Archive for ‘CLI’ Category

Mac OSX DHCP debuging

datePosted on 13:08, December 15th, 2007 by Many Ayromlou

Once in a while you might want to dig deep into OSX’s dhcp client and find out what dhcp packet the server sent it. A quick command to spit out this info:
# ipconfig getpacket en0
This produces the following output:

htype = 1
dp_flags = 0
hlen = 6
hops = 0
xid = 1956115059
secs = 0
ciaddr =
yiaddr =
siaddr =
giaddr =
chaddr = 0:3:93:7a:d7:5c
sname =
file =
Options count is 10
dhcp_message_type (uint8): ACK 0x5
server_identifier (ip):
lease_time (uint32): 0x164a
subnet_mask (ip):
router (ip_mult): {}
domain_name_server (ip_mult): {}
domain_name (string):
end (none):

USB-to-Serial console for Mac (OSX)

datePosted on 12:28, December 15th, 2007 by Many Ayromlou

Here are some notes for those of us working with Macs, who also have to deal with networking gear that usually have a serial console for local control. I recently purchased a IOGEAR USB 1.1 to Serial Converter Cable that uses the PL2303 chipset (pretty much any brand of these usb to serial converters use this chip). I was hoping that this dongle would allow me to access our network switches serial interface (which you kinda need when the switch has gone berserk). So after looking around the net I found that there is a opensource driver out there for it and that it performs better than the driver provided by Prolific (the company that manufactures the chip). So once everything was installed I hooked up the serial cable and realized that I needed a serial console program.

This turned out to be quite a pain since almost all of these programs for the mac are old and/or not free. Well, that was until I found out that our good friend screen can do this just fine:

screen /dev/tty.PL2303-0000101D 9600
where /dev/tty.PL2303-0000101D is the device for the dongle (easy to find….just do a ls -l /dev/tty.* and pick the one with PL2303 in the name). The baudrate is 9600 in case you haven’t guessed it already.

This will open up a new screen session in your xterm/terminal and from there you can control your serial device. Once you’re done you need to issue the command Ctrl-a Ctrl-\ to get out of screen and back to your shell prompt.

Okay so this all started with our users not being able to share files on our webserver. We use SSH only for upload/download and interactive access (ie: no ftp). Through trial and error we found out that the default umask (under OSX Server) for sftp uploaded files are 0033 (ie: rwxr–r–) and directories are 0022 (ie: rwxr-xr-x). This creates a problem when one user uploads a file and another user downloads/modifies and tries to re-upload it — they simply can’t because the group permissions are wrong.

If we were using ftp (which we are not) there are some solutions on the net that allow you to modify the startup parameters for the ftp server so that the default umask for all files is 0013 — which would allow a group of people to share/overwrite each others files — but we are using ssh only.

So we came up with two other solutions — a shared upload account and/or a cron job that would modify the group permissions on the website directory to allow group sharing. We went with the second solution and that’s where I ran into so many problems that I decided to create this post. You see normally Unix users know that spaces (and strange characters) in filenames are a no-no. Well that’s not true for Windows and Mac users, they use spaces and other odd characters in their filenames/folders all the time.

I started writing — what I thought was — a simple “for loop” script to go through the website folder and change the group permissions. Of course on the first try things didn’t work nicely because of spaces, so I started compensating for that and came up with:
for i in `find /Path/to/www -type d -print0 |xargs -0 -n 1`
This kinda worked, but the for loop would still split the lines when it hit spaces in filenames. I tried to mess around with it and gave up. After RTFMing a bit more I tried:
for i in `find /Path/to/www -type d -exec echo \"{}\" \;`
The thinking behind this was that the exec would echo the filenames quoted and it should work….well it didn’t, the for loop still split the input lines at spaces.

Finally after a latenight RTFM session (and lots of cursing), I think I’ve found the ultimate file handling loop statement:
find /Path/to/www -type d ! -perm -g=wx -print0 | while IFS= read -rd $'\0' filename
Okay so this version uses “while” rather than “for” but it works like a charm and chews through spaces and all other kinds of weird chars and creates a output stream that’s ready to be used by your choice of commands (chmod in my case).

