Fibres [Part 1] Mac OS

broken image


As Mac Adminstrators, we often have to deal with user privileges for files and processes. While doing that we will use administrator privileges and sudo without as much as a second thought.

Natural fibres and synthetic fibresDownload our App: or fibres (see spelling differences). Perseverance: Part 1 is the first installment of a horror & drama story revolving around two different characters whose paths will cross in the middle of horrific events. In Part 1 you play as Jack Cutter, a father who is struggling to keep his family together. He's a ‘go-to' guy in his hometown of Grey Ville. Classic Mac OS, in contrast, had no concept of multiple users built-in to the system. Any person sitting down at a Mac (and any process launched on that Mac) could access and change anything on that system. There were some attempts at adding multi-user functionality to classic Mac OS, but they were ‘added on, not built-in' and fairly easy.

However, a proper understanding of what these privileges and processes actually do and mean, can help prevent many problems when managing Macs.

  • Part 1: Demystifying root(this post)

Some History

macOS is based on BSD Unix, which stems back to a time where large mainframes were so expensive they had to be shared among many users. Users and their access privileges control what any user can read, write, or change in the system. These rules prevent conflicts and data loss or theft. When managing these users and their access privileges, there had to be a first, ‘top', or ‘super user' which has access to anything.

In Unix and Unix-like systems this user account is traditionally called root. In macOS this user is often also called ‘System Administrator'.

Mac

Classic Mac OS, in contrast, had no concept of multiple users built-in to the system. Any person sitting down at a Mac (and any process launched on that Mac) could access and change anything on that system. There were some attempts at adding multi-user functionality to classic Mac OS, but they were ‘added on, not built-in' and fairly easy to circumvent when a user knew what to do.

User and process management was one of the main benefits Apple touted for the various ‘next generation' systems Apple introduced in the 90s to succeed classic Mac OS. When Apple bought NeXT and with it the NeXTStep operating system it inherited the unix model of doing so.

Even though the concept of sharing your computer is now relegated to some classroom labs and supercomputer clusters, this model still is present in every macOS and iOS device today. On iOS it is completly invisible to the user, unless a jailbreak is applied. On macOS, however, users and especially admins have to deal with it every day.

Users on macOS

To create a new user on macOS you have go to the ‘Users & Groups' Preference Pane in System Preferences. Before you can add a new user, you have to unlock the preference pane by clicking the lock icon in the lower left corner. Then the system will prompt for an username and password with adminstrative privileges.

When the account you are logged in as has admin privileges, its name will be pre-filled. When the account is a standard user the username field will be empty and you can enter another user's name and password.

Once the pane is unlocked, you can hit the ‘+' icon under the user and will be offered four choices for a new user (from the popup menu next to ‘New Account':

  • Administrator
  • Standard (the default)
  • Managed with Parental Controls
  • Sharing Only

There are three types of users not present in the popup list

  • Guest
  • System Administrator
  • system services users

The difference between Administrator and Standard accounts is that Administrator accounts are members of the ‘Administrators' or admin group. This sound simple, but membership in this group bestows many additional benefits.

In day-to-day use Administrator accounts and Standard accounts behave the same. However, there are many situations and workflows on macOS which require authenticating as an Administrator account. As a general rule, a user can affect all the files (and applications) in their home directory and in /Users/Shared, but as soon as you want to change another user, another user's files or settings that affect all users on a system you need to authenticate as an Administrator account.

The first user created on an unmanaged Mac out of the box will always be an Adminstrator user. Most Mac users use an Administrator account. Many of the workflows built-in to macOS assume an adminstrator account. One example is setting up a new printer.

With an Administrator account you can install third party software. You can also install malicious software. Often malicious software will trick users into installing by masquerading as or hiding in an installer for something useful.

Many consider it a ‘best practice' to run your everyday work on your Mac with a standard account and only use an administrative account when you have to. However, since you get prompted to authenticate even with an administrative account, the better advice is to take these prompts very seriously and consider what confirming this prompt will really do or install.

The only difference you get when using a standard account is that you need to enter a different username and password in an authentication box instead of just the password. If this helps you pause and consider what you are actually doing, then great! Then this is the proper workflow for you.

However, I suspect that most users would be just as non-considerate of this dialog with a separate username and password as they would otherwise.

macOS Administrator Accounts

The only difference between Adminstrator accounts and Standard accounts is the membership of the admins group.

You can check whether a given user is a member of the admin group with the dseditgroup tool:

Recolit mac os. You can also use this tool to add or remove a user from the admin group:

This membership comes with many privileges. Admin users can (after authentication):

  • unlock System Preferences and change system settings
  • install Apple and third party software and installer packages
  • create, change, and delete files owned by other users
  • change access privileges and ownership of files of folders in Finder
  • run and stop (kill) processes owned by other users
  • use sudo in Terminal

and many things more.

On macOS these privileges are controlled mainly by two mechanisms:

  • sudo and the sudoers file
  • the authorization database

sudo is used to gain root privileges in the shell (Terminal). The authorization database controls access privileges everywhere else.

