This is the first in a series of planned tutorials for anyone who wants to find out what Terminal can do and how they can use it to increase the usability of their computer. Unlike other Terminal tutorials, I’m going to assume that you’re not interested in giving up the desktop for the command line to do things like move and copy files that you can do more easily in Finder. Rather, I’m only going to focus on those things that it’s generally more difficult (or impossible!) to do in the GUI than it is in Terminal.
Let’s get started. Open Spotlight (try the hotkey command + spacebar or click the spy glass in the top right corner) , then type term and press Return.
When Terminal opens, the first thing you may want to do is make the text a bit easier to see in the Terminal window.
Hold down command-shift-+ to increase the size. Try it a couple of times till the text is a comfortable size. If you overshoot, just use command- – (minus key) to reduce text size.
Now you’re sitting comfortably in your Terminal window, let’s learn our first spell. Actually, we’re not going to learn one so much as make our own!
In order to do that, we want to open a hidden file and edit it. In Terminal, type
(There’s a space after ’emacs’, and, don’t forget that . dot right before the ‘b’)
What you see after this screen may vary depending on whether .bash_profile has any pre-existing content or not. If there is anything in the file already, ignore it and use the arrow key to move the cursor to a clean line at the bottom. If the file is empty, then just start typing. The first line we want to type is
Now press Return and enter a single, left curly bracket
Press Return again and type (or copy and paste) this:
There’s a space between the ‘s’ and the dash, and all the letters are lowercase except the ‘F’, which must be uppercase.
Press Return and provide the closing curly bracket
It should look like the area inside the orange rectangle:
Now hold down the control key on your keyboard while you first press x and then c. Notice at the bottom of the screen you get a ‘save’ warning.
Press the y key on your keyboard, and you should find yourself returned back to the Terminal prompt.
Type exit at the prompt to logout of the Terminal, and then on the keyboard press Command-W to close the window, and Command-N to open a new Terminal session.
What did we just do?
We defined and saved a new Terminal command called show which we can now use whenever we enter Terminal to easily see all the files and folders – including all the hidden ones – in any given directory. To see what we just did, type show at the command line. You should get an output that is formatted something like this:
As you can see I’ve annotated the screenshot to show some of the features that the show command gives us. First of all, notice the file and folder names that begin with a . dot. These are your hidden files and folders (Remember: they are usually hidden for a reason, so don’t go messing with them unless you know what you’re doing!). The show command also helps us distinguish between files and folders by appending a / slash to the end of folder names. Although not shown here, you may also see some names with an * at the end. That means it’s an executable file — in other words, its purpose is to run some programme or command.
The show command is very useful for seeing exactly what is in a folder, but of course we need to know how to move between folders in order to see anything other than our own home directory.
Suppose I want to have a look in that folder called ‘Shared’. Then what I do is I type
then press the tab key on the keyboard. The rest of the name is filled in for me by Terminal:
The tab key is a very useful trick for moving around in Terminal when you are faced with long names. Generally, you only have to type in enough to make the file or folder name unique and hitting tab will complete the rest of the name for you. However, if I only type
and then press tab, nothing happens. Terminal can’t complete the name because there’s more than one choice. However, if I press tab again, Terminal will give me a list of the all names that begin with S:
pressing tab twice gives:
Now I can see all the options, and how much I have to type to make a unique choice. In this case, I only have to type either ‘cd Sh’ or ‘cd Sn’ to allow Terminal to know which one I want when I press the tab key. Pressing Return after the tab completion will take me to the folder.
Try it with a folder from your own list.
After changing to a new folder, perhaps your screen is getting a bit messy. Let’s clean it up before doing show again. On the keyboard, press control-L to get a clear screen (notice that all your previous commands and outputs are still available if you scroll up!).
Now type show again to see your files and folders, pick a folder (if there is one), and type cd plus the first few letters of the name. Fill it out with the tab key and then press Return.
Again, type show to find out what’s inside. You can keep going deeper into the directory tree by using cd and show on any folders you find.
The last thing we need to know for today is how to go back up the tree, or to move back to the parent folder. Again we’re going to use the ‘cd’ command, but this time you don’t need to type any names. Just a space and then two dots
(don’t forget there’s a space between the ‘d’ and the two dots). This will always take you to the parent folder of the folder you’re currently in, all the way up to your hard disk’s parent directory. If you want, you can make a new up command (just like we made show) as a shortcut for ‘cd ..’. Have a look at the smallest of the screenshots above and see if you can do it. 🙂
So now you know how to move around and see all the hidden and un-hidden contents of your drive, go and explore and get yourself used to these first basic commands.
When you’ve finished with your Terminal session, type exit and press Return. You can then close the window and go back to GUI land!
