My Mac had a kernel security level of 0. Then, I changed the kernel security level to 1.
Here's how I changed it to 1: sysctl kern.securelevel=1
I'd like to change it back to 0 because my hosts file has a system immutable flag on it.
This is the code for that- sudo chflags schg /etc/hosts
I'd like to take away the system immutable flag, and that starts with changing the security level back to 0.
I've tried to boot into single-user mode. I shut down my computer and then held down cmd+S when I rebooted. It shows a black screen and white code scrolling across the screen and then went into the regular user selection field. Then, I put in my password to log in and it showed more white code scrolling across the screen and then it logged me in and everything appears normal.
This is related to this
https://apple.stackexchange.com/questions/282339/protect-hosts-file
It sounds like you are having trouble getting into single user mode. Typically holding command-S after power on should work, but as a work around you can specify single user mode as a boot parameter.
sudo nvram boot-args="-s"
Once you are done, unset the arg(s):
sudo nvram -d boot-args
If you are using file vault, you still need to enter your username and password to unlock the volume, so don't take needing a username as an indication that something is neccesarily wrong.
The setting of the sysctl doesn't affect your /etc/hosts immutability. What does is one of two:
A) Pre MacOS 10.15, "System Integrity Protection" (SIP) adds a "restricted" flag to files in /etc, with /etc/hosts being one of them
B) In early MacOS 10.15 /etc is part of the root filesystem, which is mounted read-only, so /etc/hosts can't be modified. Also, above mentioned SIP prevents you from remounting (mount -o remount,rw /). This has later changed and /etc is redirected to /System/Volumes/Data, but you didn't indicate which version of MacOS you're on.
What to do:
Try 'df /etc/hosts' to see where /etc is mounted.
Try 'ls -lO /etc/hosts'. This will show you an extra column of flags. If you do have schg, it will be there (but it's never on by default, so likely it won't if you didn't have it on).
If you see "restricted", then you need to boot into recovery. That's CMD-R, and then go to Utilties menu, open a terminal, and then either edit whatever needs editing, or (and do this only if you're absolutely fine with repercussions):
i) Either disable SIP for filesystem checks (NOT recommended)
ii) selectively enable /etc/hosts in /System/Library/Sandbox/rootless.conf (which labels all files and causes the setting of the "restricted" flag).
Related
"broken link phenomena", means in the part of the kernel organization/awareness/healthy-way-of-arranging itself (equivalent with read-only system files in linux, for example that are not for human tweaking and if one tries to remove or put things there in a raw way (straight "sudoing" or from #root), could make a bad thing).
(Obviously if an application depends on that kext, at call time or boot time, will complain, but i am referring to the healthy flowing of the kernel).
(The question comes because in many sites, they tell: "If the kextunload doesn't work, go and force it with rm -rf", and that doesn't look very accurate/prudent).
My tries:
kextunload:
% sudo kextunload SamsungPortableSSDDriver.kext
Executing: /usr/bin/kmutil unload -p /Library/Extensions/SamsungPortableSSDDriver.kext
after ls, kext file remains in /Library/Extensions directory, and no appreciable event (feedback) seemed to happen (no message, nothing. Just the prompt back again).
rm -rf:
% sudo rm -rf SamsungPortableSSDDriver.kext
after ls, kext file looks to be (permanently) deleted (and the application depending on it, correctly complains about the absence of its needed component). (I obviously make a backup of the kext bundle in another place, anytime i experiment with this things).
Thank you.
I like to include my Firefox profile directory in my automated backups but I don't really want to back up cached pages/images. I've searched high and low but everything I've found is either outdated (delete the contents of the [ffprofile]\Cache folder) or the instructions delete the entire contents of the profile directory! There must be some way to do this with modern FF builds...
I don't think there is a command line option to clear the file caches directly (patches accepted, though, I suppose. ;> ). As a workaround, though, you can clear the caches through this method via the command line:
# Create a test profile (Do this once)
PROFILENAME=testProfile
PROFILEDIR=/tmp/profileDir
$ firefox -no-remote -CreateProfile $PROFILENAME $PROFILEDIR
# Clear the cache of the profile (Do this every time you want to run the script)
# This uses the mac osx path for caches
# See http://forums.mozillazine.org/viewtopic.php?f=38&t=502357 for more information about where the caches are located on different operating systems
rm ~/Library/Caches/Firefox/Profiles/*.${PROFILENAME}/entries/cache2/*
Note that I tested this on Mac OSX, and it works fine, although it's somewhat of a hack to get around the lack of a profile identifier.
For anyone else who might struggle with this: just go to about:cache - the location of the cache files is listed in the 'disk' section under 'Storage disk location'. Once you have the location, append "\entries" and do a simple "del /f /q [location]"
Here is what I am trying to do: I need to know whenever a file is read or used by a tool (e.g. compiler). I use ls to get the last accessed time using the following command
ls -l --time=access -u --sort=time --time-style=+%H:%M:%S
or
stat "filename"
But my files access times are not getting updated, I figured its because of caching! please correct me if I am wrong. So my next step was how can I clear the cache, researching it I came across some variations of the following command:
sync && echo 3 | sudo tee /proc/sys/vm/drop_caches
The thing is even after I execute this command my file access time is not updated! My way of testing access time is by opening the file in gEdit or call gcc on my source file.