What root can do

The ‘System Administrator' or the root account controls the system. Mainly the root account can read, update, delete all local user accounts. It can control file and folder privileges and ownership. It can start system services running in the background and assign system network ports (with a port number lower than 1000). Most of this is managed by a process called launchd which is the first process to run on macOS.

Many commands require to be run as root or with elevated root privileges.

What root cannot do: System Integrity Protection (SIP)

On macOS, however, there are limits to what the root account can do. System Integrity Protection is a mechanism which protects important parts of the OS from mnodification, even withroot permissions.

Only certain processes signed by Apple are allowed to modify these protected files and directories. Usually this means Apple signed installer pkgs for software and security updates.

Apple lists a set of top-level directories that are protected. However, the list is a bit more detailed. You can use the -O (capital letter ‘O', not a zero) to see if a file or directory is protected by SIP:

Files and Folders marked with restricted are protected by SIP. Sometimes folders inside a protected folder may not be protected, as the /usr/local/ directory in this example is.

SIP provides more protection than just certain parts of the file system, it also protects changing the boot volume and some other aspects of the OS.

While these limitations on even the root account can be annoying, they provide a level of security that parts of the OS have not been tampered with or changed by other software.

Enabling (and Disabling) root

On macOS the root account exists with a UID of ‘0'. However, it is set up so you cannot log in to a Mac as ‘System Administrator' or root. (A terrible bug in early 10.13 provided a brief exeception to that rule.)

Note: login as root is disabled for security purposes. It is highly recommended that you leave the root account disabled on macOS and rely on sudo to gain temporary super user privileges when necessary.

If, for some reason, you do need to log in as root, then you can enable the root and provide it with a password. You can do so in either the ‘Directory Utility' application. After unlocking with your administrator password, you choose ‘Enable Root User' from the ‘Edit' menu. You can also change the root account's password here or disable it again later.

From the command line, you can also use the dsenableroot command:

will enable and/or update the root account. It will interactively ask for admin credentials and for a new password for the root account. Read the command's man page for details.

will interactively disable the root account again.

Becoming root

Different environments and tools have different means of gaining super user or root privileges. While the sudo command should be the preferred means of gaining temporary super user privileges, it is important to know and understand the other options.

LaunchDaemons

Scripts and tools executed from LaunchDaemons run as root unless a different user is specified in the UserName key in launchd property list. Forthegoldpanty mac os.

LaunchAgents on the other hand will be executed as the user logging in.

You can get details on how to set up and use LaunchDaemons here.

Run as root in ARD

When you prepare a ‘UNIX command' to be sent to remote computers in Apple Remote Desktop, you have the option of running the command as the currently logged in user or as a specific user. When you specify root as the user, the script will execute with super user privileges. Since the ARD agent process runs as root on the client, no extra authentication or enabled root account is necessary.

Management Systems

The agent software of most management systems (Jamf, Munki, etc.) is installed to run with root privileges. Therefore, scripts executed by management systems run with root privileges as well.

Installation Scripts

Installation packages also perform their task with root privileges. They also require administrator authentication to start. Any installation scripts (pre-/postinstall scripts) will also run with root privileges.

set-UID bits

There is a special bit you can set on an executable's mode (or privileges) which tells the system to run this script as the file owner, no matter who actually runs the executable. If the executable file is owned by root it will run with root privileges.

This flag is the 'set-user-ID-on-execution bit', also called the 'Set-User-ID'-bit or just 's-bit'.

In the long ls format or with the stat command the set-user-ID bit is shown as an ‘s' in place of the user's x bit. One example is the ps command:

Use chmod's u+s to set the set-user-ID bit and u-s to remove it:

Warning: Obviously it is very important that this executable is not modifiable by other users. They would be able to replace the command with their own code and execute anything with root privileges. Most system commands that have the s-bit set on macOS are protected with SIP.

The sudo command

As mentioned before, the recommended way of gaining super user privileges from the command line in macOS is the sudo command. The name means ‘super user do' and will perform the following command with root privileges after verifying the user running sudo has the permission to do so.

We will look at the sudo command in detail in the next post.

  • Part 1: Demystifying root(this post)

Dec 21, 2020 • Filed to: Solve Mac Problems • Proven solutions

While there are many methods available to the users to recover or reinstall their Mac OS X, in this article, we shall keep our focus on the re-installation that is carried out through the Internet Recovery mode. Critical data can be lost if the OS isn't recovered, and to overcome that issue, it is important to learn about the reinstallation process of Mac OS X through the Internet Recovery mode. Oxo (beeskneesgames) mac os. While users are free to make their choice when it comes to opting for a method, the Internet Recovery mode certainly surpasses many others, and in the following article, we shall understand why.

Part 1 When to Go for Mac Internet Recovery for Mac OS X

We shall answer the above question by classifying it into a series of sub-questions. To start with, let us understand what Mac Internet Recovery is.

What is Mac Internet Recovery?

Fibres Part 1 Mac Os Download

The recent models of Macs come with the functionality of starting up directly from an Internet-based version of the Mac OS X Recovery. This is particularly helpful in the case where the startup drive encounters an issue, or worse, is missing the OS altogether. The erase or wiping can happen accidentally or due to some software bug and can cause disruption to the user. Through Mac Internet Recovery, users have the option to start their Mac directly through the Apple Servers. When the users use this mode to start their systems, the system performs a quick storage space test along with checking the hard disk for any other hardware bugs.

