Mac OS X Server Command-Line Administration For Version 10.5 Leopard Apple Inc. © 2007 Apple Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Every effort has been made to ensure that the information in this manual is accurate. Apple Inc. is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino CA 95014-2084 408-996-1010 www.apple.com The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the "keyboard" Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AppleScript, Bonjour, iCal, FireWire, iMac, iPod, iTunes, Keychain, Mac, the Mac logo, Macintosh, Mac OS, Power Mac, QuickTime, Xsan, Xgrid, and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries. ARD, Finder, Leopard, and Spotlight are trademarks of Apple Inc. Apple Store is a service mark of Apple Inc., registered in the U.S. and other countries. Adobe and PostScript are trademarks of Adobe Systems Incorporated. The Bluetooth® word mark and logos are registered trademarks owned by Bluetooth SIG, Inc. and any use of such marks by Apple is under license. Intel, Intel Core, and Xeon are trademarks of Intel Corp. in the U.S. and other countries. PowerPCTM and the PowerPC logoTM are trademarks of International Business Machines Corporation, used under license therefrom. UNIX is a registered trademark of The Open Group. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance of these products. 019-0947/2007-11-01 1 Contents Preface 15 16 16 16 16 16 17 17 18 19 19 20 20 21 21 21 22 23 23 24 25 26 26 26 26 26 27 27 28 29 About This Guide Using This Guide Understanding Notation Conventions Summary Commands and Other Terminal Text Command Parameters and Options Default Settings Commands Requiring Root Privileges Mac OS X Server Administration Guides Viewing PDF Guides Onscreen Printing PDF Guides Getting Documentation Updates Getting Additional Information Executing Commands UNIX 03 Certification Opening Terminal Specifying Files and Folders Standard Pipes Redirecting Input and Output Using Environment Variables Executing Commands and Running Tools Correcting Typing Errors Repeating Commands Including Paths Using Drag and Drop Searching for Text in a File Commands Requiring Root Privileges Terminating Commands Scheduling Tasks Sending Commands to a Remote Computer Viewing Command Information Chapter 1 3 Chapter 2 31 31 31 32 33 34 35 35 35 36 37 39 39 41 41 42 42 42 43 45 45 48 49 49 49 50 51 51 52 53 55 55 55 56 56 56 57 57 59 59 Connecting to Remote Computers Understanding SSH How SSH Works Generating Key Pairs for Key-Based SSH Connections Updating SSH Key Fingerprints An SSH Man-in-the-Middle Attack Controlling Access to SSH Service Connecting to a Remote Computer Using SSH Using Telnet Remotely Controlling the Xserve Front Panel Installing Server Software and Finishing Basic Setup Installing Server Software Locating Computers for Installation Specifying the Target Computer Volume Preparing the Target Volume for a Clean Installation Restarting After Installation Automating Server Setup Creating a Configuration File Working with an Encrypted Configuration File Customizing a Configuration File Storing a Configuration File in an Accessible Location Configuring the Server Remotely from the Command Line Changing Server Settings Using the serversetup Tool Using the serveradmin Tool General and Network Preferences Viewing, Validating, and Setting the Software Serial Number Updating Server Software Moving a Server Restarting or Shutting Down a Computer Restarting a Computer Automatic Restart Changing a Remote Computer's Startup Disk Shutting Down a Computer Shutting Down While Leaving the Computer on and Powered Manipulating Open Firmware NVRAM Variables Monitoring and Restarting Critical Services Setting General System Preferences Viewing or Changing the Computer Name Chapter 3 Chapter 4 Chapter 5 4 Contents 59 60 60 60 61 61 61 61 62 63 63 63 63 63 64 64 Chapter 6 65 65 65 66 66 66 67 67 67 67 67 68 69 70 71 72 72 73 74 75 75 76 76 77 78 78 Viewing or Changing the Date and Time Viewing or Changing the System Date Viewing or Changing