Tuesday, March 12, 2013

Mountain Lion Recovery Partition Disk Utility Drive Repair - Unlock the Encrypted Drive with Admin Password

Even after I figured this out I couldn't find Apple's documentation on this. (Yeah, worrisome.)

I first noticed a problem after attempts to run VirtualBox on my 128GB SSD MacBook Air. We first tried a Win7 .vbox and ran into some network issues, then I tried a smaller sized XP .vhd image. The latter worked, though getting VirtualBox to use the .vhd was a bit odd; I think I did better ignoring the few web references I could find and simply telling VB to create a new XP image then selecting the .VHD when asked for drive.

After that process I checked available disk space, and the Finder said I had a 120GB drive with 228GB available.

Uh-oh.

So I ran Disk Utility and found I had about 58GB free but my drive was corrupted due to "incorrect number of file hard links". DU told me to boot into the ML Recovery Partition and run Disk Repair.

When I did that though, my OS drive appeared grayed out. I could see other non-gray items I could "repair" but that did nothing.

So why was it grayed out?

My guess was encryption. Even so, Google was no help. I did see that the Disk Utility toolbar had a new icon however, one called, I think, Unlock. I clicked on it and was invited to enter a password -- but not, curiously, a user name. I entered my admin pw and that worked. (This smells like a security hole btw -- not asking the un is weird. I suspect I could have turned off File Vault encryption first and avoided this mystery.)

After I did that my system drive was no longer grayed out. I ran Disk Utility repair and it said the drive was better; I ran verification twice to check.

On restart, however the Finder still has the wrong amount of Free Space -- though now Disk Utility says the drive is fine.

So I'm not entirely happy. But at least I've documented how Disk Utility Unlock works from the recovery partition.

Update: The VirtualBox VHD thinks it has a 127GB hard drive. Disk Utility says I have 69GB free. I'm suspicious that a hard link in the Virtual Box is messing up the Finder, but I can't find anything on this...

at 1 comment:
Labels:

Tools for diagramming and sketching on Windows


Windows is a broken and barren desert of malware and spyware, but I still need to work in it. Alas, I can't switch at work (yet).

So, when I'm looking for better ways to diagram and sketch, I can't choose from the rich world of Mac alternatives, much less from iOS tools. I need something that will work on Windows -- or on a web platform our corporate software doesn't block (alas, Evernote).

I'm working on my options, but fwiw here's a list I'm assembling. I'll update it with whatever I like, while striking out those I've considered and eliminated.

Windows 
  • OneNote 2010: popular, but tied to Office
  • SnagIt Editor
  • PowerPoint: Too awkward to just use for diagrams.
  • Visio: Expensive, clumsy, overpowered, relearning curve with infrequent use.
Web
Mac/Win
at No comments:
Labels: ,

Apple's iCloud control panel enables iCloud Contacts within corporate Outlook

iCloud support is limited to relatively new Macs able to at least run Lion. Practically speaking, Mountain Lion.

Apple is kinder to the Windows world. The iCloud Control Panel will run on Outlook 2007 or later on any old OS.

I suppose they don't have the same sales incentives on the Windows platform. In any event, it seems to work very much like the old MobileMe Control Panel, at least when it comes to Contacts. I installed it on a Win 7 laptop running Outlook 2007 that syncs to Exchange Server and I now have full access to my iPhone/Mac Contacts.

It works by creating a new account, separate from the Exchange account. There are few install options -- you have to sync Calendar, Contacts and Reminders (but not Notes). Just like MobileMe [2] (I suspect some shared code). It also creates an IMAP account.

I had some glitches on installation and had to fiddle with restarting both the Control Panel and Outlook 2007, but now it seems stable. I didn't want the IMAP service so I canceled out of the credentials prompt and deleted the IMAP account.

There's no way to turn off Reminders, so I now sync my iPhone reminders in some puzzling ways -- basically via ActiveSync/Exchange for one set of reminders, via this method for the iCloud set. Weird.

Contacts is what I was interested in and it seems to work. Since Outlook allows only one Group per Contact, and iCloud allows many [1] there are potential problems related to Group assignment. In the case of MobileMe this didn't seem to break anything.

It's great to have all my Contacts at hand, and to able to quickly add to them. As an extra bennie, I get to use Outlook's Contact views. They are old and complex, but they are far more powerful than anything Apple gives me.

[1] Group relationships are kind of messed up between iOS and OS X, but Apple has bigger problems.
[2] At one time MobileMe Control Panel could work with Outlook/Exchange, but then it coulnd't -- which made things hard. This version can, perhaps because it creates a new local account.
at No comments:
Labels: , , , , ,

Sunday, March 10, 2013

Aperture: You can drag and drop Inspector attributes (fields, metadata labels) to rearrange their sort order

I discovered this by accident. Once I discovered it, I did find a bit of documentation. In the Help file, under "rearrange the metadata fields in a metadata view" it says you can drag the metadata labels around to change their sort order - like this:

Screen Shot 2013 03 10 at 8 01 35 PM

I've long been annoyed by the default field order, but I had no idea I could fix it.

