Mac OS X Installation Procedure: Difference between revisions

From CLONWiki
Jump to navigation Jump to search
← Older edit
Boiarino (talk | contribs)
jpeople, Administrators
4,150 edits
No edit summary
Boiarino (talk | contribs)
jpeople, Administrators
4,150 edits
No edit summary
 
(20 intermediate revisions by the same user not shown)
Line 1: Line 1:
Configuring Domain Name System (DNS) server:
'''Configuring Domain Name System (DNS) server:'''


   1. Open the System Preferences application.     
   1. Open the System Preferences application.     
Line 9: Line 9:




'''To create new group do following (unchecked):'''


NOTE: THIS SCRIPT IS WRITTEN FOR PANTHER (10.3)


To setup NIS service type following as ''root'':
#!/bin/bash
# Create a group.
# Takes a group name and gid and creates a new group in NetInfo groups
usage ()
{
  echo "Create a new group"
  echo "Usage: ${0##*/} groupname gid"
  if [ "$*" != "" ]; then echo "  Error: $*"; fi
  exit 1
}
# The script must be run as root
#
if [ "$USER" != "root" ]; then
  echo "Must be run as root."
  exit 1
fi
# Check parameters
#
if [ $# -ne 2 ]; then
  usage
fi
group=$1; gid=$2
# search NetInfo for the given group - it should not exist
str="$(nireport . /groups name | grep -w $group)"
if [ ! -z "$str" ]; then
  usage "Group $group already exists"
fi
# search NetInfo for the given gid - it should not exist
str="$(nireport . /groups gid | grep -w $gid)"
if [ ! -z "$str" ]; then
  usage "Group ID $gid already exists"
fi
# Add the new group to NetInfo
#
# add group and essential properties
dscl . create /groups/$group
dscl . create /groups/$group name $group
dscl . create /groups/$group passwd "*"
dscl . create /groups/$group gid $gid
#dscl . create /groups/$group users "" breaks add-user2group if added as a blank value
echo "New group $group created"
echo "Now add users to it with add-user2group"
exit 0
 
 
'''To create new user do following (unchecked):'''
 
NOTE: THIS SCRIPT IS WRITTEN FOR PANTHER (10.3)
 
#!/bin/bash
# Create a user.
# Takes the user's firstname (=shortname), lastname, uid, and staff|admin
# and creates:
#  a new user in NetInfo passwd
#  a new /Users/firstname home directory
usage ()
{
  echo "Create a new staff or admin user"
  echo "Usage: ${0##*/} firstname lastname uid staff|admin"
  if [ "$*" != "" ]; then echo "  Error: $*"; fi
  exit 1
}
# The script must be run by root
#
if [ "$USER" != "root" ]; then
  echo "Must be run as root."
  exit 1
fi
# Check parameters
#
if [ $# -ne 4 ]; then
  usage
fi
first=$1; last=$2; uid=$3; accnt=$4
# check that the users does not already have a home directory
if [ -e /Users/$first ]; then
  usage "User $first already exists at /Users/$first"
fi
# search NetInfo for the given user - it should not exist
str="$(nireport . /users name | grep -w $first)"
if [ ! -z "$str" ]; then
  usage "User $first already exists (but does not have a home directory)"
fi
# search NetInfo for the given uid - it should not exist
str="$(nireport . /users uid | grep -w $uid)"
if [ ! -z "$str" ]; then
  usage "User ID $uid already exists"
fi
# search NetInfo for the given group - it should not exist
str="$(nireport . /groups name | grep -w $first)"
if [ ! -z "$str" ]; then
  usage "Group $first already exists"
fi
# search NetInfo for the given gid - it should not exist
str="$(nireport . /groups gid | grep -w $uid)"
if [ ! -z "$str" ]; then
    usage "Group ID $uid already exists"
fi
# ensure either staff or admin is given
if [ $4 != staff ] && [ $4 != admin ]; then
  usage "Give account type as 'staff' or 'admin'"
fi
# Add the new user to NetInfo
#
# add user and essential properties
dscl . create /users/$first
dscl . create /users/$first name $first
dscl . create /users/$first passwd "*"
dscl . create /users/$first hint ""
dscl . create /users/$first uid $uid
dscl . create /users/$first gid $uid
dscl . create /users/$first home /Users/$first
dscl . create /users/$first shell /bin/bash
dscl . create /users/$first realname "$first $last"
dscl . create /users/$first picture "/Library/User Pictures/Fun/Smack.tif"
dscl . create /users/$first sharedDir Public
# add some other properties that are usually in NetInfo
dscl . create /users/$first _shadow_passwd ""
dscl . create /users/$first _writers_hint $first
dscl . create /users/$first _writers_real_name $first
# add the new group
dscl . create /groups/$first
dscl . create /groups/$first name $first
dscl . create /groups/$first passwd "*"
dscl . create /groups/$first gid $uid
echo "New user and group $first created"
# Add admin users to the admin group
#
if [ $4 = admin ]; then
  dscl . merge /groups/admin users $first
  dscl . merge /groups/appserverusr users $first
  dscl . merge /groups/appserveradm users $first
  echo "$first added to groups admin, appserverusr, appserveradm"
fi
# Create the home directory, populate from the template, and set owners
#
mkdir /Users/$first
if [ ! -d /Users/$first ]; then
  echo "Unable to create the user's home directory /Users/$first"
  exit
fi
ditto -rsrc /System/Library/User\ Template/English.lproj/ /Users/$first
chown -R ${first}:$first /Users/$first
echo "Home directory /Users/$first created and populated"
# Now give the user a password
#
echo "A password for this account must be given, it is currently blank"
passwd $first
exit 0
 
''' To add user to group (unchecked):'''
 
