Proto=> 'tcp',
Type=> SOCK_STREAM) or die "Can't talk to $host at $port";

while (<>) {
print $socket $_;
}
close $socket;

Netcat

On Linux/Unix/OS X, you could also use "nc" for the same purpose. "cat yourfile | netcat printer_ip_address 9100", for example.

For old SCO, see Where do I get "netcat" and how do I use it?

Comments: Click Here.

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.