the System Time Viewing or Changing the System Time Zone Viewing or Changing Network Time Server Usage Viewing or Changing Energy Saver Settings Viewing or Changing Sleep Settings Viewing or Changing Automatic Restart Settings Changing Power Management Settings Viewing or Changing Startup Disk Settings Viewing or Changing Sharing Settings Viewing or Changing Remote Login Settings Viewing or Changing Apple Event Response Creating the Groups Share Point Viewing or Changing Language and Keyboard Settings Viewing and Changing Login Settings Setting Network Preferences Configuring Network Interfaces Managing Network Interface Information Viewing Port Names and Hardware Addresses Viewing or Changing MTU Values Viewing or Changing Media Settings Managing Network Port Configurations Creating or Deleting Port Configurations Activating Port Configurations Changing Configuration Precedence Managing TCP/IP Settings Changing a Server's IP Address Viewing or Changing the IP Address, Subnet Mask, or Router Address Viewing or Changing DNS Servers Enabling TCP/IP Statically Configuring Ethernet Interfaces Creating, Deleting, and Viewing VLANs IEEE 802.3ad Ethernet Link Aggregation Managing AppleTalk Settings Managing SNMP Settings Setting Up SNMP Starting SNMP Configuring SNMP Collecting SNMP Information from the Host Managing Proxy Settings Viewing or Changing FTP Proxy Settings Contents 5 78 78 79 79 79 79 80 80 80 81 81 82 83 Chapter 7 85 85 85 86 86 86 87 88 89 91 91 92 92 93 93 93 93 94 94 95 95 95 96 97 98 99 99 100 Viewing or Changing Web Proxy Settings Viewing or Changing Secure Web Proxy Settings Viewing or Changing Streaming Proxy Settings Viewing or Changing Gopher Proxy Setting Viewing or Changing SOCKS Firewall Proxy Settings Viewing or Changing Proxy Bypass Domains Managing AirPort Settings Managing Computer, Host, and Bonjour Names Computer Name Hostname Bonjour Name Managing Preference Files and the Configuration Daemon Changing Network Locations Working with Disks and Volumes Understanding Disks, Partitions, and the File System Mounting and Unmounting Volumes Mounting Volumes Unmounting Volumes Displaying Disk Information Monitoring Disk Space Reclaiming Disk Space Using Log-Rolling Scripts Using the diskutil Tool Using the pdisk, disklabel, and newfs Tools Partitioning a Disk Labeling a Disk Formatting a Disk Troubleshooting Disk Problems Managing Disk Journaling Determining if Journaling Is Enabled Enabling Journaling for a Volume Enabling Journaling When You Erase a Disk Disabling Journaling Understanding Spotlight Technology Enabling and Disabling Spotlight Performing Spotlight Searches Controlling Spotlight Indexing Managing RAID Volumes Imaging and Cloning Volumes Using ASR Managing User and Group Accounts User, Group, Computer, and Computer Group Accounts Administering and Creating User Accounts Chapter 8 6 Contents 100 101 102 102 105 106 106 107 108 109 110 111 112 113 114 115 117 117 118 118 118 121 122 123 127 127 128 129 130 130 131 131 131 131 132 133 134 136 Chapter 9 137 137 138 138 Creating a Local Administrator User Account for a Server Creating a Domain Administrator User Account Verifying a User's Administrator Privileges Creating a Nonadministrator User Account Retrieving a User's GUID Removing a User Account Preventing a User from Logging In Verifying a Server User's Name, UID, or Password Modifying a User Account Managing Home Folders Administering Group Accounts Creating a Group Account Removing a Group Account Adding a User to a Group Removing a User from a Group Creating and Deleting a Nested Group Editing Group Records Creating a Group Folder Viewing the Workgroup a User Selects at Login Working with Managed Preferences Using MCX Extensions Determining Effective Managed Preferences Importing Users and Groups Creating a Character-Delimited User Import File Exporting Users and Groups Setting Permissions Viewing Permissions Setting the umask Setting for a User Changing Permissions Changing the Owner Changing the Group Securing System Accounts Securing Initial