After trimming and optimizing the script a bit, here is the final product:
# The following find will search for
# all files under /Path/to/www, that
# are NOT symlinks, and do NOT have
# group write permission. The list is
# "\0" seperated and the while portion
# will loop around this character and
# ignore everything else in the path.
find /Path/to/www ! -type l ! -perm -g=w -print0 | while IFS= read -rd $'\0' filename
# We've found a directory with no group
# write permission, so fix it.
if [ -d "$filename" ]then
chmod g+rwx "$filename"
# echo Directory changed
stat -l "$filename"
# We've found a file with no group
# write permission, so fix it.
if [ -f "$filename" ]then
chmod g+rw "$filename"
# echo File changed
stat -l "$filename"

Hopefully you’ll find this code (or portions of it) useful for your own day-to-day hack-and-slash solutions to annoying problems. Let me know if you come up with an even better solution :-)

screen…it’s not just for nerds anymore.

datePosted on 20:26, October 7th, 2007 by Many Ayromlou

So after hearing from people at work how great the “screen” command was (yeah welcome to gnuland boys and girls), I decided to do a short tutorial on screen. This way I can stop telling them to RTFM and instead tell them to RTFB (Blog). Anyways, What is “screen” first of all….From the pages of wikipedia:

GNU Screen is a free terminal multiplexer developed by the GNU Project. It allows a user to access multiple separate terminal sessions inside a single terminal window or remote terminal session. It is useful for dealing with multiple programs from the command line, and for separating programs from the shell that started the program. GNU Screen can be thought of as a text version of graphical window managers, or as a way of putting virtual terminals into any login session. It is a wrapper that allows multiple text programs to run at the same time, and provides features that allow the user to use the programs within a single interface productively.

Think of screen as a Virtual Machine (I know it’s not but bear with me). Once you run the command, the ‘virtual machine’ takes over and allows you to create multiple interactive command line sessions. In each of those sessions you can run commands that are either interactive (menu based) or serialized. Once you’re done you can disconnect the session — keeping in mind that the session is actually alive and running, including all the programs that were spawned inside that session — go to another computer and ‘restore’ the session with all the programs still running. By far one of the coolest things about screen is that it automatically allows you to nohup your commands, by just disconnecting the session and reconnecting to it later. So without any further due here is screen:

Obviously you need to run it, so first step is to type screen at the command line. When you do that you get a new shell window and the adventure starts. Remember that pretty much all screen commands start with Ctrl-a followed usually by a character (ie: you press Ctrl button and c together, let go, and follow it with the character).

So now you have a new shell, run a command (ie: pine, vi or something). Okay so now we can simulate you leaving your machine and detaching your session.

– To Detach : Ctrl-a d (this will detach the session but your command is still running inside that screens shell….you’ll see)
– To Reattach : screen -r (without the quotes. You should get the session back with whatever command you were running in it).

So now you’ve got the very basics of screen. Detaching allows you to run commands, leave them halfway, detach and go somewhere else and use Re-attach to restore the session.

Now, how about multiple sessions. Yeah you can do that too, one screen process with multiple sessions inside it.

– Use screen -r to reattach to your process (If you haven’t done so already). Note that your program is still running (say vi). If you now want to run lynx for example you can use the Ctrl-a c command to create another session (c for create). So now you have two sessions inside your “screen virtual machine”.
– Use Ctrl-a n and Ctrl-a p to flip between sessions (n for next and p for previous). You can also create more screens with Ctrl-a c. Lets create 2-3 more sessions.
– Use Ctrl-a followed by a number between 0-9 to switch between up to 10 recently created sessions.
– Now use Ctrl-a d to detach from the session, logoff (don’t reboot, that will kill the screen process) and log back in. Now reattach to the process using screen -r. Note that all your sessions are still there (you can check using Ctrl-a n and Ctrl-a p to cycle through the sessions).

One last thing before I take away the training wheels, to kill your screen process (and all sessions running inside it) use Ctrl-a Ctrl-\.

