In macOS 10.13, if you use Disk Utility to create a new image from a folder, it will be APFS formatted.
These images can only be read on 10.12 or newer, and there’s no option to pick a different format in the GUI.
Instead you can use hdiutil in Terminal make a folder into an HFS+ disk image:
hdiutil create -srcfolder /my/folder -fs HFS+ /my/image.dmg
If you have Macs that were cloned from an already-activated system (either via monolithic imaging, or one-off machines that were migrated or experienced hardware failure) you will find that your Office 2016 activation is broken. You will also find that Munki doesn’t know it needs to re-run the Office 2016 serializer since a receipt already exists for it.
I was able to work around this by adding a couple scripts to the serializer’s pkgsinfo. First I added an installcheck_script that looks for a file in /Users/Shared which contains the serial of the computer on which Office was activated. If it doesn’t match the computer’s serial, or if it doesn’t exist, then the serializer package will run. Then we use a postinstall_script to write the serial number of the current computer to this file so we know it’s been activated on this machine and doesn’t need to run again.
installcheck_script:
#!/bin/bash
machineserial=`system_profiler SPHardwareDataType | awk '/Serial/ {print $4}'`
activatedserial=`cat /Users/Shared/.office2016activatedserial`
if [[ $machineserial == $activatedserial ]]; then
exit 1
fi
postinstall_script:
#!/bin/bash
system_profiler SPHardwareDataType | awk '/Serial/ {print $4}' > /Users/Shared/.office2016activatedserial
When adding Epson EasyMP Multi PC Projection 2.1.0 to Munki, I found that the built-in postinstall script fails.
Some digging revealed that the script was expecting a file to exist at </tmp/mpp-72B3FDFF-9513-4CED-96C3-34881FC77AB8>. It reads that file and uses the value contained for the “ClientMode” preference in </Library/Preferences/com.epson.EasyMP_Multi_PC_Projection.Settings/mppsettings.xml>
On a successful install the the GUI, that preference is just the integer “0”. So I added the following preinstall script to my Munki pkgsinfo.
#!/bin/bash echo "0" > /tmp/mpp-72B3FDFF-9513-4CED-96C3-34881FC77AB8
The postinstall script is appeased and EasyMP Multi PC Projection 2.1.0 installs successfully. No direct modification or repackaging necessary.
SSH keys can provide an additional layer of security (if you also disable password authentication on the server), or they can simplify the process of connecting to remote servers. For our purposes we’re interested in the latter – connecting to the server without entering a password.
The basic idea is that you create a public/private key pair on your computer, then upload the public key to the remote server. When you connect to the remote server, your computer can use the private key to authenticate instead of entering your password.
First we’ll create the key:
ssh-keygen -f ~/.ssh/id_rsa -N ""
If a key already exists, you’ll be asked if you want to overwrite it. If this happens you can respond by pressing “n” (no) and continue to the next step.
Next we need to upload the key to the server. Replace “user” with your username, and “host” with the address of the SSH server.
ssh-copy-id -i ~/.ssh/id_rsa user@host
If it worked, you should now be able to SSH to the remote host without entering your password.
DesktopPictureProfileCreator is a simple bash script that generates mobileconfig profiles for managing the desktop picture on macOS computers.
Run the script followed by the path to the image you want to set as the desktop picture. For example “sh DesktopPictureProfileCreator.sh /Library/Desktop\ Pictures/Aqua\ Blue.jpg”. Whatever path you specify must exist in the same location on the computer(s) you intend to deploy it to.
The profile will be created on the desktop of whichever user runs the script. In the example above, the profile would appear at ~/Desktop/Desktop-Aqua-Blue-jpg.mobileconfig
For more info and to download, check out my mobileconfigs repository on GitHub.
I recently switched my CentOS 7 web server over to Nginx and php-fpm.
From my experience with Apache I assumed that PHP scripts would be executed by the same user the web server is running as — ‘nginx’ in this case. But this could no longer be taken for granted since php-fpm is a separate process from the web server.
In my configuration php-fpm was actually running as the ‘apache’ user. This meant any files that need to be writable by PHP scripts should still be owned by that user or group rather than ‘nginx’.
