OSX

Protection for sensitive files when using Apache on an HFS+ volume

Posted on March 6, 2008. Filed under: Apache, Hosting, Leopard, OSX, Servers | Tags: , , , |

Security Update 2004-12-02 makes changes to the httpd.conf file. After a successful update, the Apache configuration file will deny access to the following files:

  • */..namedfork/data
  • */..namedfork/rsrc
  • */rsrc
  • rsrc
  • .ht* (case insensitive)
  • .ds_s* (case insensitive)

Warnings:

  1. The configuration changes that block named-fork exposure apply only to the default webserver, apache1. If you’ve chosen to use Apache2, it’s recommended that you serve content from a UFS volume.
  2. For important related information, see “mod_hfs_apple” protects web content against case insensitivity in the HFS file system. (more…)
Advertisements
Read Full Post | Make a Comment ( 1 so far )

Apple’s XSAN 2 with OSX Leopard

Posted on February 22, 2008. Filed under: Leopard, OSX, Software | Tags: , , , , , , |

In the first major upgrade to its Storage Area Network (SAN) file system, Apple on Tuesday introduced Xsan 2, adding a new feature called MultiSAN and making it easier for first time users to get up and running. “The feedback we’ve heard from customers is that a SAN is too difficult to setup, so one of the goals in this release was to make SAN simpler,” Eric Zelenka, senior product line manager server & storage software, told Macworld.

One of the ways Apple has accomplished this is with the SAN Setup Assistant, which is integrated into Mac OS X Leopard Server or as an application that can be run on its own. When first setting up Mac OS X Server, a fourth option automatically appears if you have a Fibre Channel card installed. The setup assistant will do all the heavy lifting for you, setting up everything including Open Directory permissions.

Xsan 2 also includes a new feature called MultiSAN for users who need to access multiple Xsan volumes from the same workstation or server. Zelenka pointed to examples like a newsroom with separate SAN volumes for production and broadcast.

“Tens of thousands of businesses, from small video post-production houses to large data centers and TV stations, use Xsan as their clustered SAN file system,” said Zelenka. “Now with Xsan 2, businesses can efficiently share and access their data faster and easier than ever before.”

In addition, Apple said that Leopard Server features such as iCal Server, Mail Server and Podcast Producer, can now integrate with Xsan 2 to support clustered file systems, improving performance and scalability and reducing the impact of a service outage from the loss of any one server.

Xsan 2 has also been qualified with third-party RAID storage hardware from Promise Technology in configurations tuned and optimized for Xsan.

Apple has qualified Xsan 2 with Xserve, Mac Pro and Apple Fibre Channel PCI-X cards. Xsan 2 requires that Mac OS X version 10.5 or Mac OS X Server version 10.5 software be installed and will support qualified Fibre Channel switches from vendors such as Brocade, QLogic and Cisco, and RAID storage hardware including Xserve RAID and Promise VTrak E-Class RAID subsystems.

Xsan 2 is available immediately for $999.


Read Full Post | Make a Comment ( None so far )

Basic Command Line Utilities, Tips, & Commands

Posted on February 20, 2008. Filed under: Hosting, Leopard, OSX, Servers, Software | Tags: , , , , , , , |

Many Mac users avoid the command line altogether, a reasonable amount probably don’t even know it exists. For the curious out there, here are some basic and essential commands and functionalities to know if you want to get started using the Mac OS X Terminal. We’ll cover simple file manipulation, maneuvering in the file system, displaying and killing processes, and more. Remember to remove the brackets or the commands won’t work. (more…)

Read Full Post | Make a Comment ( 1 so far )

Integrating OSX Clients with an OpenLDAP Directory

Posted on February 19, 2008. Filed under: Hosting, OSX, Servers, Xserve | Tags: , , , , , |

This is an article by Adam Shand  you can view the original article at http://www.spack.org/wiki/AppleOsxIntegrationWithOpenLdap.

Where I work is primarily a RedhatLinux shop, with a smattering of MicrosoftWindows, SgiIrix and Apple Osx. While we will remain primarily a Linux house for cost reasons, Apple Osx is becoming an increasingly important part of our corporate workflow due to our dependence on quicktime, the increasing number of applications available and the increasing preference of both our artists and IT staff.

Because we already had a huge Linux infrastructure built I didn’t want to mess about with Netinfo or using an OSX Server as a bridge between our Macs and our LdapAuthentication infrastructure. I wanted our Mac’s to play nicely in our existing world, this meant that authentication, naming (users, groups etc) and automount all had to work with as little fuss or differences as possible. (more…)

Read Full Post | Make a Comment ( 1 so far )

Need for a personal server? iServe?

