Viewing entries tagged
macos

Backing Up Your Mac

Comment

Backing Up Your Mac

Ever accidentally deleted an important file, experienced a drive failure or discovered computers don't drink coffee? Reliable backups protect you from losing your irreplaceable data. Today's blog post is an unbiased overview of all the popular backup options available to Mac users.

Syncing Services & "The Cloud"

It is important to point out that many syncing services (e.g. Dropbox, Resilio Sync, etc.) can also be configured to act as somewhat of a backup. Since that is not their intended use I have not included them in this overview.

Several of the backup solutions below store data with the vendor (cloud backup). As security breaches have become common place, trusting vendors and their ability to protect user data has never been more challenging. For this reason many vendors allow advanced users to take ownership of the encryption key, preventing anyone but the user from accessing the data.


Time Machine Logo.jpg
 

Time Machine is built into macOS making it very easy to back up your Mac.

Key Points

  • Unlike most alternatives, Time Machine includes both system files and user data.
  • Supports multiple backup destinations, allowing for geographically separated backup drives (e.g. one at work and one at home).
  • Compatible with Migration Assistant making the process of restoring data to a new Mac easy.
  • Theoretically supports backing up to network shares (e.g. AirPort Time Capsule, server or NAS), in practice I have found it unreliable.
  • Support for Power Nap, allowing backups to occur while the Mac is asleep.

Data Retention

  • Hourly backups for the past 24 hours.
  • Daily backups for the past month.
  • Weekly backups for all previous months.
  • The oldest backups are deleted when the backup disk becomes full.

User Experience

Setup

To start using Time Machine simply purchase an external hard drive (any brand), plug it into your Mac and click Use as Backup Disk. It is also advisable to select the Encrypt Backup Disk checkbox, preventing anyone from accessing your backup data without a password.

Time Machine Setup
 

After that backing up is as simple as plugging in a USB.

Restoring Data

    Enter Time Machine (Recommended)

    Open Launchpad > OtherTime Machine > On the right select the date you wish to go back to > Select the files you wish to recover and click Restore.

     

    Finder

    In Finder select the name of the backup disk in the sidebar > Backups.backupdb > COMPUTERNAME > Select the date you wish to go back to > Copy and paste the files you wish to restore.

     

    CrashPlan Logo
     

    Unfortunately, Code42 the creators of CrashPlan now only offer backup solutions for small business and enterprise markets. Although this is not for individuals, business owners would benefit from considering CrashPlan for their backup needs.

    Key Points

    • Support for all the major platforms (macOS, Windows and Linux).
    • By default only the user's home directory is backed up.
    • Australians back up to CrashPlan's Sydney data centre.
    • CrashPlan can also be configured to back up to a local disk.
    • CrashPlan for Small Business targets businesses with less than 200 employees.

    Data Retention

    Data retention is user configurable, backup storage with CrashPlan is unlimited and by default all user files are retained!

    CrashPlan Backup Schedule
     

    User Experience

    Setup

    1. Sign up for the free trial here.
    2. Download and install the CrashPlan app.
    3. Sign into the app and select a backup destination (e.g. CrashPlan PRO Australia).

    Restoring Data

    CrashPlan App (Recommend)

    Open CrashPlan app from the Launchpad > Click Get Files, select the date you wish to restore from and select files you wish to restore. By default, files are restored to the Downloads folder, but this can be set to the files original location or another directory.

     

    CrashPlan Web Restore

    Sign into the CrashPlan website > Select Devices > Active > Click the restore icon next to the relevant computer > Choose the date and the files you wish to restore.

     

    Backblaze Logo
     

    Backblaze is a cost effective cloud backup solution.

    Key Points

    • Supports both macOS and Windows.
    • Includes a Locate My Computer feature similar to Find My Mac.

    Data Retention

    • Unlimited storage.
    • Backblaze only keeps copies of files for 30 days after deletion.
    • External drives being backed up to Backblaze must be connected at least once every 30 days to avoid backup deletion.
    • If the computer running Backblaze does not connect to Backblaze's servers within 6 months all backup data is deleted.

    User Experience

    Setup

    1. Sign up for the free trial here.
    2. Download and install Backblaze.

    Restoring Data

    Restoring data is done through the Backblaze website. Customers have the option of downloading required files for free or ordering a USB drive to be mailed to them, at additional cost.


    Carbonite Logo
     

    Carbonite is a popular Windows cloud backup vendor, with support for macOS.