My setting: Ubunto 12.0.4 running on VMware, which is running on Win 7
Question: what am I missing or doing wrong that my access time is not being updated??
What you're observing is the change in the default mount option starting 2.6.30 in order to bring about filesystem performance improvement.
Quoting from man mount:
relatime
Update inode access times relative to modify or change time.
Access time is only updated if the previous access time was ear‐
lier than the current modify or change time. (Similar to noat‐
ime, but doesn't break mutt or other applications that need to
know if a file has been read since the last time it was modi‐
fied.)
Since Linux 2.6.30, the kernel defaults to the behavior provided
by this option (unless noatime was specified), and the stricta‐
time option is required to obtain traditional semantics. In
addition, since Linux 2.6.30, the file's last access time is
always updated if it is more than 1 day old.
(Also refer to this and this.) You might be looking for the following mount option:
strictatime
Allows to explicitly requesting full atime updates. This makes
it possible for kernel to defaults to relatime or noatime but
still allow userspace to override it. For more details about the
default system mount options see /proc/mounts.
I set the HOME variable in /etc/launchd.conf using the following line: setenv HOME /Users/student
Now the machine wont boot at startup. I tried holding shift at startup but safe mode doesn't seem to be working. I tried holding cmd+s on startup and got into single user mode. I was able to bring up the /etc/launchd.conf file but I can not save/overwrite the existing file due to permission issues.
Is there some way to reset this file from single user mode or other to fix this? I'm open to other approaches as well. I am not a unix/linux power user by any means, fyi :)
Thank you in advance.
I'll give you two options, but first a warning: both of these involve using the command line to undo the damage, and if you do it wrong there's a possibility you'll make it even worse. A backup would've been a good idea, but it's a little late for that (well, actually, there are still ways to do it, but they also involve a risk of getting it wrong...). So whatever your do, be careful.
Option 1: use single-user mode (Command-S at startup). This will leave you running as root, which means you are not subject to normal file permissions; after remounting the startup disk for write access (mount -uw /) you should not get permissions errors. You said this didn't work; the most likely thing is that you mistyped the command (I see this happen a lot -- people either leave out the "/", or the space between "-uw" and "/"). Hint: if the mount command prints anything (other than the prompt for the next command) you typed it wrong. If that still doesn't do it, check the file's flags and metadata with ls -leO# /etc/launchd.conf and report the results.
Option 2: use recovery mode (Command-R at startup). This boots from a small hidden partition with a minimal copy of OS X. In recovery mode, pull down the Utilities menu and choose Terminal. This is actually a fair bit like single-user mode, except that the normal startup disk won't be /, it'll be /Volumes/Macintosh HD (or whatever it's named), and it'll already be mounted for write access. Since there's (probably) a space in the volume name, you'll have to quote or escape it:
$ cd "/Volumes/Macintosh HD"
$ mv launchd.conf launchd.conf-disabled
I have a shell script that mounts an smb share. It works perfectly on all macs with every OS revision except 10.7.5
The offending command is simply:
mount -t smbfs -o nobrowse //test:test#servername/sharename /my/mnt/point
When I attempt this command on a 10.7.5 mac, it fails either with a "broken pipe" or "authentication failed" error. However, it works fine on macs running 10.7.4, 10.6, 10.8 etc.
Can anyone successfully use this command on 10.7.5?
Is there any alternative way of achieving this, or troubleshooting exactly why this error is happening? I'm running out of ideas!
Since feature requests to mark a comment as an answer remain declined, I copy the above solution here.
Thanks for the replies. The problem was two fold: firstly, for some reason you cannot run this command as root in 10.7.5, and secondly you cannot mount outisde of /Volumes. Strangely this seems to work in all other OS revisions. I have worked around this problem by mounting my share in /Volumes and then creating a sym link to the desired mount point:
mkdir -p /Volumes/share
sudo -u localadminuser mount -t smbfs -o nobrowse //user:pass#server/share /Volumes/share
ln -s /Volumes/share /location/that/I/prefer/to/mnt
I hope this helps someone out. No idea why 10.7.5 changes this. – BSUK
There are many reasons why the mount will not work. Some of the reasons include:
Time between server and client being too different
Workgroup name not specified on the mac
Local hostname uses non-latin characters
Encryption is too strict between the mac and the server
To solve the time; set the time.
I've seen broken pipe/authentication errors most often when you don't use a workgroup name for the connection. A connection string looking like generally works better than one without any workgroup:
//WORKGROUP;user:50000#192.168.2.1/Share
... assuming that the 50000 is the password for the user user should allow the connection. Generally, you just need to have a string before the semi-colon, it can read anything; it just needs to be there.
To solve the local hostname issue click on an interface, choose advanced go to the WINS tab and make sure that the name doesn't have any foreign characters there.
If the encryption is too strict, you will need to edit the nsmb.conf. I have a set of lines looking like:
[server1]
minauth=none
for an ancient BSD server which cannot deal with encrypted passwords. You can have this in either an /etc/nsmb.conf or ~/Library/Preferences/nsmb.conf file.
This may not address your issue, but it may help you in trying to proceed.
Unfortunately, saying it works on box x and not on box y doesn't really help, as there could be any arbitrary configuration difference between them.