The Unix Influence on Mac OS X - Page 2
Command Line Offers Speed and Power
Many built-in and third-party GUI administration tools are available for OS X, yet despite the graphical nature of the OS X environment, administrators should also know how to use Unix commands.
The Unix command line is widely regarded as faster to use than a GUI — once you know what you're doing, that is. The CLI makes it possible to perform a wide range of functions, all from the same place.
For certain functions, the command line is still the only choice, according to Regan. Apple's earlier MacOS 9, for instance, came with unsupported extensions for setting Ethernet ports manually. "In Mac OS X, you need to do this from the command line," by using the ifconfig command, Regan said.
Before demoing sudo, su, and other Unix commands in the "Mac OS X – Advanced Concepts and Administration" session, Regan noted that many of these commands are merely abbreviations. For instance, pwd stands for "print working directory."
"Freeware ManOpen will list commands and open manual pages in the GUI," he added. You can search commands by keyword if you type %man -k <keyword>, and to learn more about a specific command, simply use the manual command — %man pwd, for example. You can quit most commands by just typing Q, and Command -K will clear the screen.
The Mac Trainers also advised admins to "back up your NetInfo database regularly using command line utilities," and "learn some command line tools if you wish to fiddle with your NetInfo database." Useful commands for these purposes include NICL, niload, and nidump. "Don't delete things unless you are SURE you know where they are," warns Regan.
Getting to the Root of Unix
"Mac OS X must have an administrator," Regan emphasized. The first user account, established during OS X setup, is an admin account. The initial admin, though, can be deleted later.
By default, administrators have all the same access privileges as users. Administrators, though, also get perks such as the capability to change any system preference — plus "write" access to the Library folder, the application folder, and the root of the drive.
"The administrator is known as the root user in Unix," Regan said. The root user has "unlimited access to everything." Root access, though, "should only be used when necessary, and otherwise avoided." The downside to root access is that sessions aren't logged.
This 'Sudo' Is for Real
A wiser approach is to disable root access, and then use "sudo" (super user do) when you need to execute other commands as root, Regan said. The sudo configuration file is /private/etc/sudoers.
Any command preceded by "sudo" will execute with the permissions of the root. All "sudo" usage, though, is logged in the system log.
"This is trackable, so it's safer," said Kevin White, Mac OS X training specialist at The Mac Trainers.
Additionally, administrators must authenticate to use sudo, and sudo will stay active for only five minutes without reauthentication.
By default, the root user is not enabled on the OS X client. Administrators, though, can use NetInfo Manager to enable and set up passwords for other root users.
To do so, you must first authenticate, then choose "enable root," and finally enter the new root password twice. Further changes will require you to reauthenticate.