A common scenario where this matters is if your users need to be able to install WordPress updates, Plugins, or Themes via the browser without entering additional credentials. In order for this to work, the web server (or in this case, php-fpm) must be able to write to the files in question.
If you are wrestling with file permissions, or are unsure of the correct permissions to set in this scenario, be sure to confirm which user and group are specified in /etc/php-fpm.d/www.conf
# grep "^user\|^group" /etc/php-fpm.d/www.conf user = apache group = apache
Or you can check the actual running process with pstree:
$ pstree -ua | grep "nginx\|php" |-nginx | |-nginx,nginx | |-nginx,nginx | |-nginx,nginx | |-nginx,nginx | |-nginx,nginx | |-nginx,nginx | |-nginx,nginx | `-nginx,nginx |-php-fpm | |-php-fpm,apache | |-php-fpm,apache | |-php-fpm,apache | |-php-fpm,apache | |-php-fpm,apache | |-php-fpm,apache | `-php-fpm,apache
UPDATE: This no longer works for me because a recent firmware update removed the Restart command from the web interface.
Periodically my Motorola SURFboard SB6141 cable modem stops talking to the outside world. I don’t know why, but restarting the modem fixes it every time. Rather than having to regularly power-cycle it by hand – or, heaven forbid, buy new hardware – I decided to schedule an automatic reboot.
The modem itself doesn’t have a facility for automatic reboots, but it has a web page with a button to restart it! <http://192.168.100.1/cmConfig.htm> So all we have to do is automate the clicking of that button.
If you have this model, or a similar one, this command should work. Just paste it into your terminal/console program and hit Enter, and see if you temporarily lose connectivity to the Internet. If you do, then it worked:
/usr/bin/curl http://192.168.100.1/reset.htm -G -d reset_modem=Restart%20Cable%20Modem > /dev/null
Once you verify it works for your modem, add it as a cron job. Mine looks like this, running daily at 4:30am:
30 4 * * * /usr/bin/curl http://192.168.100.1/reset.htm -G -d reset_modem=Restart%20Cable%20Modem > /dev/null
Tips:
A number of Yosemite Macs are having problems with our organization’s Wi-Fi captive portal.
If you don’t first sign in via the window presented by Captive Network Assistant, the system appears to have zero network connectivity. You can’t ping anything, you can’t perform DNS lookups, etc. It’s as if the OS is actively blocking all attempted connectivity until it knows you have succeeded in authenticating.
Consequently, Browsers throw errors instead of presenting our captive portal page. This is a big problem, since in many cases the Captive Network Assistant app was previously disabled or deleted!
I found I could whitelist our network so that it lets applications try connecting even if the Captive Network Assistant has not yet been placated.
Just copy the command below, replacing NAMEOFNETWORK with the SSID of your captive portal network. A reboot may be necessary, but it may also be enough to simply switch Wi-Fi off and on again.
sudo /usr/libexec/PlistBuddy -c "Add ScrapingParameters:DisabledRealms:0 string @NAMEOFNETWORK" /Library/Preferences/SystemConfiguration/CaptiveNetworkSupport/Settings.plist
AirPrintProfileCreator is a simple bash script which aids you in creating mobileconfig profiles that enable iOS devices to print to a CUPS server.
Download and run the script on your server (“sudo sh AirPrintProfileCreator.sh”) and follow the prompts on screen. When the profile has been created, you can install it on your iOS device via Configurator, MDM, or just post it online or email it to yourself.
The script should work on any recent Mac or other *nix systems with CUPS installed, but I have only tested on OS X v 10.9. Your CUPS server must have a static/reserved IP.
For more info and to download, check out my mobileconfigs repository page on GitHub.
Thanks to Configuration Profiles, it is now possible to print to any printer that’s shared using CUPS, including both Mac OS X and Linux servers, without help from third-party software.
Aside from the obvious benefit of being free, the great thing about this approach is that the print server does not have to broadcast its presence on the same network as the iOS device. It works across routable subnets or even VPN connections.
Before you begin, please make sure you have all of the following:
Enable Printer Sharing
Create Profile
Install Profile
There are many ways you can send the profile to your iOS device(s). Here are a few ideas:
Conclusion
Once your profile has been installed, try printing from any app. Your printer should appear automatically. If it doesn’t, here are a few things you can try: