The Unix command line is where many (if not most) of OS X’s security practices were born--and it’s still the place to go to lock down files, resolve system conflicts, and erase your tracks.
10. Compress And Password-protect A File or Folder
Password-protected archives can’t be expanded by the Finder, a limitation that adds another layer of hassle, er, security.
The Finder can make zip archives from files and folders in one click from the File menu or the contextual menu summoned with a Control-click. When security is an issue, the Terminal’s zip command supersedes that with its ability to encrypt archived files and folders. The encryption standard is relatively weak by military or industrial standards, but it should be more than enough to defeat a nosy boss or family member. To create an encrypted archive from a folder in the current directory, execute zip – re name-of-archive name-of-folder, replacing name-of-folder with the name of the folder you’d like to compress and name-of-archive with the name you’ve chosen for the zipped file. To retrieve the contents of an encrypted archive, execute unzip archive-file-name.
11. Fix File Permissions
When permission errors prevent you from accessing files or folders, chmod and chown can sort them out.
In a multiuser system such as OS X, file permissions ensure privacy and security. Now and again, though, they can cause problems, especially when different users are swapping things through a shared folder on the same machine. If the permissions controls in the File Info dialog fail to resolve a problem, chmod and chown are certain to.
Generally, chmod is used to assign role-based permissions for users other than the owner. To ensure that anyone can open and modify a file, execute sudo chmod 777 path-to-file, where path-to-file is replaced with the actual file path, which you can generate automatically by dragging a file from the Finder window into the Terminal window.
This assigns full permissions to anyone who uses that machine, which is bad for security but good for convenience. For more limited permissions, execute sudo chmod 644 path-to-file.
This allows anyone to access and open the file, but only the file’s owner can modify it. To modify permissions on a folder and all of its contents, add the -R option after the command name.
Chown, on the other hand, assigns ownership of a file to particular user. If a file you’ve copied from someone else’s account refuses you access, execute sudo chown your-short-user-name path-to-file.
12. Securely Erase Free Space On Your Dard Drive
Disk Utility’s 35-pass standard provides a high degree of security, but can take days to complete on larger drives.
It may sound strange, but deleted files aren’t actually deleted. Emptying the trash merely marks hard drive space as available, without actually removing the data that occupies it. When new data needs the space, it writes over the old data, but until then, anyone with the right software can still recover the original data--and sometimes even after.
Disk Utility offers a one-line Terminal command to scrub free space of existing data. Execute diskutil secureErase freespace 3 /Volumes/name-of-drive. The utility will write to each drive sector 35 times, using a special algorithm. Thirty-five passes is well above the U.S. Department of Defense’s own standard for erasing data, which requires only seven passes.
Be Careful With Sudo
Note that chmod, chown, and several other commands in this tutorial are running under sudo, which requires an administrator’s password before executing the proceeding command, because it executes commands as the administrator, overriding the system’s usual warnings and precautions. Be extremely cautious with this—if sudo tells the system to erase the entire hard drive, for example, the system will do it, no questions asked.
vampyr
October 26, 2012 at 7:16am
I'm trying to connect to a remote computer (tip #13) and so far, typing in the password has been an issue. Firstly, each time I type in the password, nothing comes up. It's as if my keyboard died. And secondly, I may have been following the instructions wrong since I'm still new to Terminal and haven't gotten used to all the terminology and commands e.g. what's the difference between remote and local? Anyways, I seem to have done them all right since I got through every step but the password bit. Please help!
P.S. I read somewhere that the password is a 'ghost' and that I have to type it blindingly. I know the password, tried typing it, failed.
Hyperscripter
September 20, 2012 at 9:25am
I used the script "rsync -auE --progress ~ /Volumes/name-of-drive/name-of-backup-folder" to back up my home folder and named it "MyHome Backup". It apparently worked just fine, but I was just wondering where it put it ?
Also, I was wondering how I could send this from an AppleScript ?
lencybrostan
June 26, 2010 at 5:36am
Apple is been always known for the security and the Application.By default,the Terminal targets your Home directory folders are called directories in Terminal-speak. You can move to different directories by executing the command cd path-to-directory.
