Volume Number: 16 (2000)
Issue Number: 11
Column Tag: Operating Systems

Mac OS X Public Beta

by John C. Welch
Edited by Ilene M. Hoffman

An Administrator's Review

Welcome

Before I review Mac OS X, the next generation of operating system from Apple Computer, Inc., I'd like to emphasize one point: It's A Beta. The fact that it's called a public beta should make that emphasis unnecessary, but some comments I've read on the Internet and mailing lists makes me think that the emphasis is needed. This is a review of the Mac OS X Public Beta, which means that a lot of what I dislike or like may change, so don't think that anything I mention will be included in the final product. Finally, I've only had the public beta for about a week and a half at this writing, so there are a lot of items I may not cover yet. Okay, enough warning, on to the Beta!

Installation

The first place to start is the installation of Mac OS X Public Beta. I have been running the Public Beta on a PowerBook G3 Series, Bronze Keyboard, 1999. It has 192MB of RAM, and a third-party 18GB hard disk with two partitions, the Beta being on the second partition, which is about 3GB in size. I have not been using Classic Compatibility Environment for two reasons: First of all, I have certain extensions and configurations that aren't compatible with Classic that I need to use in my daily work. Secondly, I wanted to get a feel for OS X as its own operating system, without falling back on Classic as a safety net.

After reading the Read Me files, installation notes, and other information available on Apple's website (http://www.apple.com/osx/), I booted from the Beta CD, and started the install process. When you boot from the CD, you boot into the OS X install program. Here is one of my first beta gripes, as a network administrator, one of the things I really like about the Mac OS over Windows NT/2000, is that when I boot from a CD, I boot into the Mac OS, with basic networking capability enabled. can boot from the CD, get onto my network, and have full access to utilities, install points, etc. Currently the Mac OS X Public Beta CD only boots into the installer, which is annoying, and hopefully is not the future design of the final product. Aside from that, the install is fairly uneventful.

You pick the drive to install onto, agree to the license agreement, and go. There's no options for the install, so custom installs don't apply, yet. On a freshly formatted partition on my PowerBook, the install took about 15 minutes. Once the installer is done, the Setup Assistant fires up, and walks you through entering the base information to set up the Mac. It's pretty much the same as the Mac OS 9 Setup Assistant, except for entering an administrator username and password. This password is also used as the password for 'root' or the Unix super user ID

This brings us to another difference in OS X, the concept of the super user. The super user, or root, is the Unix equivalent of god on that machine. If you can log in as root, there is nothing you cannot do on a Unix machine. Literally, nothing. Do you want to rebuild the kernel? Root can. Do you want to delete every file in \etc, which is the directory that holds all of your configuration files? Root can. The point here is that root is a very powerful and very dangerous, so you want to be very careful about that user id. You should never log in as root unless you have a specific need, and then you should log out as soon as possible.

The Interface

Once the setup assistant is done, Mac OS X reboots, and you are presented with the login screen. Once you log in, using the user ID and password you gave the setup assistant you are on the Mac OS X desktop, and ready to roll. One of the first eye-catchers, or at least mine, wasn't the Dock, but rather the lack of my hard drives on the desktop. There are a number of arguments for and against this, but for me, the two seconds it takes me to put an alias to the drive on the desktop renders it somewhat moot. Creating an alias requires the exploration of the new Finder.

The Finder

In Mac OS 9 the Desktop and Finder were interchangeable words; but in Mac OS X, the Finder is part of the Desktop application. The Finder, as in previous systems handles file-system functions. Visually, in the Finder window you see a number of buttons, similar to Sherlock 2, that are shortcuts to various places on your Mac OS X drive. These represent folders you would need to go regularly, such as Favorites, Applications, Documents, and a new one, Computer, as shown below. If you don't like the buttons, then (command)-B toggles them on and off. Also, if you have placed a folder in the Dock,-clicking it opens it with the buttons hidden. Both views are shown below.

Computer is the root level of the system, and should be thought of as looking at the computer from bottom of the hierarchy, in that everything is above you. This level shows you all your disks, along with a new entry, Network, which we cover later. This view of the drives has caused some consternation, as previously, these items lived on your desktop. Well, the reason for it, although it doesn't apply in a standalone machine situation, is if you are accessing machines on a network, and you log into that machine, you are going to see a view that is a container for all the accessible shared drives. This network-centric view is essentially what Computer is giving you. The advantage to this view is that if you are in a heavy networking environment, you don't have to change view modes between your local Mac and Macs on the network. The disadvantage to this is if you are in a standalone situation, you could care less about the network view. Fortunately, in the Desktop and Dock preferences, you can set, your removable media to automatically show on the Desktop, as shown below.

This is nicer, and less jarring to those of us not used to the NeXT way of looking at things. I think Apple would do well to add a "Show Internal Disks on Desktop" option here though.

Another of the changes in the Finder is the Browser view, shown here.

The Browser view is a side-scrolling, multi-paned window that shows you your current location, on either the local hard drives, or the network. If you have a folder selected, it shows you all the items in that folder in the rightmost pane. If you have a document selected, it attempts to show you a preview of the document, along with the standard Get Info information. If you have an application selected, you get the generic Get Info details on the application. Although a little jarring at first, I have actually grown rather fond of the Browser view, it is fast, easy to use, and the ability to backtrack that easily through what can be many, many layers of folders is more than a little sweet. (To all the NeXTies — yes, you told me so.) I also find that some of the other modifications to the Finder windows, while jarring in some ways, make accessing the full features of the Finder windows more intuitive. The new drop-down list that shows your location in the folder hierarchy, has always been available via command-clicking the title bar, but this always struck me as too useful a feature to be hidden away as some power-user trick. Users need to be able to see where they are regardless of the current Finder view, so placing this feature out in the open is good. I also like the addition of a Back button, which makes this feature obvious without having to know oddball key combinations like U. I know that experienced Mac users are saying, "But that's so intuitive already." Well, for the true novice it isn't, and making it more obvious and intuitive does not distract from the power of the Desktop. It just makes it available to more people, and quicker.

I also like the choice between having only one Finder window as you navigate, or the more traditional multiple windows. As someone who lives with their finger firmly planted on the Option Key, I'm very glad that Apple gave me this choice. There are, of course, some issues with the new Finder window. I would prefer the title bar to tell me the directory name, instead of the application name. I know I'm in the Finder, but what directory am I in? Keyboard navigation is inconsistent, for example, -Y is gone, so you have to revert to using -E for eject to dismount network drives or removable media. That's a little strange, as I'm not ejecting the network drive, (at least I better not be), I'm removing it from my machine for a while. I also would like the browser view to scroll as I drag items back from the current location, and better yet, forward to new locations, which would make up for the missing spring loaded folders. I find that most of these issues have the feel of beta bugs, more than eliminated features, so I'm not too worried.

The Desktop

The next set of changes is in the Mac OS X Desktop. At first glance there seem to be a lot of changes, but, in fact, I couldn't find that many actual changes. If you have been using OS 9's Multiple Users feature, Macintosh Manager, or NetBoot, much of the way OS X's desktop works will be familiar. If you have been using your Mac in a single user mode, then some of OS X's desktop will seem a bit odd. First of all, each user has their own Desktop Folder. This is so that you don't have situations where someone accidentally deletes or rearranges your desktop. They can't get to it unless you allow them access. This is annoying for the single user, , although when we look at the system preferences, the workaround will be clear. For the networked, business, or home user with the entire family using the same computer, this is a good feature, and is by far better implemented than in the current Mac OS's versions. This is not a surprise, as Unix has always supported multiple users this way, and OS X carries this UNIX-type support into the Mac OS. Also, in the current beta, you can't rename drives. Although there are pathname issues for this from the Unix perspective, this is a behavior that Mac users are used to being able to perform, and it should carry over into Mac OS X. If there is a reason for it not to be there, then it should be clearly articulated as soon as possible.

Another obvious change is the location of the Trash icon. It's no longer on the desktop, but rather on the Dock. This is a different location, but the functionality is still the same. You drag files to it, open it up to remove things, unmount media by dragging it to the trash. -backspace places things in the Trash, and shift--backspace empties the Trash. By placing the Trash on the Dock, it can't get hidden or lost behind other windows, which is good for new users. Considering the time I've wasted over the years working with cluttered desktops, and typing t-r-a as fast as I could, it's a good move for experienced users as well.

The icon size on the desktop is independent of the screen resolution and that is a feature that is sure to be greeted with joy by the vision impaired everywhere, including yours truly. I like the fact that I can have room for the way I work, and still be able to resize my icons to where I can see them without having to drop the resolution.

There are some interface issues with the Desktop that seem more like beta bugs than anything else. Auto sorting by name is not enabled, and the Desktop doesn't refresh its contents as fast as it should, especially if you use the command line to add things to the Desktop. You cannot have slashes in the names of files, which is a limitation of OS X, not HFS+. I understand that Unix uses slashes as directory delimiters, but this is not Unix, it's based on Unix, and this is a restriction that may cause problems. (Note: There were also applications in previous Mac OS versions that had trouble finding files when slashes were used in filenames.) On the other hand, you also now get 255-character filenames, so the news isn't all bad. Finally, the system font and font size cannot be changed. I understand that the font size can be changed by scaling the icon size, but some of us want tiny icons and big fonts, or vice-versa. We also want a font that isn't Lucida Grande. These are annoying problems, but fixable, and I imagine they will be fixed in the release version of Mac OS X.

The Dock

On to the most controversial part of the new OS, the Dock. This is an amazingly polarizing application, and yet, like much of OS X, it really does grow on you. I think much of the problem is what it's replacing: the Apple Menu, the Applications Menu, the Menu Bar clock. The Dock also contributes to the loss of tabbed folders, which for some is more traumatic than others. Now, lets take a look at the Dock, or at least my dock after login

The Dock is a bit smaller here than on my normal screen, but, even on my PowerBook's display, there is a lot of feedback here that you don't get by default in Mac OS 9. First, I know exactly what applications are running, in this case, from left to right: Finder, Stickies, Console, Classic Menu, wClock, and Grab. Classic Menu is an Apple Menu replacement for OS X, and wClock gives me a menu bar clock, and calendar as well. (Note, the Public Beta represents one of the biggest shareware and utility goldmines for Mac developers, and I am pleased to say that there is a wealth of items out there already.) I also have a number of applications handy that I use frequently. The four items on the left are the Trash, the What's New Help file, the link to the OS X feedback page at Apple, and a link to my Applications folder. In addition, although I couldn't get screen grabs of this, -Tab cycles through the open applications, and pops their names up so I can see which one is selected. Similar to the Desktop icon size, the Dock icon size can be set independently of screen resolutions, as shown below.

I have the magnification, and hide and show features turned off, and the opening animation turned on. Now one thing that you may notice that is not in my Dock is the clock. I tried storing it in the Dock, but it was too small. I tried the floating option, but it was in the way all the time, plus the icon running in the Dock, took up space in two places. So I now use wClock, which gives me a menu bar clock, and in conjunction with Classic Menu, makes my menu bar look quite familiar. The clock on the menu bar is very handy, and an option to have it there, floating, or in the Dock would be appreciated by many users.

There is another feature to the Dock which has only been hinted at, but in fact is a major plus , and that is the ability of the Dock icons to display live data. Aside from the endless demonstrations of QuickTime movies in the Dock, there are some other nice applications that make good use of it.

The Mail application uses the Dock icon to indicate you have unread mail in your inbox. Very nice, and handy if you don't want to have your Mail window always open or maximized. Another application that makes use of this ability is the CPU Meter application. If you minimize both windows, the Dock icons update the usage graphs in real time, giving you a miniature, yet live display of how hard you are hitting your system.

So while the Dock may not be the end all application , it is a lot more capable than people give it credit for. I hope that application developers take advantage of its abilities.

Setting Up OS X

Enough of the basic user interface, let's take a look at how you set your system up. Almost all system settings are accessed through the System Preferences application. After about a week of exploring Mac OS X, I found out that Apple has done some pretty neat things. First off, the System Preferences are doing a lot of the low level Unix configuration file editing. For example, as you go through and set your network preferences in the Network control panel, you also alter the NetInfo settings. NetInfo is the way that NeXT networks kept track of machines, users, accounts, printers, and access rights, plus everything else. It is analogous to Novell's Directory, or LDAP (Lightweight Directory Access Protocol), and is administered via the NetInfo manager application. However, as we will see later, this is not a very intuitive application, and setting the wrong thing can hurt your configuration, and prevent your Mac from booting. NetInfo also holds information for files like hostconfig, which is where the BSD Unix layer gets its information for things like host names, and IP addresses. From what I can see, System Preferences modifies NetInfo, which modifies the configuration files. This may not be totally correct, but not having to use a terminal and EMACS, or worse yet, vi, to set up your Unix settings; indeed, never having to even know where hostconfig lives, is a sign that Apple has put a lot of work into taking the Unix fears out of Mac OS X.

System Preferences

Now let's take a look at a few of the features in System Preferences. The application reminds me of the Mac System 6 control panel, where one application held all your system settings. Although the OS X System Preferences application is a nicer version, it is still a single, coherent place for system, not application-specific settings. The full view of the app is shown next.

For the most part, these look familiar, so we won't take a look at all of them, but I will cover the settings of interest to network administrators.

The first one is the Date & Time control panel:

The first two tabs, Date & Time and Time Zone, have the same functionality as the Mac OS 9 versions. The Network Time tab is interesting though. It gives you the ability to either manually enter a network time server's domain name or IP address, or you can select From NetInfo, and let NetInfo handle where on your network your Mac gets its time information from. This feature is a boon to anyone trying to change this setting on a network with a few hundred Macs.I hope that Apple allows for NetInfo to integrate with other directory services too, so that this type of administrative tool is not limited to NetInfo. While an excellent way to manage a network, NetInfo is hardly the one of the most common tools.

The next control panel of interest to network administrators is the Internet settings panel. This illustrates Apple's attempt to bring the functionality of Internet Config into Mac OS X.

The other reason I am highlighting the Internet preferences panel is to show that:

1. In the Web tab you have the same flexibility in selecting your default web browser in Mac OS X as you do in OS 9.
2. You can select where to Download Files To, so that with the multi-user capabilities of OS X, I, and anyone else who uses my PowerBook under OS X can have our web browser download to the desktop, yet not interfere with anyone else's desktop.

This is nothing completely new, but the fact that it is an integrated feature of the OS, instead of a bolted-on kludge will result in a smoother user experience. Do expect changes here though, as Mac OS X uses the word "E-mail" even though their own style guide uses "email."

The next panel of interest is the Login preferences panel. This controls Login functionality, such as automatic log in in the Login Window tab. Plus you can choose your enabled startup items in the Login Items tab.

The reason for moving the startup items is based on the multi-user capability of Mac OS X. If you have twenty people sharing the computer, and they all have 3 different startup items, you wouldn't all the applications to start for everyone. tThe applications only start up when you log in, and that way only your choices start up. This is also the location of another beta bug. Once you set up the link to an application, if you move the application, the link is broken, indicating that Unix-style hard links are being used, instead of proper aliases. This can be quite annoying, but I doubt that Apple would leave such an interface bug like that in the final version. Also worth noting is that if you are the only user for a given machine, you can set it to automatically log in for you, so that you do not have to go through the log in process. Another option in the Login Window tab disables the Restart and Shut Down buttons. This is useful if aMacintosh computer is being used as a server, the only way to restart it would be through the hard switches on the computer, or by logging in as root. One note here, if you do have the automatic log in enabled, you should never set it to root. As the super user for a given system or network, there is nothing that root cannot do, and therefore that user should never be the default user for any machine.

The third panel we will look at is the Network preferences panel. TCP/IP is the first tab, and looks familiar with the exception of the Host Name. The host name is used to identify the machine, not only via DNS, (in my case, valkyrie.aer.com), but for AppleTalk and NetInfo as well. What isn't shown, and unfortunately I couldn't get a good screen shot is the fact that the TCP/IP panel has configuration settings. I have had two separate static IP addresses on this PowerBook, and if you could see the Configure: pop-up menu, you would see: Manually 10.2.4.4, Manually 10.2.4.1, along with DHCP and BootP. This configuration support is a good sign that Location Manager is not gone, as many fear, just not completed yet.

The next tab is AppleTalk, and is fairly simple. AppleTalk is toggled on and off with a checkbox and you type in the AppleTalk Computer Name. The NetInfo tab simply asks if you want to connect to an existing NetInfo domain or not. The fourth tab is the Services tab, and that bears a little more investigation.

The Services tab handles the Web Server that is included with Mac OS X, namely Apache. Well over 60% of the Internet is run off of Apache, and with the full version of that web server, Apple is giving Public Beta users a very powerful way to publish documents and files. This also makes the initial decision as to which web server to use with Mac OS X very easy, but it creates an interesting business proposition for the WebSTAR folks. 4D, Inc. now needs to give their existing users a compelling reason to stay with WebSTAR, and create a more compelling reason for people to buy WebSTAR instead of staying with a free product that is every bit as powerful. However, the Services tab only turns Apache on, and lets you decide where you want the documents to reside. It doesn't configure Apache, or make it secure, so there is still a lot of work left for the user to do. This also is where Apple, or third party developers can come in, and create products that help you configure Apache in a way that makes the Mac community comfortable with such a powerful tool. Another advantage to including Apache is that it finally gives the Macintosh Web community access to all the powerful Apache tools , including, potentially the Apache add- ons that allow you to use Apache as a server for Active Server Pages, instead of Microsoft's Internet Information Server, IIS. Opinions of Microsoft aside, IIS is a major player in business intranets, and Apple has always been forced out of this large, lucrative arena. Apache gives them a toehold here, and a fairly respectable toehold at that. Considering the amount of Web content created on Macs for other server platforms, it's about time that that content can be served on a Mac without the potshots directed at the Mac OS.

The next stop in System Preferences is the Screen Saver panel. Although not thought of as an administrator kind of application, the fact is, most servers have a timed screen lockout system. The settings for the screen saver do not currently allow for forcing a password to get past the screen saver, which makes it less useful to administrators. Apple, or a third party developer should be able to provide a solution.

The Sharing preferences panel is next on our tour. This controls a number of items of interest to users and administrators.

The File Sharing button controls Mac OS X's Apple File Protocol (AFP) over TCP/IP sharing capability. The Public Beta only allows you to share your Public folder, but like a lot of this version, this looks like a beta bug, and should be fixed quickly enough. The other two checkboxes are new to Mac users. The first, Turn on remote Telnet access, enables the Telnet server that ships with Mac OS X. This is a very handy feature for administrators, as it gives them the ability to log into a Mac OS X machine, and perform any of the standard Unix remote administration tasks that can be run from a command line. This is also a dangerous feature for the very same reason. If a computer cracker were to Telnet to an OS X box running Telnet services, and be able to log in as root, again, this person would have complete control of the Mac OS X box from a command line, and then do essentially, anything that is possible from a command line, which in Unix is quite a lot. (I don't want to sound too alarmist here, as having Telnet access to OS X is an incredibly useful feature, especially to those of us who are network administrators. As with any feature, it has its downside as well. The command line, and command line access are not inherently bad or good, but like any tool, can be used both ways. Mac OS X ships with Telnet turned off, and unless you have an explicit need for this feature, I would recommend keeping it off. A lot of the security of the Mac OS has been due to the lack of remote access features in the OS. While this has saved a lot of Mac administrators from having to deal with crackers, it has also restricted administrators from the kind of capabilities that our Unix and Windows compatriots have. Services, daemons, and applications like Telnet, and other Unix capabilities are going to give us a lot more power, and a lot more things to worry about. It's better to start now, and be ready, than to find out the hard way when some script kiddie turns your machine into a DOS attack zombie.

The other setting in the Sharing settings panel enables the FTP service. So your Mac can be a FTP server out of the box, no extra software required. Again, my warning about security applies here as well, if you have either of these services turned on, be sure to pick a good password for root, and change it often. Even with Telnet turned off, a cracker with root access could FTP to your machine, and replace the configuration file that turns off Telnet with one that turned it on, and a script that would notify him or her that access was now on. The next time that machine rebooted, that cracker would have full access to your Macintosh. Ssome common sense keeps you safe, if you don't need to be an FTP server, leave that service turned off. If crackers can't get in to your machine, they can't make use of it. If you need this service turned on, then change your root password regularly, and make it incredibly cryptic. This is one area where an ounce of prevention is worth a ton of cure. The final section of the System Preferences we will look at is the Startup Disk preferences panel.

The Startup Disk preferences panel is where you choose the operating system you wish to boot from, whether that be on a separate disk, as shown above, or on the same disk. Like other settings in the System Preferences, you have to be an administrator on the machine to change any setting in this preferences panel.

Other Settings

There is one other place that is normally used to set up Mac OS X, and that is Multiple Users. (I am leaving out the Keychain setup, as it seems to be unchanged from Mac OS 9.) This is where you would normally create, edit, and delete user accounts on your Mac OS X machine. Multiple Users is a much simpler beast than its OS 9 counterpart, and is more intuitive to use.

One of the first things that you notice is that one account is missing, namely root. This is a good thing, because it means, that even if I unlock Multiple Users to make changes, I cannot touch root, either to delete it, or change its password. There is an interface for altering root, which we will look at in a bit. Multiple Users allows you to add, edit, or delete users. You must be an administrator to gain access to its features. Once inside the application, editing a user is fairly simple. As shown below, you can change the Name, Short Name, (the userid), the Password for the user, and decide if that user can be an administrator . If the user is an administrator, then their userid and password will unlock those settings panels and applications that can only be used by an administrator. Granting this privilege should not be done unless that person needs that kind of complete access.

The screen for creating a new user is identical to the edit user screen, except that when you open it, none of the fields are filled in. This discussion takes care of the common settings interfaces that you will use for Mac OS X. Our next step is to take a look at the less common interfaces for setting up Mac OS X, namely NetInfo and the Unix settings files.

NetInfo

NetInfo is the administrators tool for setting up not only individual OS X, OS X Server, and NeXT machines, but for configuring networks as well. It is an amazingly powerful tool, and used correctly, can make much of an administrator's job easier. Unfortunately, outside of the NeXT and Mac OS X (Server) community, NetInfo is hardly used at all, being superceded by products like Novell Directory Services, NIS+ from Sun, Active Directory from Microsoft, and LDAP. This is not to say that NetInfo isn't a capable tool, quite the contrary-it can easily match and in many cases beat the capabilities of these other systems. Since NetInfo is a minority player, Apple needs to do much more work on integrating NetInfo with these other systems, particularly NIS+ and LDAP, as these are the major players in the Unix world.

The application that administers NetInfo is the NetInfo Manager. When you first open it, you are presented with the root, or / view of localhost, which is Unix for the machine you are sitting at. If you have the proper privileges, you can also use NetInfo Manager to manage entire NetInfo network domains, but for this article, we'll stay on the local machine level.

As you can see above, the NetInfo Manager uses the same type of browser interface as the Finder. The / indicates the root level of the computer, analogous to the Computer level of the Finder. The middle pane shows the items that are controlled by the NetInfo manager, and although we won't cover all of them, some of them are worth discussing. First we should look at some of the items in Config, such as AppleFileServer and ntp. If we look at the AppleFileServer screen below, we can see that NetInfo does give us access to the settings we need, even if the interface leaves something to be desired.

To me, and admittedly I am not a NetInfo expert, or even a NetInfo power user, this is a mix of good and bad interface components. Good, because I have quick access to any setting that an AppleShareIP Server needs to have, and it's in a consistent GUI. Bad, because since there is no NetInfo Manager help in the Public Beta, I am forced to guess, at what are some of the settings. It may be obvious that the idle_disconnect_time should be talking about minutes, but it would be handy to have that made more obvious. Nonetheless, the NetInfo Manager does give me the features I need to set up this service on my Mac OS X machine. The guest_access setting is less obvious, but one would suppose that this setting uses a binary setting, since other settings in this pane dol, so for now, guest_access is turned off. Moving down, we can see that the idle disconnect settings for all users, regardless of level, is turned on as well. The activity_log_size is set to what I would guess to be around a megabyte in size, as if it were a kilobyte, then it would not be able to hold many entries. We can also see the login greeting for this machine, and what activities are logged. It is good to note that almost all activities are logged. If you did suspect someone has cracked your machine, good usage logs are some of the best ways to find out what is going on, and who is doing it.

The path where the activity log is kept is the next setting, and although mine is left at the default location, the wise administrator will change the default so that a cracker cannot alter the log to hide their tracks. The port used for AFP over TCP/IP is the next setting, which is needed if you want to set up a firewall to allow this protocol through the firewall. Moving down the list, the idle_disconnect appears to be turned off, a security weakness, were this an actual server. The reg_AppleTalk setting would appear to be the one to allow for straight AppleTalk to be used. As I have not yet confirmed this, I am leaving it alone. (This brings me to my next warning. If you don't know what a setting does in NetInfo, leave it alone. The NetInfo Manager is how you, as an administrator, can set up features on an Mac OS X machine that are not available in the conventional settings panels. It is also an easy way to send your Mac OS X machine into limbo at light speed. Any changes I have made in NetInfo Manager have only been made after I was sure that I knew what I was doing.) The final setting on this page that we look at is the register_NSL setting, which when turned on, as it is here, allows this machine to show up as an AppleShareIP server in the Network Browser application.

The other setting in config that we want to look at is the ntp setting. There isn't much here, but it does show you the relationship between the System Preferences and NetInfo. If you look back at the screenshot of the network time tab in the Date & Time control panel, you can see where I had manually entered a timeserver name. Looking at /Config/ntp setting below, we can see that the Date & Time control panel setting was automatically entered into NetInfo for us. Hopefully, Apple will continue to provide more intuitive interfaces for other NetInfo settings, limiting the amount of time non-administrators would need to spend here.

Another example of how the System Preferences set NetInfo parameters is the /localconfig/appletalk setting. This is what is set when you enter a machine name in the AppleTalk tab in the Network settings panel, as you can see next.

It's neat to see how Apple can make dealing with NetInfo more simple. What about things that aren't in the System Preferences, such as Network File System, NFS access? Since Mac OS X is based on Unix, and NFS is the standard way for Unix systems to share drives and directories across a network, how do you do that? Well, this is one place where NetInfo saves you from setting up NFS automounts by directly editing config files. As we can see in the example below, I have two NFS shares set to automatically mount when I log in to Mac OS X on my PowerBook.

The first parameter of each entry is the vstype, in this case NFS. This tells NetInfo what type of drive it's going to be mounting, as there are different ways of handling different types of mounts. The next parameter is dir, which is the local directory where the mounted drive should appear. This is where Mac OS X's Unix base shows up. In Unix, when you are going to mount a remote drive via NFS, you not only need to know the computer, and the partition you wish to mount, but you need to tell your computer where this remote mount should be attached to locally. In most cased, with OS X, you want this to be in a subdirectory of Network, which we saw in the earlier Finder screen shot. Now within Network, there is a folder called Servers, but only the system can alter that directory, so I have set all my mounts to be subdirectories of Network. In the example shown, I call it public, so the value for dir in this case is /Network/public. Note that creating it here does not create the actual directory. You still have to do that either via the Finder, or the command line. Although experienced Unix administrators will have no trouble with this, Mac administrators, may find this inconsistency will trip them up. Hopefully, a more coherent interface for managing NFS mounts in Mac OS X will show up as the final release date nears. The next parameter is the name of the remote computer and the path to the directory that I wish to mount. This follows the Unix convention of <machinename:/path>. In this example, the machine name is eighty-eight, and the directory I wish to mount is at the root of the system, and is named public, so the value for name is 'eighty-eight:/public'. The final value is opts, for options, and the only thing entered here is 'bg', which tells the system to mount this share in the background. Any other mounts are set up the same way, and so far, every time I log in, the mounts have been there.

This brings me to another inconsistency in Mac OS X, the way it handles different types of mounted drives. If I connect to an AppleShareIP server, the share shows up on the desktop, and goes away when I disconnect. Any NFS shares created in NetInfo Manager seem to be always mounted, even if the computer is not on the network, because a permanent directory is created so that the NFS share has something to attach to. If you are used to Unix, this is nothing unusual. However, in the Mac world, if you aren't attached to that share, it has no business existing at all on your machine. I actually like this better, as it is a clear way of notifying the user that this or that share is available for use. Hopefully, this will be fixed, either by Apple, or an enterprising third-party developer.

The next part of NetInfo that bears looking at is the /groups section. These are Unix user groups, similar to the groups you would set up in any network. The ones shown below are the standard groups that ship with Mac OS X. Of particular interest to the network administrator is the wheel group This is the group you are assigned if you are created as a user that can administer this machine, sys, which on a stock install has root as its only member, and admin, which also shows root as its only member. Groups are an important tool in Unix security, and can be a great help to an administrator if set up correctly. Conversely, they can also be a nightmare to an administrator if used incorrectly. As you can see, there are groups that are application/purpose-specific, such as www, mail, news, etc. This is so certain types of applications, (and with Unix, the word 'application' is used very loosely), can have the low-level access they need to function, without needing to operate as root. Remember, root should not be used lightly or often. (If it seems that I am really beating this with a stick, I am. I have seen too many networks standing on their heads with all kinds of arcane passwords for users, limiting login times, disk quotas, etc, only to be easily hacked because the administrators were constantly logging into the system as root, remote logins as root were allowed, and too many applications were running as root. The fact that Apple disables remote root login by default in Mac OS X is a good sign that they want it to have the same level of out of the box security as OS 9 does.)

The next part of NetInfo we look at is the /users section. This is where every user that is entered into multiple users shows up. The entry we are looking at is one I created for my son, Alex. It shows the information for his full name, and his login name. The home entry shows his home directory, /home/alex. The entry for _shadow_passwd is blank. From the information I could get on NetInfo off of the Internet, this is because NetInfo doesn't use shadow passwords, as they are less secure than NetInfo's method of storing passwords. The shell entry shows his default command line shell, should he choose to use it. It also shows his userid, 103, and his gid, or group ID, 20. Just like any other Unix, you can belong to more than one group, and the first number shown in the gid entry is the user's main group.

The sharedDirAlias is interesting, as it highlights the heavy use of XML in Mac OS X, along with how powerful XML can be. Some of the hacks starting to circulate that allow AirPort cards to function, for example, are nothing more than XML entries. Although it's hard to tell at this stage how much use of XML Apple is going to have in the final release, it's fairly extensive in the Public Beta. As an example, almost all your preference settings for Mac OS X are kept as .plist files, which are nothing more than XML files.

An example is the ApplePowerManagement.plist file, which is the where the Energy Saver control panel settings are stored:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist SYSTEM file://localhost/System/Library/DTDs/PropertyList.dtd">
<plist version="0.9">
<dict>
	<key>DisplaySleepTimeIsIndependent</key>
	<true/>
	<key>HardDiskSleepTimeIsIndependent</key>
	<true/>
	<key>MinutesUntilDisplaySleeps</key>
	<integer>0</integer>
	<key>MinutesUntilHardDiskSleeps</key>
	<integer>30</integer>
	<key>MinutesUntilSystemSleeps</key>
	<integer>0</integer>
</dict>
</plist>

This is a standard XML 1.0 file, with a custom DOCTYPE, referencing a DTD that sets up the parameters for a property list. The entries that follow are fairly easy to read as well. It shows that display and hard drive sleep times are independently set. The Display sleep is set to zero minutes, along with the system sleep time, and the hard drive time is set to 30 minutes. This is a case of a beta bug as well, since the entries for the hard drive and system sleep times are nicely reversed. I'm not too upset, because the power management issues are pointed out in the Read Me.

The final part of NetInfo Manager we should look at is the services. We will not alter anything here, but it is good for showing that Mac OS X does ship with the standard Unix services, or ability to run them, even if all are not enabled in the Public Beta. Available services like pop3, rje, smtp, syslog, talk, telnet, timed, uucp, snmp, and whois, point to Mac OS X being able to be a full-featured player in the Unix and networking worlds.

So How Does It Work?

Well, so far, quite well. The network speed is very fast, and a nice improvement over OS 9. As a test, I was able to achieve saturation speeds on a 100Mb Ethernet network for a 250MB file copy, and while that was going on, I was doing other transfers as well. The only slowdowns were due to network bandwidth limitations, not OS limitations. Web browsing, and FTP feel snappier than in OS 9. The ability to telnet into my Mac, and kill a process that was eating CPU was something to warm my administrator's heart. Even nicer was the OS telling me a process had been killed, but that everything was still okay.

From the Unix side of things, all the command line capabilities are there, and with the beta of XTools from Tenon sitting on my OS X box, and running Netscape on a Solaris box, and IDL on an SGI was just too sweet. It's a full Unix environment, and it works like one, and acts like one, both good and bad. Apple has just managed to make it better. All the low level Unix bits are there, including, /etc, /var, sendmail, and hostconfig, but you never have to see them if you don't want. In the two weeks of constant use, I've only been in the config files by choice, not by necessity. The System Preferences and NetInfo take care of that for you. In fact, thanks to NetInfo, many of the Unix config files aren't even used, but are there as a backup system. AppleScript is even there, although it is very rough as of yet. I plan to look heavily at that very soon.

The fact that Mac OS X gives you all of its power and features in a uniform, coherent interface is the most important part of the operating system. The Unix underpinnings, which are powerful and complete, are worth a look at in a second article. Aqua is more than more than pretty buttons and colors, it's a way of taking a powerful, yet obtuse OS, (Yes, Unix may be user friendly, but it's picky about who its friends are), and giving that power to everyone, not just the experts. There are things in Mac OS X that are no different than in X-Windows, Gnome, etc. The difference is, it's friendlier, and the OS tells you what is going on. The error messages are friendlier than OS 9's and far more friendlier than standard Unix. It does what it is supposed to do, and for the most part gets out of your, (well at least my), way while doing it. Yes it looks and acts different, but at heart, it's still the Mac OS, just in better shape, and with a new suit. Its kind of like Steve Austin after the bionics, faster, stronger, better.

Well, we covered a lot, and there's a lot to go. I didn't get to Classic, as that isn't something that is workable for me right now, and it's also been covered in depth. I only touched lightly on the Unix underpinnings, as I just haven't had a lot of time to really play with them. Hopefully, you have a better idea of how and maybe even why some of Mac OS X works the way it does. Remember, a lot of this can, and possibly will change, so if I seem to have avoided certain areas, that's why. Also, there is not a lot of administration-type documentation, which is a weakness with a lot of Apple products. OS X Server is a prime example. The Mac OS X Admin list from Omni Group is a better source of information than Apple for that product, and that's not right. Mac OS X is a product that is going to open up too many doors for Apple to be lackadaisical with Administration documentation. Whatever mistakes Microsoft and IBM make, they have always made sure the people running their products have really excellent support, as well as the people creating product for them. In Apple's defense, they do have the correct attitude, and with a little more documentation, they can make sure that the admins of the world are as well prepared for this OS as the developers.

In any event, Mac OS X is sure to be a wild ride between now and the full release, and this is only the first of many articles that you'll see in MacTech to help you make the ride as smooth as possible.

Bibliography and References

While I have no printed sources as such, I have to thank many sources, namely the folks on the OS X — admin list, who provided the NFS mounting information, Chuck Goolsbee's Mac — Manager list, MacFixIt, and all the moderators, and regular posters who make that such a useful sight, Dave Every of MacKiDo who has explained much about interfaces and other such technical things in a clear concise manner, Cal Simone, and Sal Soghoian, who helped me see that AppleScript was even more powerful than even I thought, especially in OS X, and many, many folks at other companies who will remain nameless, but have, without breaking any rules, managed to point me in the right direction time and time again.

John Welch <jwelch@aer.com> is the Mac and PC Administrator for AER Inc., a weather and atmospheric science company in Cambridge, Mass. He has over fifteen years of experience at making computers work. His specialties are figuring out ways to make the Mac do what nobody thinks it can, and showing that the Mac is the superior administrative platform.