#! /bin/sh
############################################################################################
# File  : adduser2group
# Author : Sebastien Varrette <Sebastien.Varrette@imag.fr>
#          (Web page : http://www-id.imag.fr/~svarrett/perso.html)
# Creation date : 01 Aug 2007
#
# Description : see the print_help function or launch 'adduser2group --help'
# This program is free software; you can redistribute it and/or modify it under the terms
# of the GNU General Public License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
# See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with this
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street,
# Fifth Floor, Boston, MA  02110-1301, USA.
#
# Sebastien Varrette  <Sebastien.Varrette@imag.fr>
#                    <Sebastien.Varrette@uni.lu>
# University of Luxembourg
# 162-A avenue de la faiencerie
# L-1511 Luxembourg, LUXEMBOURG
############################################################################################
### Global variables
VERSION=0.1
COMMAND=`basename $0`
VERBOSE=""
### displayed colors
COLOR_GREEN="\033[0;32m"
COLOR_RED="\033[0;31m"
COLOR_YELLOW="\033[0;33m"
COLOR_VIOLET="\033[0;35m"
COLOR_CYAN="\033[0;36m"
COLOR_BACK="\033[0m"
### Specific variable
MODE_ADD="-append"
MODE_DEL="-delete"
OP_MODE="$MODE_ADD"  # by default, add user to the group
GROUPNAME=""
GID=""
#######################
### print functions ###
#######################
####
# print version of this program
##
print_version() {
    cat <<EOF
This is $COMMAND version "$VERSION".
Copyright (c) 2007 Sebastien Varrette  (http://www-id.imag.fr/~svarrett/)
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
EOF
}
####
# print help
##
print_help() {
cat <<EOF
NAME
$COMMAND -- add users to an existing group in MAC OS X Tiger
SYNOPSIS
$COMMAND group user1 user2 ...
DESCRIPTION
$COMMAND check the existence of the group and add (or delete) users to (from) this
        group.
OPTIONS
-h --help
Display a help screen and quit.
      -d --delete-from-group
              delete the users from the group.
-v --verbose
Verbose mode. Causes $COMMAND to print debugging messages.
-V --version
Display the version number then quit.
AUTHOR
Sebastien Varrette <Sebastien.Varrette@imag.fr>
Web page: http://www-id.imag.fr/~svarrett/
REPORTING BUGS
Please report bugs to <Sebastien.Varrette@imag.fr>
COPYRIGHT
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
SEE ALSO
Other scripts are available on my web site http://www-id.imag.fr/~svarrett/
EOF
}
######
# Print information in the following form: '[$2] $1' ($2=INFO if not submitted)
# usage: info text [title]
##
info() {
    [ -z "$1" ] && print_error_and_exit "[$FUNCNAME] missing text argument"
    local text=$1
    local title=$2
    # add default title if not submitted but don't print anything
    [ -n "$text" ] && text="${title:==>} $text"   
    echo -e $text
}
#####
# print the strings [ OK ] or [ FAILED ] or [ FAILED ]\n$1
##
print_ok()    { echo -e "[  ${COLOR_GREEN}OK${COLOR_BACK}  ]"; }
print_failed() { echo -e "[ ${COLOR_RED}FAILED${COLOR_BACK} ]"; }
print_failed_and_exit() {
    print_failed
    [ ! -z "$1" ] && echo "$1"
    exit 1
}
#####
# Print debug information if verbose mode enabled
# usage: debug text
##
debug() {    [ -n "$VERBOSE" ] && info "$1" "[${COLOR_YELLOW}DEBUG${COLOR_BACK}]"; }
#####
# Print error message
# usage: error text
##
error() {    info "$1" "[${COLOR_RED}ERROR${COLOR_BACK}]"; }
print_error_and_exit() {
    local text=$1
    [ -z "$1" ] && text=" Bad format"
    error  "$text. '$COMMAND -h' for help."
    exit 1
}
#########################
### toolbox functions ###
#########################
####
# ask to continue. exit 1 if the answer is no
# usage: really_continue text
##
really_continue() {
    echo -e -n "$1 Are you sure you want to continue? [Y|n] "
    read ans
    case $ans in
n*|N*) exit 1;;
    esac
}
#####
# Check availability of binaries passed as arguments on the current system
# usage: check_bin prog1 prog2 ...
##
check_bin() {
    [ $# -eq 0 ] && print_error_and_exit "[$FUNCNAME] missing argument"
    for appl in `echo $*`; do
echo -n -e "=> checking availability of the command '$appl' on your system \t"
local tmp=`which $appl`
[ -z "$tmp" ] && print_failed_and_exit "Please install $appl or check \$PATH." || print_ok
    done
}
#####
# Check availability of the group passed as arguments and exit if absent;
# usage: check_group groupname
##
check_group() {
    [ -z "$1" ] && print_error_and_exit "[$FUNCNAME] missing group name"
    local check=`dscl . -list /groups | grep $1`
    [ -z "$check" ] && print_error_and_exit "The group $1 does not exists!"
}
#####
# Check existence of the user passed as argument and exit if absent
# usage: check_user username
##
check_user() {
    [ -z "$1" ] && print_error_and_exit "[$FUNCNAME] missing user name"
    local check=`dscl . -list /users | grep $1`
    [ -z "$check" ] && print_error_and_exit "The user $1 does not exists - I can't add him to the group ${GROUPNAME}"
}
#####
# add (or remove) users specified in $* to the group ${GROUPNAME}
##
addusers2group() {
    [ $# -eq 0 ] && print_error_and_exit "[$FUNCNAME] missing arguments"
    check_group ${GROUPNAME}
    GID=`nireport . /groups gid name | grep ${GROUPNAME} | cut -f 1`
    debug "GID=$GID"
    for user in `echo $*`; do
debug "processing user $user..."
# check if the user exists
check_user $user
# check if the user already belongs to the group ${GROUPNAME}
local check_user_in_group=`nireport . /groups name users | grep -e "^${GROUPNAME}" | grep $user`
if [ -n "$check_user_in_group" ]; then
    # don't add a user already member of the group
    [ "$OP_MODE" == "$MODE_ADD" ] && info "the user $user already belongs to the group ${GROUPNAME} - skipping this user" && continue
else
    # don't delete a user which is not a member of the group
    [ "$OP_MODE" == "$MODE_DEL" ] && info "the user $user does not belongs to the group ${GROUPNAME} and won't be deleted - skipping this user" && continue
fi
# in all case, don't operate if ${GROUPNAME} is de primary group of $user
local check_primary_group=`nireport . /users name gid | grep $user | grep $GID`
[ -n "$check_primary_group" ] && info "the group ${GROUPNAME} is the primary group of the user $user - skipping this user" && continue  
# now add (or remove - depending on $OP_MODE) the user to the group
[ "$OP_MODE" == "$MODE_ADD" ] && echo -n "adding" || echo -n "removing"
echo -n -e " user $user to the group ${GROUPNAME} \t"
dscl . ${OP_MODE} /groups/${GROUPNAME} users "$user"
[ "$?" -eq "0" ] && print_ok || print_failed_and_exit "Something goes wrong. Check what have been done using Applications/Utilities/NetInfo Manager"
    done   
}
################################################################################
################################################################################
[ $UID -ge 1 ] && print_error_and_exit "You must be root to execute this script (current uid: $UID)"
# Check for required argument
[ $# -eq 0 ] && print_error_and_exit
# Check for options
while [ $# -ge 1 ]; do
    case $1 in
-d | --delete-from-group) OP_MODE="$MODE_DEL";;
-h | --help)    print_help $1;        exit 0;;
-V | --version) print_version;        exit 0;;
-v | --verbose) VERBOSE="--verbose";;    
*)  GROUPNAME=$1
    shift
    addusers2group $*
    exit 0;;
    esac
    shift
done
 
