Blog

This month we’re going to look at permissions, in MacOS X. In past articles I’ve explained that MacOS X is a multi-user environment, due to its UNIX underpinnings. UNIX systems, since their introduction, were designed to be multi-users machines. There are various real and virtual users on your Mac belonging to groups, such as staff, admin and wheel. By default we Mac users belong either to the admin group or the staff group. If you’ve already tried to install any applications on you Mac you will have had to authorize the installation by giving your username and password. If you were successful, it was most likely due to the fact that you belong to the admin group.

You may have also been exposed to File Sharing in earlier versions of MacOS. Access to file servers and other services are also controlled using the same model as that designed into early UNIX systems. Every single file and every directory has a property that controls how it can be accessed. There is the owner or user, the group he belongs to, and everyone else or others. Along with each of these three associations, is whether the user or group can read, write or execute the file or folder.

Let’s have a closer look, as I explain more. Open up the Terminal application (Applications >> Utilities >> Terminal.) Once again we start in your ho0me directory. At the prompt, type ls -l to do a long list. You’ll see a variety of files and folders listed:
-rw-r–r– 1 timmitra staff 4707 Jun 12 2002 stickers.pdf
-rw-r–r– 1 timmitra staff 37 Feb 2 19:59 test.txt
drw-r–r– 1 timmitra staff 387 Oct 23 22:27 systems
At the beginning of the list we can see the type of item and the permissions. After that we can see the user, the group, the size in bytes, the modification date and finally the name.

Lets create a directory where we can play with the permissions. Type mkdir test and we’ll make a directory called test (Choose a different name if you already have a file or folder called test.) Type cd test to call (or enter) the directory test. Let’s make some files; Enter touch file1 file2 file3 and we’ll create three files at once. Type ls – l to check our progress.
[timsg3:~/test] timmitra% ls -l
-rw-r–r– 1 timmitra staff 0 Apr 9 00:42 file1
-rw-r–r– 1 timmitra staff 0 Apr 9 00:42 file2
-rw-r–r– 1 timmitra staff 0 Apr 9 00:42 file3
What we see in the permissions area is 10 characters. The first in either a – for a file or a d if the item is a directory. The next nine characters are groups of three, The first three are for the owner, the second the group and the third everyone else. In the example the user timmitra can read and write. Members of the group staff can read and so can everyone else (other).

To change the permissions we’ll use the chmod program. There are two ways to use chmod , We’ll look at the relative method today. User is represented by the letter u, group is g, others is o and to change all three we’ll use a for all. To add a permission we’ll use “+”, to take away “-” and we’ll use “=” to make it exact. The syntax is chmod permissions file(s).

Try this: chmod go+x file1 then type ls -la to see the result. You should see that we’ve added execute to file1;
-rw-r-xr-x 1 timmitra staff 0 Apr 9 00:42 file1

Here’s how permissions work. With directories the read permission means a user can list the contents with ls. The write permission means the user can add, rename and delete items in the directory. The execute permissions allows a user to access (cd) the directory. The user also has to have access to the parent directories. This how your files are protected from and or shared with other users. (Note: system superuser aka root can access any file on the system.)

With respect to files, the permissions affect the contents of the file. Read allows a user to read, write allows a user to modify the file. Execute allows the user to run the file if it’s a program (like a shell script.)

I’ll leave you with some examples to try. (Note: I’ll use commas to separate user permissions.)
To protect a file from others use: chmod u+rwx,go-rwx filename
The owner can read, write and execute while group and others will have no access. To protect a file from accidental writing use: chmod a-w filename
No one will be able to modify the file. To protect a directory from group and others: chmod go-rwx directoryname
To give read only access to a directory use: chmod u=rwx,go=rx directoryname

Next month we’re going to look at remote access, where permissions also play a big part.

Back in October we started down the road of learning Unix. You may also remember that I said that with Apple’s new operating system MacOS X, we weren’t just given a new look . In fact MacOS X is built on top of a Unix kernel, which makes for a stable, relatively crash-free experience. It benefits from multi-threading and multi-tasking. The most important part of using a Unix based operating system is the great assortment of Unix applications that come installed.

Unix is a collection of small but efficient applications. Each one performs a basic task. In the October article, I introduced a simple one, whoami, which returns a basic answer. The application, who, “prints” the result, or “returns” (geek-speak) the answer on the Terminal screen. (Applications>>Utilities>>Terminal.)
If you type it formally;
who am i
The result printed back is;
tim ttyp1 Nov18 22:47
This is what is returned; “tim” is the name I logged in as, “ttyp1” is the name of the terminal, and the date.

