Macintosh-Admin

Here was a new one for me. A Mac OS X 10.5 Leopard Server file server had been unresponsive to Apple Remote Desktop and wouldn’t display video for about a week. I could still SSH in and the AFP services it hosted were functioning normally, so I left it for a “later” project. Well, this morning I was notified that some of the AFP shares were no longer listed due to a power outage affecting the RAIDs connected to it.

No worries, restarting the AFP service or rebooting should resolve that. Only it didn’t. There was high usage by syslogd and I found tons of the following messages in /var/log/system.log:

Record of type dsRecTypeStandard:Config named ‘ServicesInformation’ already exists in /Local/Default. Trying with new name: ServicesInformation1

Others have run into this before, and it seems to be a corruption of /var/db/dslocal/nodes/Default/config/ServicesInformation.plist. In my case, there was some file system corruption, so I did the following:

1. Booted from another drive w/Disk Utility and SuperDuper!
2. Verified the disk using Disk Utility (which failed.)
3. Backed up the drive with SuperDuper! (Just in case.)
4. Repaired the volume with Disk Utility (successfully.)
5. Booted into Single User Mode.
6. Backed up /var/db/dslocal/nodes/Default/config/ServicesInformation.plist and removed all the extra ServicesInformation*.plist files.
7. Rebooted from the original boot drive.

What I found while fixing this:

• The ServicesInformation.plist was corrupted and contained text regarding a disk full error, so that’s likely the cause of the corruption.
• I was able to just delete ServicesInformation.plist and let it regenerate without detrimental effects, but be dubious.

I’ll admit it: I rarely ever work with Access Control Lists. Most of my time is spent in web server land where POSIX permissions are more than adequate, so I just fire up Server Admin if I have to add an ACL.

However, a co-worker recently ran into an ACL mess after a client converted their server from Standalone to Open Directory Master and back again. So, how to strip all ACLs so you can start over? It’s probably dangerous or some command I’m not familiar with, right? Nope.

The following call to chmod will recursively remove all ACLs:

chmod -RN /path/to/directory

Voilà!

The other day I was having some issues with my VPN and Mail server working correctly. After narrowing down the issue to it being my firewall blocking the issue, I went out on a hunt to locate the possibility to be able to flush out the current rules from the firewall. OS X Leopard Server uses ipfw as it’s firewall implementation. Even OS X Leopard client uses ipfw! Fortunately it’s pretty similar to iptables which we also use on our Linux servers so there was a way to flush out the current rules. Simply using the following command will remove all the rules that haven’t been saved (which can be done either via the command line or through that nice Server Admin GUI tool):

sudo /sbin/ipfw -f flush

Once that’s run, you have have a peek back inside the Server Admin tool and you’ll notice under the Active Rules there should be none or only a couple. You can also show the list from the command line (which you’ll probably want to do under client since it doesn’t work with the Server Admin tool. Use this command to do so:

bash-3.2$ sudo /sbin/ipfw list
65535 allow ip from any to any

As you can see, I allow everything on my client machine, but on the server:

palomino:etc jimmybrancaccio$ sudo /sbin/ipfw list
00001 allow udp from any 626 to any dst-port 626
00010 divert 8668 ip from any to any via en0
03885 deny ip from 58.251.59.9 to any
03890 deny ip from 89.96.140.154 to any
03895 deny ip from 211.143.101.226 to any
03900 deny ip from 212.222.147.130 to any
03905 deny ip from 58.185.182.212 to any
03910 deny ip from 76.17.182.127 to any
03915 deny ip from 202.102.245.109 to any
65535 allow ip from any to any

There’s currently some blocks in place. Anyways, just a couple useful ipfw commands!

Looking for a way to jazz up your Terminal.app? Here’s a quick and easy way to do so! Open up Terminal first, then type in nano -w ~/.bash_profile This will open a command line-based text editor. The file you’re editing is one that gets loaded every time you open a new Terminal window (or tab). Paste or type in the following at the end of the document:

export CLICOLOR=1

Then hit Ctrl+O and Ctrl+X. These key commands save the file and exit the editor. Now, open a new Terminal window and type in ls. This will list the contents of the folder you’re in (which should be your home folder) and the titles of the folders should be colored as shown in the above screenshot!