. at the beginning of a name means ‘hidden’
/ at the end of a name means ‘Folder’
* at the end of a name means ‘executable file’
cd – move in to that folder
cd .. – move back to the parent folder
emacs – opens the Terminal textfile editor
show – shows a complete list of a directory, including hidden files
control-L – clears the Terminal screen
tab – will try to complete file or folder names
tab (twice) – will offer choices
Security in OS X Lion is a big problem that not many people are aware of, and here’s why: your Lion computer contains the install/recovery disk on the internal drive. That means anyone with a basic knowledge of Mac and Lion can start up your mac and reset your passwords, thereby accessing your user accounts and all your personal data. The same trick can help kids easily get round restrictions applied through OS X’s ‘Parental Controls’ feature.
How is this possible, you may ask? First, a little history. Among the 250 changes vaunted about Lion over its predecessor, Snow Leopard, there is one that is widely known but whose implications are rarely pointed out: you download the OS rather than install it from a disc. In the past, if your OS went bad and needed to be recovered, or you forgot your admin passwords, the simplest answer was to insert your install disk. From that, you could restore the OS and reset your passwords. That made your Mac a little safer (though not entirely safe) so long as your disc was kept somewhere physically different from your computer.
With Lion having no install disc, Apple had to find an answer as to how to provide the recovery option. The solution was to install a Recovery partition on the same disk as the operating system itself. In the event that the OS goes bottoms up and needs to be recovered or re-installed, you just restart your computer holding down the ‘command’ and ‘r’ keys to access the Recovery partition.
So far so good, but likewise, just as with the old DVD install discs, you — or anyone else — can also reset the user account passwords from the Recovery partition. That means your passwords are effectively useless. Anyone who wants to hack your user account just has to restart your Mac holding down ‘command’ and ‘r’ and then use the built-in Password Utility to make new passwords for your accounts. Now I’m not going to tell you quite how to do it (you do need a little knowledge to get the user account names and know how to do the reset) but it is widely publicized elsewhere, and indeed even in Apple’s own online documentation (so if you really want to know, google is your friend or follow some of the links in this post…).
What’s the answer to this security nightmare? Here’s one thing that’s NOT the answer but which I have seen widely touted: setting a firmware password. If you’re not familiar with the concept of the firmware password, don’t worry. It is practically useless, since anyone can reset that simply by taking off the back of your computer, and then pulling out and then putting back in one of the memory chips.
Apple, of course, thought about this problem. Their own solution is to encourage you to use FileVault 2 (FV2) to encrypt all your data. Indeed, this is the BEST solution. Without your password, no one can access the disk on your computer no matter what they do (and that includes YOU if you forget it…). However, there are a couple of drawbacks to FV2. One is that it requires extra disk space, and if you have more than one partition on your hard drive, or a lot of data, and little space you may not be able to encrypt and decrypt your data. The other drawback is that FV2 places a little extra wear-and-tear on your hard disk (though that may be negligible given the security pay off).
Using FileVault 2 is really the only security option if you’re using Lion. However, if you don’t have the space for it, there is a ‘second-best’ strategy (see below why it’s only ‘second best’), and that is to remove the recovery disk and use a clone as your recovery option instead (WARNING: the Recovery disk is required for FileVault 2, so by removing it you will also remove the ability to use FV2).
There’s a couple of ways to remove the recovery partition on your internal disk, but this is probably the best:
1. Clone your current system to an external disk using Carbon Copy Cloner. This will clone your entire system exactly as it is now, but it will not copy the Recovery disk.
2. Still booted into your internal OS (the one on your machine), open Terminal.app and paste the following command:
defaults write com.apple.DiskUtility DUDebugMenuEnabled 1
3. Open Disk Utility.app (Applications/Utilities/Disk Utility.app). In the menu bar of Disk Utility, choose Debug > Show Every Partition.
4. In the left-hand pane of Disk Utility, you can now see the Recovery HD. Click on it. Then click on the Erase tab on the (larger) right-hand pane. Click the Erase button down there on the bottom right.
5. Quit Disk Utility.
Now you can use your bootable clone as your recovery disk if your OS becomes corrupt and no one can boot up your computer with ‘command-r’. If you keep the clone backed up on a regular incremental schedule (you can choose anything from once an hour, once a day, week, or month), you can simply restore a corrupted internal disk to exactly the same state as your last backup.
Why only ‘second best’?
As alluded to earlier, it is still possible for advanced users to start up your mac and reset the password without the Recovery partition (this was also true in Snow Leopard even without the install disc). In fact, what this procedure does is give your OS X Lion installation the same security level as an OS X Snow Leopard installation, which is not actually that great, but better than Lion with a Recovery disk! Also, if you are storing highly sensitive data, don’t neglect the fact that someone who has complete unfettered access to your hard drive could even remove the disk and recover the data using special software.
The short story is if you want to be absolutely certain that your data is secure, FileVault 2 is really your only option.
featured picture Security Workstation by digitalhadz