 
 
'''To setup NIS service''' type following as ''root'':


   rpcinfo -p
   rpcinfo -p
Line 40: Line 420:
It should return error message, one of following:
It should return error message, one of following:


1. Unknown domain CCCHP: a NIS server was found but it doesn't know the NIS domain name you have specified. Check the name and reenter the domainname command.
  1. Unknown domain CCCHP: a NIS server was found but it doesn't know the NIS domain
2. Dead domain CCCHP: a NIS server was found and it knows the domain name you've specified. However, this domain is currently marked inactive and cannot be used. Check if you should specify another domain and repeat the domainname command with its name.
    name you have specified. Check the name and reenter the domainname command.
3. Domainname not set. Aborting: You forgot or mistyped the domainname command. Enter it correctly and repeat the test.
  2. Dead domain CCCHP: a NIS server was found and it knows the domain name you've
4. /var/yp/binding/CCCHP.ypservers does not exist, defaulting to broadcast: The system has sent out a broadcast message to search for a NIS server, but no server has responded. This can have different reasons:
    specified. However, this domain is currently marked inactive and cannot be used.
4.1. The NIS server is not running: Make sure that the NIS server really is there. If you know its name, you can use the ping command to see if it's alive.
    Check if you should specify another domain and repeat the domainname command with
4.2. The NIS server and your machine are in two different IP subnets: In this case it's impossible that your machine can find the NIS server automatically. Create a file /var/yp/binding/CCCHP.ypservers that contains the IP address(es) of your NIS server(s).
    its name.
4.3. The administrator of the NIS server disabled server recovery through broadcasts for security reasons: In this case, do the same as in the "different IP subnet" situation.
  3. Domainname not set. Aborting: You forgot or mistyped the domainname command. Enter
4.4. There is an error in the IP netmask of your ethernet interface: Enter ifconfig -a to get a list of all your network interfaces and check whether the netmasks are set correctly. Perhaps there was a simple typo during system installation. Many network features will work correctly even with this error, but services that rely on broadcasts certainly will not.
    it correctly and repeat the test.
  4. /var/yp/binding/CCCHP.ypservers does not exist, defaulting to broadcast: The system
    has sent out a broadcast message to search for a NIS server, but no server has responded.
    This can have different reasons:
    4.1. The NIS server is not running: Make sure that the NIS server really is there. If you
        know its name, you can use the ping command to see if it's alive.
    4.2. The NIS server and your machine are in two different IP subnets: In this case it's
        impossible that your machine can find the NIS server automatically. Create a file
        /var/yp/binding/CCCHP.ypservers that contains the IP address(es) of your NIS server(s).
    4.3. The administrator of the NIS server disabled server recovery through broadcasts for
        security reasons: In this case, do the same as in the "different IP subnet" situation.
    4.4. There is an error in the IP netmask of your ethernet interface: Enter ifconfig -a to get
        a list of all your network interfaces and check whether the netmasks are set correctly.
        Perhaps there was a simple typo during system installation. Many network features will
        work correctly even with this error, but services that rely on broadcasts certainly will not.


