Many people, in editing the root user's crontab, may not be mindful of the great security risks involved. I felt that it should be mentioned here that anyone who makes use of cron must be thoroughly cautious of the commands and programs that are to execute on a regular basis. Essentially, one should take precautions to ensure that the program/script/command executed by a user's crontab should be writable only by that particular user.
A sobering example is one in which a script is set to be run every x hours via the root user's crontab (/etc/crontab). If this script has its file permissions set such that any user can write to it, you have essentially provided a means for any user on your machine to execute any arbitrary command as root.
I realize that this may be obvious to some people, but for those who are not particularly mindful of computer security, it has hopefully drawn some awareness.
This hint covers using a combination of the UNIX shell and AppleScript to make a simple but effective alarm clock. If you are like me, you are a geek that never turns off his/her computer. ;-) My iMac runs Seti@home and another distributed computing project all the time, so I rarely turn it off.
I figured out how to make a simple alarm using the terminal and AppleScript to cause a voice to start talking in the morning to wake me up.
After I set up X windows I ran into a small problem: I run X windows applications on a number of servers at work (some of them are randomly chosen by the application), but I don't want to have to use "xhost +" to allow any machine to access my X server (doing so opens up all kinds of security risks). Issuing multiple xhost commands in my .cshrc file works well enough, but when .cshrc is run by Terminal.app, I get an ugly error for each xhost command.
The solution I found is to create a file "/etc/X0.hosts" (that's x-zero) which includes the names of all hosts that shall be allowed to open windows on my system. It's global, and thus not an ideal solution, but it works for me.
You can make file that holds a list of machines and their associated usernames and passwords quite easily. This file is also recognized by wget (a powerful ftp and http client). You need to be in your home directory and type
pico .netrc
This will open a text editor into which you type:
machine machine_name_or_IP# user your_username password your_password
Then type control-X to save the file and exit from pico.
At the terminal prompt type:
chmod 700 .netrc.
This makes the file readable only by you.
Now when you ftp to that machine you will automatically log in. You can add additional machines one line at a time. If you want, you can make the last line look like this:
default user anonymous password name@machine.net
This will enable anonymous login. Even better is that wget recognizes this file and automatically logs into the machines specified. I got this from the ftp man page ('man ft' in the Terminal), very near the bottom. Enjoy!
This is a relatively simple hint, but it makes sense for people who use X11 (XDarwin) in rootless mode. A shell environment variable "DISPLAY" tells XWindows applications where the windows should display. When you start XDarwin, DISPLAY is automatically set to :0.0, but this variable only gets exported to new xterm shells.
xterm is slow while scrolling, yet Terminal.app is quite quick. Why not use Terminal.app instead of xterm? To do this, use this command in a variant of csh.
setenv DISPLAY :0.0
(if you don't use a variant of csh, you will need to know how to set environment variables in your shell.)
Put this in your shell init script (which is most likely .cshrc for those who haven't changed their default shell or made a .tcshrc file instead) or just use it at the command prompt. From then on, you can use Terminal.app to open your x windows apps.
This is only useful if you're using XDarwin in rootless mode; it looks great with OroborOSX!
A while back there was a post regarding using 'find' to locate all non-English .lproj files.
Since then, I still haven't gotten the hang of 'find'. But my find demands are fairly minimal. Even so, it'd be nice to have a simple CL utility for searching. Today I ran across an article at O'Reilly & Assoc. that mentions the program 'locate'. Check out Unix for the Rest of Us for a great overview of the UNIX underpinnings of OS X (on the first page) and a detailed example of using 'locate' on the second page.
[Editor's note: This is an article from June, but it's still quite relevant today, and makes for good reading. Once you understand how locate works, go grab a copy of the freeware program Locator, which wraps a nice Cocoa GUI around the 'locate' command, allowing you to run lightning-fast searches from the GUI. Locator's speed leaves Sherlock in the dust.]
If you view 'man' pages in the Terminal (or using something like ManOpen in the GUI), then you may be familiar with the footers that are inserted every so often, as shown in this snippet from "man tcsh":
...... ...... Sets the environment variable name to value. (Domain/OS only) (+)
Astron 6.10.00 19 November 2000 1
TCSH(1) TCSH(1)
-e The shell exits if any invoked command terminates ...... ......
These footers are somewhat annoying in the terminal, and very annoying if you're trying to print the manual in ManOpen, as they do not align with 'real' page breaks.
Carl Lindberg, the author of ManOpen, went looking for a solution to this problem after I (annoyingly?) asked him why they appeared regardless of what kind of tweaking I did in the Terminal. It turns out that the version of 'groff' (a document formatting utility) installed with OS X is a bit out of date. Installing the new version (1.17.2) removes the page footers, making the man pages print quite nicely in ManOpen.
If you'd like to install the newest 'groff', read the rest of the article for the instructions.
Security is good and passwords are boring. I use RSA/DSA key authentication when I connect to my web servers via SSH and made a habit of not setting a password for the keys. This way I could connect without logging in. Very easy but not very secure if someone got their hands on my RSA/DSA keys.
Thanks to the article "OpenSSH key management" by Daniel Robbins, Part 1 and Part 2, I now have a secure *and* convenient setup.
The program that made the solution extra good is Keychain, by the author of the article. Install Keychain and then add the necessary lines to your login script.
Read the rest of this article for an example using the Bash shell...
The default global completions file that comes with Mac OS X uses /etc/hosts to get a list of hostnames. This isn't terribly useful since that file generally never contains anything useful (and there is a comment in the completions file suggesting that it be replaced with something smarter).
Create a file in /usr/local/share/ called common_hosts (make sure it is world readable - 'chmod 644'). Inside this file, list common hostnames (on seperate lines) that you commonly have to type out.
Now edit line line 83 of the global completions file (/usr/share/init/tcsh/completions) so that it refers to the new /usr/local/share/common_hosts file instead of /etc/hosts. i.e.: alias list_all_hostnames 'grep -v "^#" /usr/local/share/common_hosts'
Say your common_hosts file contains the hostname:
dhcp-user.192.168.1.1.somehost.edu
If you need to ssh or that host you could just type:
ssh dhcp[tab]
I haven't seen this posted anywhere, but Apple has included several scripts to nicely restart various services (as opposed to using ps and manually kill HUPing the daemons)
