<<

. 34
( 69 .)



>>


160
11
SYSTEM ADMINISTRATION COMMANDS


After you enable the root TYPE THIS:
account, you can log on as
[ferro:˜] user% su
root or switch user to root.
Password:
The su command allows you [ferro:˜] # pwd
to adopt the identity of
another user if you know their
password; if you are root, you
RESULT:
do not need the password.
Entering su - invokes the /Users/user
environment of the new user
in addition to assuming their
username. This command
TYPE THIS:
leaves you positioned in the
home directory of the user, [ferro:˜] user% su -
Password:
with the path of the user [ferro:˜] root# pwd
being active, and the aliases of
the user defined. You can use
the su command to assume
RESULT:
the identity of any user but,
without an argument, it /private/var/root
defaults to root.




Security



Enable Root User




ˇ Click Security ➪ Enable Á Click OK. ‹ Type the new password
ENABLE ROOT ON
THE COMMAND LINE
Root User. for root at the prompt.
– The root user password is
„ In a Terminal window,
– An Alert message box › Retype the new password
changed, enabling the
type sudo passwd root and
appears informing you that account. at the prompt.
press Return.
you must re-authenticate to
– The root user password is
¤ Type your password at the
make additional changes.
changed, enabling the
prompt. account.
161
UNIX FOR MAC



EXECUTE COMMANDS AS ROOT
control over privileges, the default setup gives privileged

Y
ou can run arbitrary commands as root by using the
users the ability to run any command as root. Privileged
sudo command regardless of whether you decide to
users are given privilege when they first establish their
enable the root account on your Mac OS X system. In
accounts. However, this privilege derives from their
order to use the sudo command, you must be a user with
membership in the admin group.
system management privilege. If you have this privilege, you
can make use of root privilege when you need it by
The sudo command prompts you to enter your password
inserting the word sudo in front of any command that you
every five minutes. This process of re-authenticating the
require root permission to execute.
user helps to ensure that the user running the command is
really the privileged user.
You do not need root privilege to work on your own files,
and you should not use root privilege when you do not
You can use the nidump command to display a list of users
need it because the system has no protection against the
allowed to use the sudo command. The default sudo setup
actions of this all-powerful user.
places no restrictions on the commands that privileged
users can run and is not a mechanism for limiting privilege.
The sudo command uses a configuration file that includes a
list of the users or user groups allowed to run commands as
root. While this configuration file permits a precise level of


EXECUTE COMMANDS AS ROOT




– The passwd command ¤ Type /etc/sudoers and
ISSUE A COMMAND AS ROOT LOOK AT THE SUDOERS FILE
prompts you to enter the new press Return.
„ Type sudo passwd „ Type cat followed by a
password for the other user.
– The contents of the
followed by a space, the space.
‹ Type a new password for
username of another user, /etc/sudoers file appear.
and then press Return. the other user at the prompt.
¤ Type your password at the › Retype the new password
prompt. at the prompt.
– The other user's password
is changed.
162
11
SYSTEM ADMINISTRATION COMMANDS




The sudo command allows you to give limited root privilege to trusted users.
For example, you can allow a junior administrator to set up accounts for new
users or to cancel print jobs. By configuring a limited set of commands in the
/etc/sudoers file for certain users, a system administrator can delegate certain
system privileges while not giving out access to the root account. To use
sudo in this way, you need to create a list of commands that one or more
users can run as root, and then restrict them to the list of commands. Type
sudo visudo and add system and usernames to reflect users on your system.

Example:
kynn,sandra,eric ferro=/sbin/dump,/sbin/restore
kynn ferro=/sbin/shutdown

These lines allow the first group of users to use the dump and restore
commands and the second to shut down the system.




– A list of the group file › Type who am i and press
LIST PRIVILEGED USERS SWITCH USER TO ROOT
appears, including a listing of Return.
„ Type nidump group „ Type su - and press
the members of the admin
– You are now running as
followed by a space. Return.
group.
root.
¤ Type . and press Return. ¤ Type the password for
root at the prompt, and press Note: The system remembers your
Return. original logon.
‹ Type whoami and press
Return.
163
UNIX FOR MAC




BACK UP YOUR FILES
Most Unix systems use the dump command for regular

Y
ou can safeguard your work and protect your system
system backups, although you may need to dump to a
by backing up your files. Maintaining a set of backups
remote tape drive to use this command. The dump command
is always a good idea. Mac OS X cannot prevent a
can back up a complete file system or select only those files
user from removing a file or a set of files that they may still
that have changed since the last backup. This latter method
need. There are, however, quite a few tools that you can use
of backing up is called an incremental backup.
to back up your files.
While dump is a good Unix command, the Mac OS X
Some Unix commands such as cp and ditto allow you to
version can only back up an entire file system, fully or
make copies of files. Many long-time Unix users make a
incrementally, and only works with Unix file systems (UFS).
habit of copying important files before editing the originals,
If your Mac OS X installation is an upgrade from Mac OS 9
in case they need to restore them and start over again.
or earlier, your file systems may all be HFS+. If this is the
case, you might consider downloading the hfspax software
Other Unix commands allow you to create archives of
available from www.homepage.mac.com/howardoakley.
important files. This is a great way to save a copy of all the
This software works well with data and resource forks and
files associated with the project in a single file. The tar
provides a command-line interface.
command works well for this purpose.



BACK UP YOUR FILES




‹ Type the name of the file › Type the name of a
BACK UP A FILE WITH CP BACK UP FILES WITH TAR
followed by $$, and then directory, and press Return.
„ Type cp followed by a „ Type tar cvf followed by a
press Return.
space. space. Note: You can also type the name of
– A copy of your file is a set of files, such as *.txt.
¤ Type the name of a file, ¤ Type " followed by a
created with a process ID
– The system adds the
followed by a space. filename.
appended to the end.
specified files to the new
‹ Type " followed by a archive, updating you
space.
on-screen as it works.
164
11
SYSTEM ADMINISTRATION COMMANDS




You can use the restore command to restore files
To initiate a restoration from a dump, use the
from the backup that you create with the dump
restore -ivf command followed by the name
command. The restore command can restore an
of your backup device or dump file. Use cd to
entire file system, although you usually only need to
move between directories, followed by the name
restore a single file or set of files from your backup.
of a file to select it for restoration, and extract
In this case, you can use the interactive mode of the
when you are ready to begin restoring the files.
restore command to navigate within the backed-
On Mac OS X systems, the dump command can
up files. You can then select those files that you
only back up an entire file system. Because you
want to restore and initiate their restoration. The
are probably working with a single partition, it
restored files appear in a subdirectory of the
requires a large-capacity device to create a
directory where you run the restore command.
backup. The dump command can write to the
tape drive on a remote system if you configure
the remote system to allow this.




– The files from the TAR file ‹ Type the name of a UFS,
RESTORE FILES WITH TAR BACK UP FILES WITH DUMP
are extracted into the current and press Return.
„ Type tar “xvf followed by „ Type dump 0uf followed
directory.
– A backup of your file
a space. by a space.
system is created, a process
¤ Type the name of a TAR ¤ Type the name of a device that may take a while.
file, and press Return. on a remote system such as a
tape drive, followed by a
space.
165

<<

. 34
( 69 .)



>>