In case of ''clonpc7'' (subnet 68) file ''CCCHP.ypservers'' must contains IP address of ''clon00'', because of clon00 is on subnet 167. In general it make sense to put both our servers: 129.57.167.5 (clon00), 129.57.167.14 (clon10) and central JLAB server(s). If machine is not on 167 subnet, corresponding clon00's port can be specified as well, for example 129.57.68.1 (clon00-daq1).
In case of ''clonpc7'' (subnet 68) file ''CCCHP.ypservers'' must contains IP address of ''clon00'', because of clon00 is on subnet 167. In general it make sense to put both our servers: 129.57.167.5 (clon00), 129.57.167.14 (clon10) and central JLAB server(s). If machine is not on 167 subnet, corresponding clon00's port can be specified as well, for example 129.57.68.1 (clon00-daq1).
Line 70: Line 464:


   clon00-daq1.jlab.org
   clon00-daq1.jlab.org
All above actions were just tests. Not we can make NIS configuration permanent:
  1. Launch the application Directory Access in the folder Utilities in Applications.
  2. If the key icon in the lower left corner is locked, click on the lock to authenticate
    with Directory Access in order to make changes.
  3. Make sure the checkmark at the item ''BSD Flat File and NIS'' is set and select
    the corresponding line. If the checkmark was not set, you must press the Apply button
    before you continue to the next step.
  4. Click the Configure... button.
  5. Enter the name of your NIS domain at Domain Name (must be already set to CCCHP).
  6. If the NIS severs are located in a different subnet, or the NIS administrator has
    deactivated server recovery through broadcast messages, enter the IP address(es) of
    your server(s) into the NIS Servers table (must be already set). It is recommended
    to use IP addresses instead of computer names because otherwise we would create
    dependencies between NIS and name resolution: NIS could only start if the name resolver
    is running yet what cannot be guaranteed under all circumstances.
  7. Press OK.
  8. In Directory Access go to the tab view item Authentication.
  9. In the Search menu, select the option Custom Path.
10. Press the Add... button
11. Select your NIS domain as valid source for the authentication of users. Among other
    directory services, the NIS domain should be displayed in the form /BSD/CCCHP in
    the overview. Add this entry. After that, it should appear at the end of the list
    Directory Node (also see the picture below).
12. Now click on Apply at the lower right corner of the window. The configuration will be
    saved. It becomes active after a few seconds without restarting the computer.
'''NFS mount:'''
Make sure you have the same UID and GID on both computers (if NIS works properly it must be enforced ??).
To change it manually do following:
  1. Go to the NetInfo  Manager (Applications -> Utilities)
  2. Authenticate as an administrator by clicking the lock in the lower left corner
  3. Click on Users in the list, and find your username.
  4. When you click on it, you should see info about it at the bottom of the screen…
    scroll down until you see UID and GID and change those appropriately.
    Make sure you keep track of your old UID so that you can change permissions on your files.
In any case, id UID is changed, use a command like the following to change file permissions over to you again (do it as ''root''):
  find / -xdev -user <old uid> -print -exec chown <new uid> {} \;
Mount desired partitions as shown in following examples:
  mkdir /data
  mkdir /work
  mkdir /scratch
  sudo mount -o -P clon10-daq1:/data /data
  sudo mount -o -P clon00-daq1:/work /work
  sudo mount -o -P clon00-daq1:/scratch /scratch
To mount from a GUI program: There is a program called NFSManager (http://www.bresink.de/osx/NFSManager.html) available for use, if this would make things easier.  It’s shareware, so if you don’t pay, you’ll have demo notices popping up, but it doesn’t limit the features of the program. Authenticate first, then add a new entry to the NFS Connections. Enter your server and NFS share. You can leave it as the default to mount in the network folder. Activate changes when you are done. You should now be able to browse to your mount through the Network area (NetInfo Manager -> mounts).
NOTE: I created directories first, then ran GUI, and everything looked fine except nothing was mounted ...
I ran 'sudo mount ...' commands and it worked. Need to learn more ...
NOTE: after reboot everything mounted as following:
  work -> /automount/static/work
Maybe reboot needed after above procedure ? Will check next time ...
Another automount method (does not work !!!):
  Create file /etc/auto.nfs, for example it may contains following line (mounts /scratch from clon00):
    scratch -rw,bg,intr clon00:/scratch
  Type command:
    automount -m /nfs /etc/auto.nfs
'''VNC'''
After machine rebooted, start VNC server. First ssh to machine as ''root'' and type two following commands (we assume that VineServer was downloaded to ''/Users/boiarino/'' :
  open /Users/boiarino/VineServer2.1.dmg
  open -a /Volumes/Vine\ Server/Vine\ Server.app/
Now you can run vnc viewer on another machine and access Mac, for example to access Mac OS X machine named ''clonpc7'' do following:
  vncviewer clonpc7
To go through firewall use ssh tunneling, for example:
  ssh -L 5000:129.57.68.7:5900 username@jlab.org
where IP address belong to clonpc7. Port 5900 is default. If VNC server on clonpc7 was started for example on port 5904, ssh tunneling shell be done to that port, and vnc veiwer command will be
  vncviewer clonpc7:4
'''MORE VNC INFO (copy from www.cs.vassar.edu/SysNews/vnc/osx.html)'''
Using VNC on Mac OS X
Setup
Download and install a secure shell client
As you may have heard, the Mac OS X operating system is built off of a version of Unix, FreeBSD. You'll be happy to here that this means you already have a secure shell client installed, the Unix native ssh. You will find it from the Terminal - more on that later.
Download and install a VNC client
We recommend using Chicken of the VNC, although other clients (try the official VNC site) should also work.
  1. Download Chicken of the VNC from the Chicken of the VNC website: http://sourceforge.net/projects/cotvnc/.
  2. To install Chicken of the VNC, mount the disk image by double-clicking on the DMG file. Then drag the application to the Applications directory on your hard drive.
Connecting
Forward a port over a secure connection
Here, we set up a secure connection for VNC to talk over.
  1. On the Mac you're sitting at, open up a terminal (Applications/Utilities/Terminal).
  2. Now, you will start a secure connection over which VNC will travel. Grace Hopper would type:
      ssh -L 5901:localhost:5995 grhopper@mote33.cs.vassar.edu
Connect using your VNC client
  1. Start Chicken of the VNC on the Mac or if already running select Connection --> New Connection to bring up the Connect dialog box
  2. Fill in the Connect dialog box as follows:
          * In the Host field enter localhost
          * In the Display field enter 1
          * Leave the Password field blank
          * Leave the check boxes unchecked
          * Click the Connect button on the bottom of the diolog box
  3. You should now see a graphical Unix login screen. Log in as you would in the lab with your username and password
  4. To toggle between full-screen mode, type Ctrl-Command-Option-~.
  5. When you finish your Unix session, log out as you normally would, quit Chicken of the VNC, and exit your ssh session.
VNC help | User Info | CS Department
Back to VNC instruction page
File last modified on $Date: 2007/02/01 18:17:23 $ UTC