Mulberry Replicas
lencybrostan
June 26, 2010 at 5:31am
Apple has the tremendous impact for the application and the security.The Terminal application is Apple’s implementation of a traditional Unix command-line environment, also called a shell. Keep in mind, though, that Unix shells come in many different flavors.
triathlon
March 29, 2010 at 11:15pm
A triathlon is divided into three components: swimming, cycling and running. This can be daunting for novices and those trying a triathlon for the first time. Novice triathlon training should focus on learning how mixing these three separate sports have an effect on your body.
triathlon training programs
triathlon
March 19, 2010 at 9:33am
I'm ready to ssh into another Mac (or pc) on my home network, how do I discover their IP addresses without getting up out of my chair? I know that I can walk around the house and look in the Network Prefs to learn the IP address but I want to do it remotely. In my old Linksys router there was a panel in the web admin control screen showing the IP addresses of all the clients on my network. I don't see this in the Airport Utility for my new Time Capsule.
my first triathlon
lora.a
November 04, 2009 at 10:27pm
I am sure that a lot of people didn't know about these things when it comes to using Mac. I am grateful that you thought about us and put this information in this post for us.knee pain | pain relief
DSilda
October 28, 2009 at 6:25pm
I am the only one using my MacBook Pro. I would like to know where Permission errors come from.
brawns214
March 23, 2009 at 10:04pm
This list is great, and it goes from beginning to much more advanced.
Try
sudo !!
This reexecutes the last command entered as root. Great for when you get pesky 'Permission Denied' errorsA mac exclusive! When you have a file in the finder that you want to do something with, you can just drag it into terminal and it will put the path (the file's location) to that file where your cursor is.
Having trouble deleting a large amount of stuff from trash or taking too long to do the 'preparing to delete' thing? Try:
sudo rm -rf /.Trashes/*
or
sudo rm -rf /Volumes/Secondary-hard-drive/.Trashes/*If you forget to put the .Trashes in the command, you could end up deleting a significant amount of important stuff.
The Disciple
March 19, 2009 at 1:26pm
I executed this command "diskutil secureErase freespace 3 /Volumes/Macintosh\ HD" and it's running the erase but it seems to have doubled the contents of the HD, if only temporarily. Is this normal cause there's like Zero room left on my HD? Will it go away after the erase is complete? I just backed up w/ time machine on an external so I'm not super worried, but I'd just like to know what's going on.
Thanks
Nick
mattone
March 11, 2009 at 11:49am
I enjoy these types of articles. Keep them coming.
Re: SSH
So now that I'm ready to ssh into another Mac (or pc) on my home network, how do I discover their IP addresses without getting up out of my chair? I know that I can walk around the house and look in the Network Prefs to learn the IP address but I want to do it remotely. In my old Linksys router there was a panel in the web admin control screen showing the IP addresses of all the clients on my network. I don't see this in the Airport Utility for my new Time Capsule.Is there a way to use the terminal to do this?
Matt
Grimshaw
May 07, 2009 at 5:20am
You can use a little app called Flame that will list all the IP addresses in your network.
Bownse
March 19, 2012 at 1:06pm
Or simply log into your NAT router and look at the DHCP assignments.
ndrw
February 26, 2009 at 1:01pm
Hi,Just a quick note about Ctrl-Z. When you use Ctrl-Z to stop a job or process that is running, it doesn't "kill" that process, just interrupts it and makes it wait. This is actually quite handy at times, because you have some job control you can do afterward:1) run the "jobs" command to see a list of jobs you've got waiting.2) run the "fg %#" command to bring a command back to active from the jobs list (use the number instead of the pound symbol).3) run the "bg %#" command to let a job run in the background (great for calculations and tasks that don't have much output!).4) run the "kill %#" command to kill the job.Be sure to put the percent symbol before the jobs list number, especially with the kill command, otherwise, it will use the process id (run "ps auxw" to see a list of all processes).Cheers,Andrew
freyutss
January 16, 2009 at 12:02pm
Very good tips to follow. I am sure that a lot of people didn't know about these things when it comes to using Mac. I am grateful that you thought about us and put this information in this post for us.