Okay, so here is a small list of the many screen options and commands:

Ctrl-a “ : gives you a full screen list of all your sessions and you can scroll down to the one you want to switch to and press Enter (remember to get you have to use Shift-‘ and ESC gets you out of the list).
Ctrl-a A : (that’s a shift-a) allows you to give a meaningful name to your session window.
Ctrl-a k : allows you to kill your current session (not all sessions spawned inside a screen process, just the current session).
Ctrl-a S : will split your current session screen in half. It is easy to confuse Ctrl-a S, which uses a capital ‘S’ with Ctrl-a s, which uses a lower case ‘s’. The upper case command causes screen to be vertically split (that is, with one region on top of the other), while the lower case command causes the parent terminal to freeze (Scroll Lock). To unfreeze the parent terminal, use the Ctrl-a q command.
Ctrl-a : will jump between the regions in a split session. Keep in mind that the new region will have nothing in it until you designate another open session to pop in there using Ctrl-a p and/or Ctrl-a n which will cycle the next or previous session into the new split region.
Ctrl-a X : (that’s a shift-x) will close a region (ie: split region goes back to full).
Ctrl-a + : will enlarge the current region (and shrink the other).
Ctrl-a – : will shrink the current region (and enlarge the other).
Ctrl-a M : (that’s a shift-m) allows you to monitor the current window for output. I use the MSN command line client pebrot occasionally, and always set its window to notify me when something happens (ie: a join message).
Ctrl-a _ : does the same thing as above, but in a opposite way. It switches into the monitoring mode for 15 seconds of silence, which triggers a notification in xterm’s status area. So when our compile finishes, we will be told so even in another session.
Ctrl-a [ : will place you in copy mode. Use this when you need to copy some text from one session to another. Do Ctrl-a [ in the source session to enter copy mode (you can exit copy mode using ESC). Move around using cursor keys to the beginning of where you want to start copying and press Spacebar to mark the beginning. Now move to the end and press Spacebar again to mark the end of your copy block. You can now switch to another session, move to where you want to paste the block and press Ctrl-a ] to paste what was put in the buffer.

Here are a couple of more useful startup screen commands:

screen -ls : will list all the screen processes running under your userid (yes you can run multiple screen processes with multiple sessions inside each).
screen -r screenname : restores a specific screen process.
screen -R : will try to reattach if there is a detached process, if not it will start a new process.
screen -D -RR : this is the “I want control now” command. It will detach already attached clients and attach to the first session listed.

As usual screen is controlled via .screenrc file for configuration parameters (there is a system wide file in /etc/screenrc and the personal one in your home directory, under ~/.screenrc). You can add the following commands in your personal .screenrc to make life a bit simpler:

#kill startup message
startup_message off
# define a bigger scrollback, default is 100 lines
defscrollback 1024
# An alternative hardstatus to display a bar at the bottom listing the
# windownames and highlighting the current windowname in blue. (This is only
# enabled if there is no hardstatus setting for your terminal)
hardstatus on
hardstatus alwayslastline
#hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "
#hardstatus string "%{= mK}%-Lw%{= KW}%50>%n%f* %t%{= mK}%+Lw%< %{= kG}%-=%D %d %M %Y %c:%s%{-}"
#hardstatus string "%{= kG}%-Lw%{= kW}%50> %n%f* %t%{= kG}%+Lw%< %{= kG}%-=%c:%s%{-}"
#hardstatus string "%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %d/%m %{W}%c %{g}]"
hardstatus string "%{gk}[ %{G}%H %{g}][%= %{wk}%?%-Lw%?%{=b kR}(%{W}%n*%f %t%?(%u)%?%{=b kR})%{= kw}%?%+Lw%?%?%= %{g}][%{Y}%l%{g}]%{=b C}[ %m/%d %c ]%{W}"

As usual there is a lot more to screen, so once you’ve got the basics nailed, take a peek at the man pages for more goodies and don’t forget…..Command line is your friend :-).

Couple of cool remote ssh commands for your UNIX arsenal

datePosted on 18:41, August 4th, 2007 by Many Ayromlou

Here is a easy way to copy an entire directory tree from one Unix machine to another, while retaining the permisssions and ownership, using ssh as the middle man. Assuming that you want to copy everything under source_directory to destination_directory on another machine here is the command you would issue on the source machine (first cd to the directory containing source_directory):
tar -cf - source_directory/ | ssh "cd /somedir/destination_directory ; tar -xvlpf -"
or if you want to copy everything from the remote server’s source directory to the local machine’s destination directory:
ssh "(cd /somedir/source_directory ; tar -cf - .)" |(cd /somedir/destination_directory ; tar -xvlf -)
Here is another similar command that allows you to backup a HD partition to another host via ssh:
dd bs=1M if=/dev/sdb | gzip | ssh "cd /destination/directory ; dd of=sdb.gz"
I have not bothered dissecting these commands, since I assume you are familiar with Unix and Shell commands. Please note that these commands will most likely not work in OSX, unless you’re working on datafiles only (ie: html files, txt files). Program files under OSX could potentially get corrupted if copied via the first command.