    Key Points

    • Supports both macOS and Windows.
    • The Mac application user interface layout feels somewhat unpolished compared to its competitors.

    Data Retention

    Just like Backblaze, Carbonite Safe Basic Backup files are only kept for 30 days after deletion.

    User Experience

    Setup

    1. Sign up for a free trial here.
    2. Download and install Carbonite.

    Restoring Data

    Carbonite App (Recommended)

    Click the Carbonite icon the menu bar and select Open Carbonite. Select the relevant location in the sidebar > select the deleted file or folder > click Get this back.

     

    Carbonite Website

    To restore files Carbonite recommend using their Mac app, however backed up files can be downloaded via their website. Simply sign in > click View files and select the files you wish to download.

     

    Acronis True Image 2018 Logo
     

    Acronis have been creating backup software for over 15 years and specialise in bare metal backups (similar to Time Machine & Carbon Copy Cloner).

    Data Retention

    Users are able to configure the number of versions archived.

     

    Key Points

    • Ability to backup to Acronis Cloud and/or a local disk.
    • All data including applications and system files are backed up by default.
    • An Acronis Cloud data centre is located in Sydney.
    • Acronis Cloud storage is not unlimited with storage options going all the way up to 5TB.

    User Experience

    Setup

    1. Download and install Acronis True Image 2018 from here.
    2. Open the application, create an account and set backup locations.

    Restoring Data

    Mac App

    Select the backup destination and then the Recovery tab > Select the backup version and browse for the files you wish to restore.

    Rescue Media

    Alternatively clicking the Recover Mac button in the app will create a bootable rescue USB. Once booted an entire system backup can be restored from a local disk, Acronis Cloud or network share.

    Acronis Online Dashboard

    Sign into the dashboard > Click RECOVER next to the relevant computer > Select the files you wish to download and click DOWNLOAD.

     

    Carbon Copy Cloner Logo
     

    At its core Carbon Copy Cloner (CCC) is a graphical user interface (GUI) for the handy command line tool rsync.

    Key Points

    • Makes the process of cloning all or part of a disk simple.
    • By default clones are bootable, include all system and user files and can be restored by Migration Assistant.
    • Is able to perform scheduled backups to external encrypted disks.
    • Support for backing up to network shares.

    Data Retention

    Although there is a SafetyNet feature that can be leveraged to recover modified/deleted files, CCC's primary purpose is to maintain a replica of an internal disk.

    User Experience

    Setup

    1. Download and install Carbon Copy Cloner from here.
    2. Set source (e.g. Macintosh HD), set a destination (e.g. an external hard drive) and set a schedule (e.g. hourly).

    Restoring Data

    • If the files are still present on the back up drive they can be copied directly in Finder.
    • In the event your computer's disk has been replaced or erased, Migration Assistant will happily restore data from a CCC backup.
    • In the event where files have been overwritten on the backup drive (APFS formatted) the SafetyNet feature may be able to restore modified/deleted files.

    Comment

    macOS Network Shares with Permission Inheritance

    Comment

    macOS Network Shares with Permission Inheritance

    Creating a network share on macOS does not automatically propagate assigned permissions to child files & subdirectories. This means if one user creates a new directory in a share, other users are able to view the new directory, but are unable to add anything to it. Correctly configuring directory permissions is the solution covered in today's blog post.

    Understanding File & Directory Permissions

    POSIX permissions are used to assign basic read, write and execute privileges to the owner (creator of the file/directory), group (a single group inherited from the parent directory) and others (everyone else).

    At the same time an access control list (ACL) can be applied to a file/directory to assign specific permissions, allowing for multiple users and groups with varying levels of access. ACLs override POSIX permissions and are comprised of access control entries (ACEs), each entry specifying a particular user or group's rights (either an allow or deny) to perform specific operations. The ACEs in an ACL are evaluated from top to bottom until an ACE that applies to the user is found, once a match is found all remaining entries are ignored, making the order of ACEs paramount.

    To allow our users to add to each others directories we simply add the file_inherit & directory_inherit attributes to an ACE. This will ensure the ACL applied to the share is inherited by child files & subdirectories.

    There are two ways to apply an ACL:

    Server app

    Select the server name in the left sidebar, click the Storage tab and drill down to the directory you wish to modify. Click the gear at the bottom of the screen and select "Edit Permissions..." Expand out assigned users & groups, tick Inheritance and click OK.

    Doing so will apply the ACL to the selected directory, but not to any subdirectories. If you wish to apply the same ACL to subdirectories, select the gear again, then 'Propagate Permissions...' and with only the Access Control List checkbox ticked click OK.

    Note: You will notice inherited permissions are greyed out in the Server app to prevent accidental editing.

    Terminal

    Those comfortable in Terminal may wish to do the same via the command line.

    List

    To list existing ACLs in a directory:

    ls -le

    Add

    To recursively add inheritance to a directory simply append  file_inherit & directory_inherit tasks to the end of the existing ACE:

    # Recursively add the following ACE to all files and folders inside Directory Name, marking the ACE as inherited.
    chmod -R +ai "group:marketing allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" "Directory Name"/*
    
    # Apply the same ACE directly to "Directory Name," without marking it as inherited (allowing it to be edited in the Server app).
    chmod +a "group:marketing allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" "Directory Name"

    Insert

    Use +a# to insert an ACE at a specific index (at index 0):

    chmod +a# 0 "group:marketing allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" "Directory Name"

    Replace

    Use =a# to edit an existing ACE (at index 2):

    chmod =a# 2 "group:marketing allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" "Directory Name"

    Remove 

    Use -a# to remove the first ACE (at index 0):

    chmod -a# 0 "Directory Name"

    Use -N to alltogether remove an ACL from a file or directory:

    chmod -N "Directory Name"
    # Tip: chmod -RN will recursively remove ACLs

    Further Reading

    If you would like to learn more about macOS file permissions the following are great resources:

    Comment

    Printing Hierarchical Directory Structures in Terminal

    Comment

    Printing Hierarchical Directory Structures in Terminal

    Tree is an open source command line tool for recursively outputting the structure of a directory. It is useful for generating a clear representation of complex directory structures.

    Installation

    Tree is compatible with most Unix based operating systems, including macOS. Since tree is not included with macOS, here are two methods for installing it:

    Via Homebrew

    If you already have Homebrew installed simply run:

    brew install tree

    From Source Code

    1. Download the source code from GitHub:

    git clone https://github.com/execjosh/tree.git

    2. Move into the tree directory and edit the Makefile:

    cd tree
    nano Makefile

    3. Comment out (prepend a #) the line under Linux defaults and uncomment (remove the #) the lines under the OS X section:

     

    Note: To save changes in nano; press control + X, then Y and return.

    4. To compile the binary simply run:

    make

    5. Move the newly generated binary into /usr/local/bin/:

    sudo mv tree /usr/local/bin/

    6. Lastly, move the manual page into /usr/share/man/man1/.

    sudo mv doc/tree.1 /usr/share/man/man1/

    Usage

    Tree has many options and the manual page goes into each one in-depth, you can view the man page with:

    man tree

    Our favourite options:

    • -C: Colour folder names to help distinguish files from folders
    • -d: Only output directories, not files
    • -H: Output as HTML with hyperlinks to files and folders
    • -N: Do not escape spaces with forward slashes or replace non=printable characters
    • -o: Send output to a file
    • -Q: Put double quotes around filenames

    Example

    Using tree to list all files and folders in a user's Music directory:

     

    Comment

    Recovering a Forgotten OS X/macOS User Password

    1 Comment

    Recovering a Forgotten OS X/macOS User Password

    Recently I had an elderly client that could not remember the password to his iMac nor the email passwords configured in Apple Mail. I was caught in a situation where I could not reset his Keychain as that would remove his email passwords, but I also had no way of extracting passwords from his Keychain. On top of that I needed the password to install new printer drivers.

    This information is intended to support others that have forgotten their login password, it should not be used for evil. If you want to secure your system from vulnerabilities like this it is important to enable FileVault whole-disk encryption and use a unique/secure password. You can turn it on under System Preferences > Security & Privacy > FileVault.

    I remembered reading how the Automatic Login feature stores a cipher of the user's password in /etc/kcpassword. A quick Google search later and I had the following command to extract the password.

    Since the above command requires sudo and I didn't have access to an administrator account, I booted the iMac into Target Disk Mode, connected it to another Mac (via FireWire/Thunderbolt cable) and ran the following command:

    sudo ruby -e 'key = [125, 137, 82, 35, 210, 188, 221, 234, 163, 185, 31]; IO.read("/Volumes/Macintosh HD 1/etc/kcpassword").bytes.each_with_index { |b, i| break if key.include?(b); print [b ^ key[i % key.size]].pack("U*") }'

    And just like that I had recovered his password!

    1 Comment

    Dock Master - A Superior Profile Maker for Managing the Dock

    224 Comments

    Dock Master - A Superior Profile Maker for Managing the Dock

    Recently I have been actively looking into the best solution for setting a custom dock on multiple machines.

    Apple’s Profile Manager allows the creation of configuration profiles with dock settings. However, the functionality has some frustrating limitations:

    • There is no control over the order in which applications are displayed in the dock.

    • You can only add applications to Profile Manager if they are installed (note: can be dummy .app files) on the OS X Server host itself.

    • No home directory relative path support, therefore you cannot simply add a user’s Downloads folder to the dock.

    The Search for Something Better

    I tried Kyle Crawford’s dockutil command line tool and found it worked well for changing the dock of existing local accounts, but required scripting (LaunchAgent) to apply to newly created accounts.

    I also had temperamental success in directly editing:
    /System/Library/CoreServices/Dock.app/Contents/Resources/en.lproj/default.plist
    /System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist

    After that I tried using Tim Sutton’s mcxToProfile script to convert ~/Library/Preferences/com.apple.dock.plist into a profile. Unfortunately home directory relative folders were broken using this technique.

    Get To The Good Stuff

    Over the past week I started working on a tool to make generating dock configuration profiles easy and include all the features missing from other tools.

    The advantages of my solution (Dock Master) include:

    • Support for home directory relative paths (e.g. ~/Downloads).

    • The ability to include applications that are not installed.

    • Inclusion of network shares and website links with custom labels.

    • The ability to set folder attributes (sort by, display as and view content as).

    Dock Master is an intuitive way to customise and generate dock profiles. To help you get started I have included some sample data commonly featured in education docks and an example of a directory, share and website that can be edited/removed as required. Once all the desired alterations have been made the profile is ready to be downloaded and distributed.

    Removable Dock Items

    A few people have contacted me asking if there’s way to deploy a custom dock with removable items. Unfortunately, configuration profiles do not allow for this. Dock Master now works around this limitation by creating a dock preference file that is added to the User Template (new user accounts) and optionally replaces the dock plist in existing user accounts.

    Below you will notice a lock icon next to each dock item, unlocked items are removable by the end user. If one or more dock items are unlocked, Dock Master generates a tar file (compressed archive) instead of a configuration profile.

    Once the tar file (archive) is extracted you will have a folder containing a ‘makepackage.command’ script. To build your custom package, simply right click the script and select Open.

    The resulting package can be deployed just like any other package (e.g. Apple Remote Desktop, AutoDMG, DeployStudio, Munki, etc).

    Name


    Applications

    Please provide the full path to the application (.app file).

    Others (Folders/Shares/URLs/Weblocs)


    Additional Options

    Profile description:
    Profile scope:
    Prevent users from permanently modifying dock contents.
    Merge with user's existing/default dock.
    Add user's network home folder.
    Maximum icon size (1-256):
    Enable magnification. | Maximum magnification size (1-256):
    Dock position:
    Minimize windows using:
    Apps animate (bounce) on open.
    Automatically hide and show the dock.
    Show indicators for open applications.
    Minimise windows into app icon.
    Create package instead of profile. | Package applies to existing users. | Package version:

    Do You Like Dock Master?

    If you appreciate my work on Dock Master please consider making a donation. Dock Master has been a hobby project, I never developed it planning to make money (although my partner thinks I should) and I felt it was my way of contributing to the Mac Admin community. Donations help offset server hosting costs and access to resources.

     

    FAQ

    I have downloaded my fancy dock profile/package, how do I push it out to all my users?
    There are several ways to distribute profiles and packages, I recommend simply importing them straight into Munki.

    What happens if I want to change a Dock Master profile already installed on my clients?
    Dock Master profiles use the dock name as the profile identifier, therefore if you use the same name the new dock profile will overwrite the old. Dock Master packages simply overwrite any prior installed Dock Master package.

    Can I reorder dock items?
    Yes, simply click and drag the ≡ sign to change the position of a dock item.

    I still don’t get it, why would I use this?
    It's free!!!

    In education environments younger students find it difficult to find an application in Finder or the Launchpad, therefore having applications sitting in the dock allows students to independently access the applications they need.

    This tool allows advanced customisation and quick generation of dock profiles that can be applied to different device groups (e.g. Art, Music, Junior School Macs).

    And lastly because it's awesome!

    Where can I find the source code?

    I was surprised with the demand for Dock Master. Since its release I have rewritten Dock Master (originally PHP) into a native OS X Swift command-line tool for offline use. You can find the source code on GitHub here.

    224 Comments