Latest revision as of 21:59, 13 September 2007

Configuring Domain Name System (DNS) server: 

 1. Open the System Preferences application.     
 2. From the View menu, select Network.
 3. Select desired network connection and select Configure button.
 4. Select the TCP/IP button.
 5. After DNS Servers: enter the address of your DNS server(s) (clon00 etc).
 6. Click on the Apply Now button.


To create new group do following (unchecked):

NOTE: THIS SCRIPT IS WRITTEN FOR PANTHER (10.3) 

#!/bin/bash
# Create a group.
# Takes a group name and gid and creates a new group in NetInfo groups
usage ()
{
  echo "Create a new group"
  echo "Usage: ${0##*/} groupname gid"
  if [ "$*" != "" ]; then echo "  Error: $*"; fi
  exit 1
}
# The script must be run as root
#
if [ "$USER" != "root" ]; then
  echo "Must be run as root."
  exit 1
fi
# Check parameters
#
if [ $# -ne 2 ]; then
  usage
fi
group=$1; gid=$2
# search NetInfo for the given group - it should not exist
str="$(nireport . /groups name | grep -w $group)"
if [ ! -z "$str" ]; then
  usage "Group $group already exists"
fi
# search NetInfo for the given gid - it should not exist
str="$(nireport . /groups gid | grep -w $gid)"
if [ ! -z "$str" ]; then
  usage "Group ID $gid already exists"
fi
# Add the new group to NetInfo
#
# add group and essential properties
dscl . create /groups/$group
dscl . create /groups/$group name $group
dscl . create /groups/$group passwd "*"
dscl . create /groups/$group gid $gid
#dscl . create /groups/$group users "" breaks add-user2group if added as a blank value
echo "New group $group created"
echo "Now add users to it with add-user2group"
exit 0


To create new user do following (unchecked): 

NOTE: THIS SCRIPT IS WRITTEN FOR PANTHER (10.3)

#!/bin/bash
# Create a user.
# Takes the user's firstname (=shortname), lastname, uid, and staff|admin
# and creates:
#   a new user in NetInfo passwd
#   a new /Users/firstname home directory
usage ()
{
  echo "Create a new staff or admin user"
  echo "Usage: ${0##*/} firstname lastname uid staff|admin"
  if [ "$*" != "" ]; then echo "  Error: $*"; fi
  exit 1
}
# The script must be run by root
#
if [ "$USER" != "root" ]; then
  echo "Must be run as root."
  exit 1
fi
# Check parameters
#
if [ $# -ne 4 ]; then
  usage
fi
first=$1; last=$2; uid=$3; accnt=$4
# check that the users does not already have a home directory
if [ -e /Users/$first ]; then
  usage "User $first already exists at /Users/$first"
fi
# search NetInfo for the given user - it should not exist
str="$(nireport . /users name | grep -w $first)"
if [ ! -z "$str" ]; then
  usage "User $first already exists (but does not have a home directory)"
fi
# search NetInfo for the given uid - it should not exist
str="$(nireport . /users uid | grep -w $uid)"
if [ ! -z "$str" ]; then
  usage "User ID $uid already exists"
fi
# search NetInfo for the given group - it should not exist
str="$(nireport . /groups name | grep -w $first)"
if [ ! -z "$str" ]; then
  usage "Group $first already exists"
fi
# search NetInfo for the given gid - it should not exist
str="$(nireport . /groups gid | grep -w $uid)"
if [ ! -z "$str" ]; then
   usage "Group ID $uid already exists"
fi
# ensure either staff or admin is given
if [ $4 != staff ] && [ $4 != admin ]; then
  usage "Give account type as 'staff' or 'admin'"
fi
# Add the new user to NetInfo
#
# add user and essential properties
dscl . create /users/$first
dscl . create /users/$first name $first
dscl . create /users/$first passwd "*"
dscl . create /users/$first hint ""
dscl . create /users/$first uid $uid
dscl . create /users/$first gid $uid
dscl . create /users/$first home /Users/$first
dscl . create /users/$first shell /bin/bash
dscl . create /users/$first realname "$first $last"
dscl . create /users/$first picture "/Library/User Pictures/Fun/Smack.tif"
dscl . create /users/$first sharedDir Public
# add some other properties that are usually in NetInfo
dscl . create /users/$first _shadow_passwd ""
dscl . create /users/$first _writers_hint $first
dscl . create /users/$first _writers_real_name $first
# add the new group
dscl . create /groups/$first
dscl . create /groups/$first name $first
dscl . create /groups/$first passwd "*"
dscl . create /groups/$first gid $uid
echo "New user and group $first created"
# Add admin users to the admin group
#
if [ $4 = admin ]; then 
  dscl . merge /groups/admin users $first 
  dscl . merge /groups/appserverusr users $first 
  dscl . merge /groups/appserveradm users $first 
  echo "$first added to groups admin, appserverusr, appserveradm"
fi
# Create the home directory, populate from the template, and set owners
#
mkdir /Users/$first
if [ ! -d /Users/$first ]; then
  echo "Unable to create the user's home directory /Users/$first"
  exit
fi
ditto -rsrc /System/Library/User\ Template/English.lproj/ /Users/$first
chown -R ${first}:$first /Users/$first
echo "Home directory /Users/$first created and populated"
# Now give the user a password
#
echo "A password for this account must be given, it is currently blank"
passwd $first
exit 0