One last command which I came across the other day…..If you’re ever in need of a stop watch just use your shell to measure time. Issue the following command and wait a bit. Now interrupt it via Ctrl-C and it will show you how much time has passed. NOTE: Nothing happens when you issue the command, only when you stop it via ctrl-c.

time cat
Have Fun….

Immediate delete for USB drives under OSX

datePosted on 23:18, July 28th, 2007 by Many Ayromlou

Okay so how many times have you “deleted” a file on a USB drive under OSX only to find out later that the storage is still tied up in .Trashes directory. Well there is a easy way to fix this. Open terminal, cd to your USB drives root directory (mounted under /Volumes) and issue the following:
rm -rf .Trashes
touch .Trashes

This creates a file called .Trashes on your USB drive (don’t worry the file size is zero). The side effect of this is that if you delete files off the USB stick, OSX will delete them immediately (since it can not create a .Trashes directory).

Find your Mac’s Serial number from CLI

datePosted on 17:15, July 28th, 2007 by Many Ayromlou

Okay couple of quick ways to find the serial number of your mac.
ioreg -l|grep IOPlatformSerialNumber|awk '{print $4}'|cut -d \" -f 2
ioreg -l | awk '/IOPlatformSerialNumber/ {print $4}' | sed 's/\"//g'
Very useful when you’re logged into your Mac remotely and call apple helpdesk with a issue.

Couple of quick shell tips

datePosted on 14:54, July 28th, 2007 by Many Ayromlou

Okay these are bash goodies, so they’ll work in any environment. If you’re in a situation where you’re switching between two different directory paths over and over again, here is a quick tip
cd -
Another little annoyance that I’ve gotten around is when you want to edit a system file and you type in the command (ie: vi /etc/this/is/a/really/long/path/config.cfg), only to realize that you forgot to sudo. This used to mean that I would quit vi, curse, recall the command, insert a sudo infront of the vi command and try again….well here is the quicker way.
sudo !!
This will (re)sudo your last command. And if that’s not enough you can actually narrow the sudo down to the last command that started with a certain string.
sudo !apache
Which will look in the history file and (re)sudo the first command that contains the string “apache”.

Quickway to check your DNS settings under OSX

datePosted on 22:58, July 27th, 2007 by Many Ayromlou

This is another CLI command, so get your terminal ready. This gives you a quickway to check the DNS settings on OSX. Now one way is to just cat /etc/resolv.conf , but what if you wanted to see what the system is actually using (not just what it was configured for). Well scutil comes to rescue and gives us an interface to the “dynamic store” data maintained by configd. Here is the command:

scutil --dns
The output will list all four resolver your system is configured for. scutil is another one of those deep OSX commands, so I suggest you have a look at the manual for it (man scutil) or get on google and search for more details (Tech Zendo has a detailed article on how to perform actions during fast user switching, AFP548 also has a great article on how to setup NIC failover).

OSX Directory Services from Command-line

datePosted on 19:42, July 27th, 2007 by Many Ayromlou

New day, new command. dscl is the command in question. It gives you access to Mac OSX’s Directory Services Command Line interface. Very powerful stuff for those of us who like the command line and hate to do the same task a million times. A useful example is the ability to grant Administrator privileges to a user from command line. Normally you would have to pull up System Preferences/Accounts/Click User and check the “Allow user to administrate this computer” box. Well not anymore….Here is how:

  • First you probably want to check who is an admin on the machine in question:
    • dscl . read /Groups/admin GroupMembership
  • Next you might want to add a user (we call him uberuser here) to the admin list:
    • dscl . append /Groups/admin GroupMembership uberuser
  • And maybe you want to revoke the admin privileges for user uberguber:
    • dscl . delete /Groups/admin GroupMembership uberguber
  • To see all the Directory information for user www:
    • dscl . -read /Users/www
  • To see all the Directory information about group admin:
    • dscl . -read /Groups/admin

There are probably a ton more things you can do with dscl, but that’s beyond the scope of this article (and my knowledge)… man dscl and have fun reading.