______
Royal Caribbean Cruises
apstewart
December 30, 2008 at 7:00pm
I'm relieved to see you corrected the "key" on the image in tip #3 as printed in this issue of the magazine, which was grossly incorrect. Now just change #15 to use Ctrl-C to stop ping, instead of Ctrl-Z (not Command-Z) which just suspends a command instead of stopping it. Yes, the picture says "Stopped", but it's still running. Type "fg" after hitting Ctrl-Z and you'll be taken right back to the ping. Same Ctrl-Z foolishness on #17.
b_dubb
December 13, 2008 at 3:17am
i'd love to see some 411 on customizing Vi(m) on the mac. for when i want to edit a file without opening a bloated text editor (dreamweaver).
b
LeftClicker
March 22, 2009 at 8:11pm
then click Format > Make Plain Text or press Shift-Command-T. This will strip the document of all formatting (e.g. font, color, italicize, etc.).
cyberdog
December 12, 2008 at 10:29am
What a very timely article (for me at least!). I was just looking into this... It is always a hassle setting up a new computer, it would be nice if I could just run a script that would configure some/most of my system for me. I've found some commands that looked promising but ran into a few road blocks... I went to my local Apple Store and there the Genius told me that they didn't do Unix! That sucks. Here what I have so far:I randefaults read com.apple.finder DesktopViewOptions{ IconViewOptions = { ArrangeBy = none; BackgroundFlags = 0; BackgroundType = DefB; FontSize = 12; GridSpacing = 73; IconSize = 48; PropertiesLocation = botm; ShowPreviewIcon = 1; ViewMoreInfo = 0; };}I could reset the icon size or the font size or the grid spacing but not all three of them at once by using one of the following:defaults write com.apple.finder DesktopViewOptions -dict IconSize -integer 32;defaults write com.apple.finder DesktopViewOptions -dict FontSize -integer 11;defaults write com.apple.finder DesktopViewOptions -dict GridSpacing -integer 40;killall FinderI'd like to do something along the lines of:defaults write com.apple.finder DesktopViewOptions { IconViewOptions = { FontSize = 11; GridSpacing = 40; IconSize = 32; };}But this does not work. Any ideas?
cyberdog
December 11, 2008 at 11:46pm
What a very timely article (for me at least!). I was just looking into this... It is always a hassle setting up a new computer, it would be nice if I could just run a script that would configure some/most of my system for me. I've found some commands that looked promising but ran into a few road blocks... I went to my local Apple Store and there the Genius told me that they didn't do Unix! That sucks. Here what I have so far:I randefaults read com.apple.finder DesktopViewOptions{ IconViewOptions = { ArrangeBy = none; BackgroundFlags = 0; BackgroundType = DefB; FontSize = 12; GridSpacing = 73; IconSize = 48; PropertiesLocation = botm; ShowPreviewIcon = 1; ViewMoreInfo = 0; };}I could reset the icon size or the font size or the grid spacing but not all three of them at once by using one of the following:defaults write com.apple.finder DesktopViewOptions -dict IconSize -integer 32;defaults write com.apple.finder DesktopViewOptions -dict FontSize -integer 11;defaults write com.apple.finder DesktopViewOptions -dict GridSpacing -integer 40;killall FinderI'd like to do something along the lines of:defaults write com.apple.finder DesktopViewOptions { IconViewOptions = { FontSize = 11; GridSpacing = 40; IconSize = 32; };}But this does not work. Any ideas?
Jamie
December 11, 2008 at 8:01pm
And lest some users are thinking this is too uber-geeky for mere mortals such as themselves, it's worth mentioning that highlighted text from any text document can be dragged right into an open terminal window. If anyone were uncomfortable typing directly in Terminal, they could save a document of their favorite commands and just drag 'em over. Easy.