To add user to group (unchecked): 

#! /bin/sh
############################################################################################
# File   : adduser2group 
# Author : Sebastien Varrette <Sebastien.Varrette@imag.fr>
#          (Web page : http://www-id.imag.fr/~svarrett/perso.html)
# Creation date : 01 Aug 2007
#
# Description : see the print_help function or launch 'adduser2group --help'
#  
# This program is free software; you can redistribute it and/or modify it under the terms 
# of the GNU General Public License as published by the Free Software Foundation; either 
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; 
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
# See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with this 
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, 
# Fifth Floor, Boston, MA  02110-1301, USA.
# 
# Sebastien Varrette  <Sebastien.Varrette@imag.fr> 
#                     <Sebastien.Varrette@uni.lu> 
# University of Luxembourg 
# 162-A avenue de la faiencerie
# L-1511 Luxembourg, LUXEMBOURG
############################################################################################
### Global variables 
VERSION=0.1
COMMAND=`basename $0`
VERBOSE=""
### displayed colors
COLOR_GREEN="\033[0;32m"
COLOR_RED="\033[0;31m"
COLOR_YELLOW="\033[0;33m"
COLOR_VIOLET="\033[0;35m"
COLOR_CYAN="\033[0;36m"
COLOR_BACK="\033[0m"
### Specific variable
MODE_ADD="-append"
MODE_DEL="-delete"
OP_MODE="$MODE_ADD"  # by default, add user to the group
GROUPNAME=""
GID=""
#######################
### print functions ###
#######################
####
# print version of this program
##
print_version() {
   cat <<EOF
This is $COMMAND version "$VERSION".
Copyright (c) 2007 Sebastien Varrette  (http://www-id.imag.fr/~svarrett/)
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
EOF
}
####
# print help
##
print_help() {
cat <<EOF 
NAME

$COMMAND -- add users to an existing group in MAC OS X Tiger 

SYNOPSIS

$COMMAND group user1 user2 ... 

DESCRIPTION

$COMMAND check the existence of the group and add (or delete) users to (from) this 

       group. 
OPTIONS

-h --help Display a help screen and quit. 

      -d --delete-from-group
              delete the users from the group.

-v --verbose Verbose mode. Causes $COMMAND to print debugging messages. -V --version Display the version number then quit. 

AUTHOR

Sebastien Varrette <Sebastien.Varrette@imag.fr> Web page: http://www-id.imag.fr/~svarrett/ 

REPORTING BUGS

Please report bugs to <Sebastien.Varrette@imag.fr> 

COPYRIGHT

This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 

SEE ALSO

Other scripts are available on my web site http://www-id.imag.fr/~svarrett/ 

EOF
}
######
# Print information in the following form: '[$2] $1' ($2=INFO if not submitted)
# usage: info text [title]
##
info() {
   [ -z "$1" ] && print_error_and_exit "[$FUNCNAME] missing text argument"
   local text=$1
   local title=$2
   # add default title if not submitted but don't print anything 
   [ -n "$text" ] && text="${title:==>} $text"    
   echo -e $text
}
#####
# print the strings [ OK ] or [ FAILED ] or [ FAILED ]\n$1
##
print_ok()     { echo -e "[   ${COLOR_GREEN}OK${COLOR_BACK}   ]"; }
print_failed() { echo -e "[ ${COLOR_RED}FAILED${COLOR_BACK} ]"; }
print_failed_and_exit() { 
   print_failed
   [ ! -z "$1" ] && echo "$1"
   exit 1
}
#####
# Print debug information if verbose mode enabled
# usage: debug text
##
debug() {     [ -n "$VERBOSE" ] && info "$1" "[${COLOR_YELLOW}DEBUG${COLOR_BACK}]"; }
#####
# Print error message
# usage: error text
##
error() {     info "$1" "[${COLOR_RED}ERROR${COLOR_BACK}]"; }
print_error_and_exit() {
   local text=$1
   [ -z "$1" ] && text=" Bad format"
   error  "$text. '$COMMAND -h' for help."
   exit 1
}
#########################
### toolbox functions ###
#########################
####
# ask to continue. exit 1 if the answer is no
# usage: really_continue text
##
really_continue() {
   echo -e -n "$1 Are you sure you want to continue? [Y|n] "
   read ans
   case $ans in

n*|N*) exit 1;; 

   esac
}
#####
# Check availability of binaries passed as arguments on the current system
# usage: check_bin prog1 prog2 ...
##
check_bin() {
   [ $# -eq 0 ] && print_error_and_exit "[$FUNCNAME] missing argument"
   for appl in `echo $*`; do

echo -n -e "=> checking availability of the command '$appl' on your system \t" local tmp=`which $appl` [ -z "$tmp" ] && print_failed_and_exit "Please install $appl or check \$PATH." || print_ok 

   done
}
#####
# Check availability of the group passed as arguments and exit if absent;
# usage: check_group groupname
##
check_group() {
   [ -z "$1" ] && print_error_and_exit "[$FUNCNAME] missing group name"
   local check=`dscl . -list /groups | grep $1`
   [ -z "$check" ] && print_error_and_exit "The group $1 does not exists!"
}
#####
# Check existence of the user passed as argument and exit if absent
# usage: check_user username
##
check_user() {
   [ -z "$1" ] && print_error_and_exit "[$FUNCNAME] missing user name"
   local check=`dscl . -list /users | grep $1`
   [ -z "$check" ] && print_error_and_exit "The user $1 does not exists - I can't add him to the group ${GROUPNAME}"
}
#####
# add (or remove) users specified in $* to the group ${GROUPNAME} 
##
addusers2group() {
   [ $# -eq 0 ] && print_error_and_exit "[$FUNCNAME] missing arguments"
   check_group ${GROUPNAME}
   GID=`nireport . /groups gid name | grep ${GROUPNAME} | cut -f 1`
   debug "GID=$GID"
   for user in `echo $*`; do