This helps.

Damn, but I do miss iPhoto's ability to click and quickly edit version names.

at No comments:
Labels: ,

Tuesday, February 26, 2013

Mountain Lion sharing and permissions: two things I didn't know

Didn't know, or forgot:

  • If you option click the permissions add icon, you can add permissions for System and the like but not Wheel.
  • The Groups defined in Contacts can be used to add permissions to sets of users. I think that's probably as old as OS X, but I forget it. It's odd because Apple seems otherwise to have forgotten Contact Groups exists. I wonder how it works ...
at No comments:
Labels:

Saturday, February 23, 2013

Executing sudo as a non-admin user in macOS (OS X) and fixing "getcwd: cannot access parent directories" error

This is a weird one.

According to what I read online and in the Man pages, I should also be able to do something like this (where Fred is Admin account):
sudo -u Fred ls
That should ask for Fred's password then execute ls with Fred's privileges.

Except it doesn't. It runs against my non-admin account and fails. As though it were ignoring the -u flag. Instead I have to run
su Fred
to execute as Fred, then run sudo. [I think that su Fred sudo -u Fred ls should also work.]

I can't find anyone else who complains about this, so I assume I'm doing something wrong.
Note to test this you have to run from a non-admin account.

Update 8/23/2016: I can't get sudo to work at all in El Capitan for a non-admin users. Says: "error retrieving current directory: getcwd: cannot access parent directories: Permission denied."

Update 5/27/2018: I finally tried this in a different non-admin account. It works in Sierra in other accounts. So it wasn't El Capitan that broke this, it was something I did to my 18yo user account.

This is what I would see:
John-Air:~ myaccontname $ su Kateva
Password:
shell-init: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
bash-3.2$ ls
ls: .: Permission denied
bash-3.2$
I searched around SuperUser for a while and got some hints. I deleted every user account Bash preference I could find. That didn't do anything. I repaired MacOS Sierra permissions using Onyx.app -- but as with every other time I'ver repaired permissions that produced many changes but no results. (It doesn't act on user folders.)

Eventually I realized the most likely explanation was the simplest one -- I'd somehow messed up permissions on the default account for Bash. By experimenting on my "good" non-admin user account I realized Bash default directory is the User account. So I compared User Account permissions and found this:



The problem directory was readable by 'everyone' but not by 'staff'. You'd think that 'everyone' would work ... but read this and weep. macOS permissions are a disaster. Don't even think about ACLs. It's a sign of the end-times really.

I couldn't see how to restore Staff. In the old days there was a utility for this, but that's long gone. Somewhere I found this advice to restore staff:
sudor chown $UID:staff /path/to/folder/modified/
chmod 644 !$
I ran it and staff was restored. When I logged back into my user account I was told macOS had to do something to enable me to run Applications! I entered my admin credentials and was asked again ... and again ... then I gave up and logged out. I logged back in and things .... seemed ... fine.

Now su works as it should.

at 2 comments:
Labels:

Facebook's parental monitor page - aka Activity Log

For the moment, until the next state mandated revision, Facebook has a Page I can use to track #1 son's Facebook activity with a URL of the form <https://www.facebook.com/first_name.last_name.2345/allactivity>. [3]

It's currently called the 'Activity Log', if you poke around you can currently find it under 'Privacy Shortcuts' (lock icon by user name in title bar) / "See More Settings" / "Privacy". Look under "Privacy Settings and Tools" for the wee link 'Use Activity Log' [6].

As far as I know it's not intended for this purpose [4]; it's designed for users to edit their visible timeline [1] . It does, however, list most of the account owners save pages visited. There's a long list of activities including Posts, tags, hidden posts, likes, comment, friends, games, following, and, most critically for this purpose, Search. [2]

So the Activity Log is a very valuable resource for a parent or guardian who wants to track their 13+ [4] child, either because this is an exceedingly good idea or because they are that kind of parent or both [5]. A parent might, for example, schedule a weekly review of the Activity Log...

 - fn -

[1] You can hide and delete posts and change post dates. It's also available for Pages and supports viewing scheduled posts.

[2] It doesn't, however, show pages visited by link. It is, incidentally, a nice summary of a fraction of the information Facebook uses to sell you.

[3] Activity Log came with timeline, but I was unaware of it until today. It's available on Facebook.app for iOS as well.

[4] But it may be designed for this purpose. Facebook wants to support accounts for childre under 13 and this could be a part of any future support.

[5] If you can't figure out why this might be a good idea for some children and adults you have much to learn.

[6] Yes, that's mine - but if you can see it then I have a problem :-).

See also:

at No comments:
Labels: , ,
Subscribe to: Posts (Atom)