System Accounts Securing the Root Account Restricting Use of the sudo Tool Securing Single-User Boot Setting Password Policy Finding User Account Information Working with File Services Managing Share Points Listing Share Points Creating a Share Point Contents 7 140 140 140 141 141 141 141 142 142 145 146 147 147 148 149 150 151 151 151 151 151 152 152 152 152 152 153 153 155 155 155 156 156 156 156 157 157 159 160 161 161 162 162 Modifying a Share Point Disabling a Share Point Setting Disk Quotas Managing AFP Service Starting and Stopping AFP Service Viewing AFP Service Status Viewing all AFP Settings Changing AFP Settings Available AFP Settings Available AFP serveradmin Commands Viewing Connected Users Sending a Message to AFP Users Disconnecting AFP Users Canceling a User Disconnect Viewing AFP Log Files Viewing AFP Service Statistics Managing NFS Service Starting and Stopping NFS Service Viewing NFS Service Status Viewing NFS Service Settings Changing NFS Service Settings Managing FTP Service Starting FTP Service Stopping FTP Service Viewing FTP Service Status Viewing FTP Service Settings Changing FTP Service Settings Available FTP Service Settings Available FTP serveradmin Commands Viewing the FTP Transfer Log Viewing for Connected FTP Users Managing SMB Service Starting and Stopping SMB Service Viewing SMB Service Status Viewing SMB Service Settings Changing SMB Service Settings Available SMB Service Settings Available SMB serveradmin Commands Viewing SMB User Information Disconnecting SMB Users Listing SMB Service Statistics Updating Share Point Information Viewing SMB Service Logs 8 Contents 162 163 164 Chapter 10 167 167 169 169 169 169 169 172 173 173 173 174 175 175 177 177 177 178 178 178 178 179 180 180 181 182 182 182 183 183 184 184 185 185 185 186 186 Managing ACLs Using chmod to Modify ACLs Using fsaclctl to Enable and Disable ACL Support Working with the Print Service Understanding the Print Process Performing Print Service Tasks Starting and Stopping Print Service Viewing the Status of Print Service Viewing Print Service Settings Changing Print Service Settings Managing Print Service Listing Queues Pausing and Releasing a Queue Listing Jobs and Job Information Holding and Releasing a Job Viewing Print Service Log Files and Log Paths Viewing Cover Pages Working with NetBoot Service and System Images Understanding NetBoot Service Starting and Stopping NetBoot Service Viewing NetBoot Service Status Viewing NetBoot Settings Changing NetBoot Settings Changing General Netboot Service Settings The Storage Record Array The Filters Record Array The Image Record Array The Port Record Array Working with System Images Updating an Image Booting from an Image Using hdiutil with System Images Using asr to Clone a Volume or to Restore System Images Imaging Multiple Clients Using Multicast asr Choosing a Boot Device Using systemsetup Managing Mail Service Understanding Mail Service Postfix Agent Cyrus Mailman Chapter 11 Chapter 12 Contents 9 187 187 187 187 187 188 200 200 201 202 203 203 205 206 206 206 207 208 208 Chapter 13 211 211 212 212 212 212 213 213 213 214 214 214 214 216 217 218 218 221 221 222 222 222 Managing Mail Service Starting and Stopping Mail Service Checking the Status of Mail Service Viewing Mail Service Settings Changing Mail Service Settings Mail Service Settings Mail serveradmin Commands Viewing Mail Service Statistics Viewing Mail Service Logs Backing Up Mail Files Setting Up SSL for Mail Service Generating a CSR and Creating a Keychain Obtaining an SSL Certificate Importing an SSL Certificate into the Keychain Accessing Server Certificates Creating a Password File Configuring Mailboxes Enabling Sieve Scripting Enabling Sieve Support Configuring and Managing Web Technologies Understanding Web Service Managing Web Service Starting and Stopping Web Service Checking Web Service Status Viewing Web Settings Changing Web Settings Apache Settings and serveradmin Changing Settings Using serveradmin Web serveradmin Commands Listing Hosted Sites Viewing Service ...