Posted on February 18, 2008. Filed under: Apache, Leopard, OSX, Servers, Software | Tags: , , , , |

Consumers are increasingly investing in three forms of digital content (content that lives primarily on hard drives):1) commercial content, such as music, TV shows, and now movies; 2) personal content, such as photos and home video; and 3) hybrid content, commercial or public content that consumers have recorded or downloaded, such as TV shows saved on personal video recording (PVR) devices like Tivo and content downloaded from Internet sites like Google Video. (more…)

Read Full Post | Make a Comment ( None so far )

Installing WordPress on Mac OS X Tiger

Posted on February 18, 2008. Filed under: Content Management, OSX, Software, Web Development | Tags: , , , , , , , , |

Of the many options out there, many people choose to run their own blogging software as opposed to a managed service like Blogger or TypePad. On the software side, there are many decent tools available, such as Six Apart’s Movable Type (we have a tutorial for installing MT as well). WordPress is another mature, capable and free blogging engine that is very popular with many bloggers (like its founding developer, Matt Mullenweg) and rapidly gaining in popularity across the Web. WordPress is an excellent choice for a personal or professional blog, and the price is right, too. This tutorial will show you how to install WordPress 1.5.1.3 on OS X 10.4 Tiger. (more…)

Read Full Post | Make a Comment ( 2 so far )

Installing Movable Type on Tiger

Posted on February 13, 2008. Filed under: Apache, Hosting, Leopard, OSX, Servers, Software, Web Development | Tags: , , , , , , , , |

One of the biggest phenomenons to hit the Internet in the past few years has been the personal weblog: blog for short. A blog is basically a Web site that allows its owner to post his thoughts, ideas and daily happenings. Some use it as a personal diary, some as a soapbox for their beliefs.

Note: This article is written for installing Movable Type on “Tiger” (Mac OS X 10.4.x). The Panther and older OS X versions of this article, have been relocated to their own seperate, permanent pages. (more…)

Read Full Post | Make a Comment ( 6 so far )

Leopard Server: Using ACLs with Open Directory

Posted on February 7, 2008. Filed under: Leopard, OSX, Servers, Software, Web Development | Tags: , , , |

In Leopard, Workgroup Manager supports rudimentary ACLs for the LDAP database. We’re all familiar with Access Control Lists by now. Especially in the Mac OS X Server community. However, we might not all be familiar with ACLs as they’re implemented in LDAP. But we should be, because LDAP is being used more and more as an address book, and with the new Directory application being shipped in Leopard it is conceivable that environments aren’t just going to use ACLs to secure LDAP but they’re also going to use them to allow users to self update their information in the directory. So in the interest of security and making the most out of the technologies build into LDAP, let’s cover LDAP ACLs for a bit. So to push beyond what you can do in Workgroup Manager, let’s take a look at building out more finely grained ACLs manually. (more…)

Read Full Post | Make a Comment ( None so far )

Apple Remote Desktop Directory-based Authentication

Posted on February 7, 2008. Filed under: Leopard, OSX, Servers, Software | Tags: , , , , , , |

One of the great gems of Apple Remote Desktop 2, and while it’s not hidden in the documentation, no one seems to have sung its virtues – until now.
You’re going to love how easy this is…

I’m making a couple assumptions here, so before we start, here they are: You already have ARD 2 installed and set up to administer your client machines with a local account. You have LDAP set up, and your client machines are already bound into the domain.

The theory behind this is creating groups in Workgroup Manager, and then adding users who you want to be authorized to use ARD into those groups. There are 4 groups, ard_admin, ard_interact, ard_manage and ard_reports.

ard_admin will have access to all functions of ARD, ard_interact is simply interaction (like you’d get with VNC alone) with the client, ard_manage allows for more advanced features, and ard_reports can only generate reports from the ARD clients. For a clearer idea, check out the Interact, Manage and Reports items in the menubar of ARD.

Create your groups in Workgroup Manager – you don’t need to add all 4, you can pick and choose which you would like, and they can be created with any GID, it’s only the name which must be exact. Then add your ARD administrative users to their appropriate groups.

To set up the clients, you can either create your own Client Installer, or you can change your existing client settings (under the Manage menu bar item). Using the “Change Client Settings” as an example, click through the screens until you get to the “Incoming Access” screen. From here click the “Set authorized groups to:” checkbox. Keep continuing through once you’ve done this, and eventually you’ll be able to set your selecting machines with these settings.

Do check out some of the other options you can apply to your client machines using this tool, it allows you to set up, or remove local admin users, and set up other tools like openWBEM.

Once you’ve pushed out these setting to your clients, set up the computers you wish to manage in ARD, and put yourself into one of the ard_* groups, you can use your own username and password to add the clients to your computer lists. This will also make your administrative life much easier if you want different ARD users to have different abilities.

Read Full Post | Make a Comment ( None so far )

W3C HTML Validator on OS X

Posted on January 30, 2008. Filed under: Leopard, OSX, Software, Web Development | Tags: , , , , , |

Installing the W3C HTML Validator on Mac OS X

Building a website is a complicated process, and testing your finished product on every possible browser can be even more daunting. However, because modern browsers such as Safari, Mozilla, and Internet Explorer 6 are compliant with the World Wide Web Consortium’s (W3C) standards, testing your pages with the W3C Validation Tool is a great way to ensure that your pages work with modern browsers. The W3C Validator provides a line-by-line level of feedback, such as error information with references to the standards, on any URL you submit or HTML file you upload.

But what if your pages are accessible only within your firewall? Or what if your organization is reluctant to have their pages submitted to any external site for validation—even if it’s fully automated? (more…)

Read Full Post | Make a Comment ( 1 so far )

« Previous Entries
  • Blog Stats

    • 159,752 hits
  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 21 other followers

Liked it here?
Why not try sites on the blogroll...