I should also point out that who and whoami are really different applications. If you check their manuals you’ll see that they both have different options. Manual? “What manual.” you say? Another cool thing about most of these little utilities is that they come with manuals installed. These manuals are referred to as “man pages”.
Type this on the command line;
man whoami
Your Mac will go off and find the man page for whoami and print in on the Terminal. MacOSX opens the man pages one screen at a time, for easy reading. Each screen full will end with a “:” and a prompt. Hit the “Space Bar” and the page will scroll down, one page at a time (“B” will scroll upwards.) until you see “(END)”. Hit the Space Bar once more, the man program will exit and you’ll be back at the prompt.
Hint: It is helpful to open a second terminal window, File>>New Shell (Cmd-N). Now you can read the manual while running the application in the first window.
If you look at the man page for who you’ll see a list of available options. I alluded to options in October. Options are added to the command line to extend an application. They are usually separated by a space and begin with a hyphen.
As an example;
who m
tim ttyp1 Nov 18 22:45
This returns the user information about the current terminal, just like whoami does.
who u
tim console Nov 18 22:45 00:36
This returns the user information and the idle time. You may remember that Unix is designed to be a multi-user environment, which is why it can be important to know who is logged in to the system.

You may not realize it if you’re on a single user machine, but you have in fact logged in. When you installed MacOSX the Setup Assistant created a username and password for you. It also assigns you a “home” folder. All users on a Unix system have a home folder and on MacOSX it’s created in /Users directory.

This brings up another Unix mystery “What are all these other folders for and how do we navigate them?” Remember the pwd application tells you where you are. When you start a new terminal window (or shell) you are in your home folder. If I enter pwd at the prompt and hit Return (or Enter.)
[Tims-G3:~] tim% pwd
/Users/tim
It returns “/Users/tim”, which translates the actual (or absolute) path to the folder. What I have been loosely referring to as the prompt on Mac is:
“[Tims-G3:~] tim%”, which gives me the Rendezvous name of my Mac ( a Jaguar technology,) a colon “:”, a tilde “~” (short for home) and my username and a percent sign (to indicate that I’m a regular user.) The pwd app returns the “present working directory” on the next line.

The metaphor that is used in Unix, similar to Mac or Windows, is of a directory tree. On your Mac it may start at “Macintosh HD. On Windows it starts at “C:” In the Unix shell the tree starts with a “forward slash – /” which we call the “root” directory. We then navigate down (I prefer to say “down”, to say that things are under the root directory) with a utility, “cd”, to call or change directories.
To get to root ry this:
cd /
ls
and you will list (ls) the contents of the root directory. You will see items such as Applications, Library, System, Users, but you will also see a number of Unix directories that are made invisible to the Finder. The directories; bin, dev, etc, sbin, tmp, usr, var are present on most Unix systems.

System wide applications are stored in “bin” (binaries), “dev” contains information about devices, “usr” stores user scripts, “var” contains preferences or variable items, and “etc” contains systems settings and apps. They are the Unix equivalents of Applications, System, Utilities and Work In Progress.

To get back home you can enter;
cd /Users/tim (enter your username instead of mine.)
or
cd /~
as the tilde is the short cut for Home.

Starting at root again (cd /) you can also get to Home by calling the directories relatively, by first entering cd Users and then cd tim. Starting at the root directory “Users” is a subdirectory (or relative to root) but “tim” is not. From root cd tim will result in a “no such file or directory” error.

If there were another user on the system you can navigate to her directory by entering the path relatively or absolutely. cd ../ will navigate up a directory, so from your home
cd ../carol will go up to the Users directory and down into the carol directory. Of course you can also get there by entering cd /Users/carol .

Now your homework is to get into the shell and navigate around. Use ls and ls la and try to cat and more some files Not sure what I’m talking about? Check the man pages See you next month.

It’s always something! About five years ago I heard about the Linux operating system and I thought “Hey, it would be really cool to run UNIX on my Mac!” So I went out and bought a copy of MKLinuX and began to install it. After a couple of hours of cryptic installation instructions I was ready to reboot my Mac. I hit the “bing” button, you know the one that goes “bing” – then starts the Mac, and had one of those “Oh my God!” moments.

I saw no “Happy Mac”! Gone was the “Welcome to Macintosh” that makes all Mac users feel good about the world. Instead I saw a stream of white text messages on a black background. Then it hit me. This really is UNIX. For about another hour I fumbled around until I discovered how to start “Xwindows” and run “KDE”, one of the many UNIX GUIs. I played a game of chess, looked around and then gave up. It was just another GUI. Nothing more than MacOS or MicroSoft Windows, but I can’t describe the feeling at the pit of my stomach when my world turned that corner.

I received another shock last month when after happily installing MacOS X Jaguar (10.2). I hit the “bing” button and waited to be amazed. What I saw brought that same look of horror to my face. The “Happy Mac” was gone! Instead it has been replaced with a grey “Apple” logo. This was such a statement that I called my co-worker into the room to witness the moment. Apple has shelved the “Happy Mac” along with Clarus the cowdog (“Moof!”) and the politically incorrect rainbow Apple logo. Is Apple trying to tell us something? Is it time to get off the fence and join the rest of the Mac world and move to OSX?

Well. Not just yet. If you read my column last month you’ll remember that the missing piece of the OSX puzzle is Quark Xpress, at least for us publishing types. The rumor mill has recently started buzzing that Quark is getting set to release a MacOS X version of Xpress early in 2003, at about the same time that Apple will ship Macs that will no longer boot into MacOS 9. Armed with these thoughts and my newly acquired copies of Illustrator 10 and PhotoShop 7, I went ahead with the Jaguar install.

Don’t get me wrong I actually love MacOS X and use it every day. However, I use it on my PowerBook, where I run Office X and do my PHP/MySQL web development. MacOS X isn’t running full time in our prepress production yet. We do run a couple of MacOS X file servers, which are rock solid and relatively maintenance free. Being able to run Word and Excel along with X versions of BBEdit, etc. has been great. If Xpress was MacOS X ready, we could all make the switch.

Illustrator 10 and PhotoShop 7 run very well on Jaguar and Apple’s software engineers have greatly improved the speed with which Classic starts. Classic is the MacOS 9 environment that older apps such as Quark Xpress, run in. Sure it’s a compromise, but there aren’t many applications that won’t run in Classic, if necessary. If you are really determined, you could switch to OSX now, but if you are like most healthy skeptics you would prefer to wait until you can get the most out the move. When Classic launches you get all the familiar OS 9 bits back : The Apple Menu, the Chooser, and your “classic” fonts, etc.
What happens next January when Apple ships those “MacOS X PowerMacs”. Well if you can stand the waves of “must have the latest Mac” envy, nothing will happen. You’ll continue to crank out pages, PDFs, posters and film (“Film!?!”) like you did in December. There is no need to dash off to the nearest Mac dealer to get your “new” Mac fix. Let Steve Jobs stand up there and demo the latest iCandy, while actually demonstrating that he’s forgotten the most important thing. That the publishing market segment made it possible for there to be a Apple Computer for him to come back and iRescue!

The rumor mill skeptics will continue to doubt that Quark will have a product ready by January, as do I. Remember it took them over four years to ship version 4.0, spurred on by the debut of InDesign. You may have also heard that there aren’t MacOS X drivers for your SCSI this or your Fast Ethernet that. Just remember this, if your still running a Mac that has a ABD keyboard, or SCSI peripherals, Apple forgot about you three years ago when they shipped their first million iMacs. Here’s the sage advice: Leave the jaw dropping moments to guys like me who regularly deal with a constant flow of “Sad Macs”. I’ll help you make the move to OSX – you won’t regret it.

PS. More UNIX stuff next time. I promise.

OS X Is a Treat, Now For the Tricks!

Mac OS X has now entered it s third official incarnation with the release of Mac OS 10.2 (Jaguar.) While not all the major apps have joined the party there are many new opportunities for users who have made the move. Apple has announced that new Macintoshes, shipping in January 2003, will only boot in OS X and only run Mac OS 9 and earlier applications in Classic mode. Native applications; Microsoft Office and Adobe s Photoshop, Illustrator and InDesign make Mac OS X a compelling choice.
I am telling you that this is one of the best things to happen to computing.

Hidden applications abound
When you install OS X on your Mac you also have installed a slew of UNIX applications. Apple marketing talks about iTunes, iMove and their new Mail application but they don t tell you about ls, cat, grep, to name a few of the installed UNIX apps.
When a UNIX application crashes (and they do) your OS is not tripped up. The app crashes and the Mac marches on. Ask any iMac or G4 user who is running Mac OS 9 what happens when an app crashes? Their keyboard and mouse are controlled by USB software can t can t even perform the three-finger salute. The only option – press the Reset button to get back to work.

The epitome of stability
I’ve been running OS X for the last two years and I’ve lost count of how many times my individual apps have crashed. But I can easily tell you how many times I have had to restart my Mac.
In daily life I manage twelve servers that run 24/7. All of them are UNIX servers that rarely need to be restarted. They run on Sun OS, SGI’s IRIX, Mac OS X and there’s even a Quadra 700 running Linux. All of these servers share the stability of UNIX and the utility of the applications. I should also admit to running Windows NT and 2000 servers, which need to be rebooted every couple of weeks. (Maybe Microsoft thinks Restart is an application!)

I didn’t do it because I liked it!
I became a UNIX user under duress after successfully avoided it for years.
I was bitten by the Macintosh bug in the late eighties, while working as an Art Director. I bought the Mac to enter into the world of CAD/CAM using Adobe Illustrator 88, but CAD/CAM quickly became Desktop Publishing.
You see we had QuarkXPress and needed to produce a company price list. You can probably guess the rest. But how could we get the data off our IBM 36 and into Quark. Hmmm!
Today I would start by saying, “No problem” and tell you that we could export the data to a text file and use PHP and MySQL on a Mac running OS X, and publish the data dynamically on the web! Actually, I would have said, “No problem” in the eighties but I didn’t know all this UNIX stuff back then. I have been evangelizing the Macintosh ever since. I now take great pleasure in evangelizing the new and improved Mac OS with extra added UNIX! If only QuarkXPress would run under Mac OS X! But that’s another story.
The most interesting aspect of Mac OS X is the dual nature of this marriage of operating systems. The Macintosh had always been a closed system. Users benefited from the relative ease that the Macintosh offered, but there wasn’t any way to tweak the system. Apple presented a computer that used everyday metaphors such as the desktop, folders, and trash cans to make computing easy for us average guys.
Apple has taken the mystery out of UNIX buy supporting the Aqua interface, which owes much to the Mac experience. They have even ironed out some of the stubbornness out of the UNIX command line. If you make a simple mistake the system suggests the correct command.

Try this right now!
If you re running Mac OS X go to your Applications folder, where you’ll find the Terminal among the other apps. (Drag the Terminal to the Dock, to keep it handy.) Double click the Terminal to start it up. Go ahead it won’t bite. The first thing you may notice, beside the fact that there are no menus or icons to click, is that it says (in my case)
localhost:~] tim%
and the curser is blinking. That s where you enter commands.
The localhost tells you that you are working on your own machine. Every UNIX machine is in fact a server or a host . You are on your local host. Next you see the username that you logged in with, and a % sign which indicates that you re a regular user.

Something else to try
Try this; type “whoami” and hit Return or Enter. Look at that! That s who you are! Even better than that you’ve just successfully run you re first UNIX application!
The next thing you need to know is where you are. Type “pwd”
and hit Return. The terminal answers back with “Users/tim”
which is to say that your present working directory (pwd) is your home directory. All users have a home and all users home directories are kept in the Users folder on Mac OS X.
To see what’s in your folder you list it. Try this: Type ls and hit Return. You’ll see all the file names listed in rows and columns across the screen. For more detail type ls -la , which means list long and all. Most command line apps options are entered usually with a hyphen, to extend the application. What you see when you do a long list is the type, permissions, links, the owner, the group, the size in bytes and that date and time the file was last modified. (We’ll cover the details in another article.)
By the way, if you want repeat a command, hit the up arrow key. The previous command will be displayed. You can use the left arrow to move to the left and edit the command.
Here’s the last trick. To create a blank text file you would type touch test.txt on the command line. Once you hit return you have created ( touched ) a new empty file in your home directory. Go ahead and type ls -la to see it. Now type echo Hello World and hit return. Echo sends the words Hello World to your screen. Hit the up arrow to bring back the last command. Add this > test.txt so that the whole command looks like
echo Hello World > test.txt and hit Return. You see nothing because the output was set into the file by the greater than >. To read the file test.txt you would type cat test.txt. Cat is short for concatenate, and it will read a file and show it on your screen. As you can see you have displayed the contents of the test.txt file to your screen: Hello World. Look at you, you just created your own file and wrote to it! (If you want to add to your file use >> instead of > . The former will append the text to the file.)
That s enough UNIX for today. Now go out and play!