debug "processing user $user..." # check if the user exists check_user $user # check if the user already belongs to the group ${GROUPNAME} local check_user_in_group=`nireport . /groups name users | grep -e "^${GROUPNAME}" | grep $user` if [ -n "$check_user_in_group" ]; then # don't add a user already member of the group [ "$OP_MODE" == "$MODE_ADD" ] && info "the user $user already belongs to the group ${GROUPNAME} - skipping this user" && continue else # don't delete a user which is not a member of the group [ "$OP_MODE" == "$MODE_DEL" ] && info "the user $user does not belongs to the group ${GROUPNAME} and won't be deleted - skipping this user" && continue fi # in all case, don't operate if ${GROUPNAME} is de primary group of $user local check_primary_group=`nireport . /users name gid | grep $user | grep $GID` [ -n "$check_primary_group" ] && info "the group ${GROUPNAME} is the primary group of the user $user - skipping this user" && continue # now add (or remove - depending on $OP_MODE) the user to the group [ "$OP_MODE" == "$MODE_ADD" ] && echo -n "adding" || echo -n "removing" echo -n -e " user $user to the group ${GROUPNAME} \t" dscl . ${OP_MODE} /groups/${GROUPNAME} users "$user" [ "$?" -eq "0" ] && print_ok || print_failed_and_exit "Something goes wrong. Check what have been done using Applications/Utilities/NetInfo Manager" 

   done    
}
################################################################################
################################################################################
[ $UID -ge 1 ] && print_error_and_exit "You must be root to execute this script (current uid: $UID)"
# Check for required argument
[ $# -eq 0 ] && print_error_and_exit
# Check for options 
while [ $# -ge 1 ]; do
   case $1 in

-d | --delete-from-group) OP_MODE="$MODE_DEL";; -h | --help) print_help $1; exit 0;; -V | --version) print_version; exit 0;; -v | --verbose) VERBOSE="--verbose";; *) GROUPNAME=$1 shift addusers2group $* exit 0;; 

   esac
   shift
done


To setup NIS service type following as root: 

 rpcinfo -p

If the portmapper is not running, you'll get the message 

 rpcinfo: can't contact portmapper: RPC: remote system error - Connection refused

To fix that type: 

 sudo launchctl start com.apple.portmap

Repeat check, you should see something like: 

 program vers proto   port
   100000    2   tcp    111  portmapper
   100000    2   udp    111  portmapper

Type following: 

 sudo domainname CCCHP
 sudo ypbind

If last command does not return after 10 seconds, Ctrl-C and run it in debug mode: 

 sudo ypbind -d

It should return error message, one of following: 

 1. Unknown domain CCCHP: a NIS server was found but it doesn't know the NIS domain
    name you have specified. Check the name and reenter the domainname command.
 2. Dead domain CCCHP: a NIS server was found and it knows the domain name you've
    specified. However, this domain is currently marked inactive and cannot be used.
    Check if you should specify another domain and repeat the domainname command with
    its name.
 3. Domainname not set. Aborting: You forgot or mistyped the domainname command. Enter
    it correctly and repeat the test.
 4. /var/yp/binding/CCCHP.ypservers does not exist, defaulting to broadcast: The system
    has sent out a broadcast message to search for a NIS server, but no server has responded.
    This can have different reasons:
   4.1. The NIS server is not running: Make sure that the NIS server really is there. If you
        know its name, you can use the ping command to see if it's alive.
   4.2. The NIS server and your machine are in two different IP subnets: In this case it's
        impossible that your machine can find the NIS server automatically. Create a file
        /var/yp/binding/CCCHP.ypservers that contains the IP address(es) of your NIS server(s).
   4.3. The administrator of the NIS server disabled server recovery through broadcasts for
        security reasons: In this case, do the same as in the "different IP subnet" situation.
   4.4. There is an error in the IP netmask of your ethernet interface: Enter ifconfig -a to get
        a list of all your network interfaces and check whether the netmasks are set correctly.
        Perhaps there was a simple typo during system installation. Many network features will
        work correctly even with this error, but services that rely on broadcasts certainly will not.

In case of clonpc7 (subnet 68) file CCCHP.ypservers must contains IP address of clon00, because of clon00 is on subnet 167. In general it make sense to put both our servers: 129.57.167.5 (clon00), 129.57.167.14 (clon10) and central JLAB server(s). If machine is not on 167 subnet, corresponding clon00's port can be specified as well, for example 129.57.68.1 (clon00-daq1).

Now try again: 

 sudo ypbind -d

Every about 10 seconds tt should return something like that: 

 ypbind: returned from 129.57.68.1 about CCCHP

Type Ctrl-C and start the same without debug flag: 

 sudo ypbind

It should return after about 10 seconds. Make sure everything is configured correctly by command: 

 ypwhich

It should return the name of NIS server, for example: 

 clon00-daq1.jlab.org

All above actions were just tests. Not we can make NIS configuration permanent: 