Why should you use Internet Recovery to reinstall Mac?

Well, this one of the most frequently asked questions amongst the ones operating Mac Systems. Why take all the trouble and opt for Internet Recovery instead of going the conventional way? In the following points, we list the reasons that make reinstallation of Mac through Internet Recovery an intelligent option.

  • One doesn't need an Operating System disc to perform the reinstallation. This is helpful in cases when you are not carrying the OS disc and want to perform the Mac reinstallation immediately to carry on with your work.
  • There is no need for the user to download separate Operating System files. The Internet Recovery mode will download the installer files, and as a user, you are saved from the trouble of downloading them yourself.
  • The method is less complicated than the conventional method of downloading and installing the Mac OS X. This is helpful for users who aren't very keen on the technical aspects of the installation process.

What should I do before opting for Internet Recovery?

Here are the points that must be kept in mind before going for the reinstallation of Mac through Internet Recovery mode:

  • For obvious reasons, you must have an internet connection. Users must use their DHCP on the WiFi or any Ethernet Network to install the Mac OS X.
  • For the ones who have purchased the OS X from any Apple Store, they might be prompted to enter an Apple ID or password that was used to purchase the OS X.
  • Users must note that the time taken for the reinstallation of OS X directly depends on the speed of the internet connection being used. Please ensure that the Internet settings are compatible with the Mac OS X Recovery. In the case of incompatible settings, the installation process could be halted midway.

Part 2 How to Reinstall Mac OS X with Internet Recovery Mode

Here are the steps that are to be taken. We start with accessing the recovery mode on your Mac through the following steps:

1) Access recovery mode by holding down the Apple Key and R Key.

Fibres Part 1 Mac Os Catalina

2) Users must ensure that they are connected to the internet. We recommend that you use a private network for the same, and avoid any public network due to its configuration. Also, the installation file happens to be large which may take quite a lot of time on any public network.

3) Now, power off your Mac; Apple Shut Down. If you experience the OS not responding, simply press and hold the power button until the Mac switches itself off, and then wait for 30 seconds.

4) Power on your Mac. Hold the Apple Key and R key until you hear the chime noise. Once heard, it will start the OS X in Recovery Mode.

5) The final step has you tapping the ‘Install Mac OS X' and Continue in the OS X utility section of the screen to start the installation process. After that, there would be on-screen instructions to guide you through the entire process.

Video Tutorial on How to Boot Mac into Recovery Mode

Part 3 What to Do when Mac Internet Recovery Method Fails

It is possible that you might not be able to reinstall your Mac OS X successfully using the Internet Recovery Mode. While this can be a damper, it doesn't mean you cannot diagnose the problem behind it.

What if Recoverit Mode is not working? Go there and get solutions for 'Mac will not boot into Recovery mode'.

Why could have the Internet Recovery method failed?

  • Check that your internet connection is working. The Ethernet users must check for proper cable connections while the WiFi users must check the modem.
  • If you are on a public network, chances are that the internet settings might not be compatible with the installation process.
  • If the internet is too slow, the process could have abandoned itself as the file to be downloaded is quite large.
  • Please check that your Mac has a proper power connection. In the case of laptops, the battery should be enough. Losing your power midway can render your device useless.

Measures to be taken to ensure that the Internet Recovery Mode works:

  • As discussed above, we recommend that you opt for a private internet network to carry out the above process. This is because of the large size of the installation file and the hindrances you wish to avoid due to incompatible internet settings and slow internet speed.
  • Please ensure that it is sufficient in your system. Losing power in the process can render the device useless.
  • If the problem persists even when the above two measures have been taken, chances are that your hard disk has been corrupted completely, and therefore, consult a technical consultant for the same.

What if I lose critical data in the process?

For the ones who have lost critical data in the process, you can get reliable data recovery to help you retrieve your lost data back. Recoverit data recovery for Mac support to recover data from any storage device caused by any data loss scenario.

Recoverit - The Best Mac Internet Recovery Software

  • Recover data from all storage devices like MacBook hard drive.
  • Recover 1000+ types and formats of files in different situations.
  • Scan and preview the files before you recover them from MacBook hard drive.

Step 1. Download and install Recoverit data recovery for Mac. To recover lost data on Mac, please select a hard drive disk first where you want the lost data back. Click 'Start' to get started.

Step 2. A deep scan will immediately begin on your Mac hard drive. The lost or deleted files will be scanned in a while.

Step 3. Once the scan is over, the lost contents would be displayed, and the users can select their lost content and tap on 'Recover' to restore them to their Mac. However, users must be careful not to save the recovered data in its original location due to the risk of being overwritten.

The above information is helpful for anyone who is looking to reinstall their Mac OS X through the Internet Recovery mode. Please note that the Recovery Mode in Apple offers numerous functions to the users and therefore is a great tool to learn more about.

What's Wrong with Mac

Recover Your Mac
Fix Your Mac
Delete Your Mac
Learn Mac Hacks




broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save