 1. Launch the application Directory Access in the folder Utilities in Applications.
 2. If the key icon in the lower left corner is locked, click on the lock to authenticate
    with Directory Access in order to make changes.
 3. Make sure the checkmark at the item BSD Flat File and NIS is set and select
    the corresponding line. If the checkmark was not set, you must press the Apply button
    before you continue to the next step.
 4. Click the Configure... button.
 5. Enter the name of your NIS domain at Domain Name (must be already set to CCCHP).
 6. If the NIS severs are located in a different subnet, or the NIS administrator has
    deactivated server recovery through broadcast messages, enter the IP address(es) of
    your server(s) into the NIS Servers table (must be already set). It is recommended
    to use IP addresses instead of computer names because otherwise we would create
    dependencies between NIS and name resolution: NIS could only start if the name resolver
    is running yet what cannot be guaranteed under all circumstances.
 7. Press OK.
 8. In Directory Access go to the tab view item Authentication.
 9. In the Search menu, select the option Custom Path.
10. Press the Add... button
11. Select your NIS domain as valid source for the authentication of users. Among other
    directory services, the NIS domain should be displayed in the form /BSD/CCCHP in
    the overview. Add this entry. After that, it should appear at the end of the list
    Directory Node (also see the picture below).
12. Now click on Apply at the lower right corner of the window. The configuration will be
    saved. It becomes active after a few seconds without restarting the computer.


NFS mount:

Make sure you have the same UID and GID on both computers (if NIS works properly it must be enforced ??). To change it manually do following: 

 1. Go to the NetInfo  Manager (Applications -> Utilities)
 2. Authenticate as an administrator by clicking the lock in the lower left corner
 3. Click on Users in the list, and find your username.
 4. When you click on it, you should see info about it at the bottom of the screen… 
    scroll down until you see UID and GID and change those appropriately.
    Make sure you keep track of your old UID so that you can change permissions on your files.

In any case, id UID is changed, use a command like the following to change file permissions over to you again (do it as root): 

 find / -xdev -user <old uid> -print -exec chown <new uid> {} \;

Mount desired partitions as shown in following examples: 

 mkdir /data
 mkdir /work
 mkdir /scratch
 sudo mount -o -P clon10-daq1:/data /data
 sudo mount -o -P clon00-daq1:/work /work
 sudo mount -o -P clon00-daq1:/scratch /scratch

To mount from a GUI program: There is a program called NFSManager (http://www.bresink.de/osx/NFSManager.html) available for use, if this would make things easier. It’s shareware, so if you don’t pay, you’ll have demo notices popping up, but it doesn’t limit the features of the program. Authenticate first, then add a new entry to the NFS Connections. Enter your server and NFS share. You can leave it as the default to mount in the network folder. Activate changes when you are done. You should now be able to browse to your mount through the Network area (NetInfo Manager -> mounts).

NOTE: I created directories first, then ran GUI, and everything looked fine except nothing was mounted ... I ran 'sudo mount ...' commands and it worked. Need to learn more ...

NOTE: after reboot everything mounted as following: 

 work -> /automount/static/work

Maybe reboot needed after above procedure ? Will check next time ...


Another automount method (does not work !!!): 

 Create file /etc/auto.nfs, for example it may contains following line (mounts /scratch from clon00):
   scratch -rw,bg,intr clon00:/scratch
 Type command:
   automount -m /nfs /etc/auto.nfs


VNC

After machine rebooted, start VNC server. First ssh to machine as root and type two following commands (we assume that VineServer was downloaded to /Users/boiarino/ : 

 open /Users/boiarino/VineServer2.1.dmg
 open -a /Volumes/Vine\ Server/Vine\ Server.app/

Now you can run vnc viewer on another machine and access Mac, for example to access Mac OS X machine named clonpc7 do following: 

 vncviewer clonpc7

To go through firewall use ssh tunneling, for example: 

 ssh -L 5000:129.57.68.7:5900 username@jlab.org

where IP address belong to clonpc7. Port 5900 is default. If VNC server on clonpc7 was started for example on port 5904, ssh tunneling shell be done to that port, and vnc veiwer command will be 

 vncviewer clonpc7:4


MORE VNC INFO (copy from www.cs.vassar.edu/SysNews/vnc/osx.html)

Using VNC on Mac OS X Setup Download and install a secure shell client

As you may have heard, the Mac OS X operating system is built off of a version of Unix, FreeBSD. You'll be happy to here that this means you already have a secure shell client installed, the Unix native ssh. You will find it from the Terminal - more on that later. Download and install a VNC client

We recommend using Chicken of the VNC, although other clients (try the official VNC site) should also work. 

  1. Download Chicken of the VNC from the Chicken of the VNC website: http://sourceforge.net/projects/cotvnc/.
  2. To install Chicken of the VNC, mount the disk image by double-clicking on the DMG file. Then drag the application to the Applications directory on your hard drive.

Connecting Forward a port over a secure connection

Here, we set up a secure connection for VNC to talk over. 

  1. On the Mac you're sitting at, open up a terminal (Applications/Utilities/Terminal).
  2. Now, you will start a secure connection over which VNC will travel. Grace Hopper would type:
     ssh -L 5901:localhost:5995 grhopper@mote33.cs.vassar.edu

Connect using your VNC client 

  1. Start Chicken of the VNC on the Mac or if already running select Connection --> New Connection to bring up the Connect dialog box
  2. Fill in the Connect dialog box as follows:
         * In the Host field enter localhost
         * In the Display field enter 1
         * Leave the Password field blank
         * Leave the check boxes unchecked
         * Click the Connect button on the bottom of the diolog box
  3. You should now see a graphical Unix login screen. Log in as you would in the lab with your username and password
  4. To toggle between full-screen mode, type Ctrl-Command-Option-~.
  5. When you finish your Unix session, log out as you normally would, quit Chicken of the VNC, and exit your ssh session.

VNC help | User Info | CS Department

Back to VNC instruction page

File last modified on $Date: 2007/02/01 18:17:23 $ UTC

Retrieved from "https://clonwiki0.jlab.org/wiki/index.php?title=Mac_OS_X_Installation_Procedure&oldid=2094"