Monitoring and Administering a Network

In addition to the tools you need to configure and start various network services, such as file sharing or FTP, Mac OS X includes tools you can use to monitor and administer your network. Two of these are the Network Utility, which enables you to diagnose your network connections, and NetInfo Manager, which provides comprehensive control over many aspects of a Mac OS X machine.

Using the Network Utility to Assess Your Network

The Network Utility provides a set of tools you can use to assess the condition of communication across machines on your network as well as a set of tools to enable you to get information about various sites on your network and on the Internet.

When you launch Network Utility (Applications/Utilities), you will see a window with eight tabs, one for each service that the application provides (see Figure 25.10).

Figure 25.10. Ping is a useful way to test your connection to another machine (in this case, I pinged


Table 25.2. Tabs in the Network Utility Application
Tab Function
Info Provides information about the selected network interface.
Netstat Presents various statistics about the performance of the different network protocols.
Ping Contacts a specific server to assess network performance.
Lookup Provides various information about a specific Internet address.
Traceroute Traces a specific route between machines and provides statistics about that route, such as the maximum number of hops needed.
Whois Enables you to look up information about a domain or IP address such as whom it is registered to.
Finger Reports information about a specific individual based on the person's e-mail address.
Port Scan Enables you to scan for open access ports on a specific domain or IP address.

Covering each of these services in detail is beyond the scope of this chapter, but the next couple of examples should be helpful in getting you started.

Checking Network Connections with Ping

Troubleshooting network problems can be difficult because it can be hard to identify where the source of the problem is; for example, with the machine you are using, with the machine you are accessing, with an application, and so on. Ping is a way to check on the fundamental communication between two machines. If the ping is successful, you know that there is a valid communication path between two machines. If it isn't, you know that there is a fundamental problem with the communication between the machines, and this helps you know where to troubleshoot.

To ping a machine, perform the following steps:

  1. Open the Network Utility and click the Ping tab.

  2. Enter the IP address or URL for the machine you want to ping.

  3. Click Ping.

Watch the results in the lower part of the window. You will see your machine attempt to communicate with the machine whose address you entered. If they are able to successfully communicate, you will see statistics about how fast the pings are taking (see Figure 25.10). If the ping is successful, you know that the communication path between the machines is valid. If not, you know that you have a fundamental connection problem.

Tracing a Route with Traceroute

Sometimes looking at the specific route between two machines can help you identify the source of problems you might be having.

  1. Open the Network Utility and click the Traceroute tab.

  2. Enter the domain name or IP address to which you want to trace a route, and click Trace. The window will be filled with information that shows you each step of the path from your machine to the one whose information you entered (see Figure 25.11).

    Figure 25.11. This Traceroute window shows the path from my machine to


Understanding and Setting Permissions

Access to items on your Mac OS X machine, whether from the machine directly or over a network, is determined by the access privileges that are set for those items. There are three levels of access privilege that can be set for any item; these are the following:

  • Owner

  • Group

  • Others

The owner is the owner of the item.

The group is a set of users. By default, Mac OS X includes a number of groups for which various permissions are assigned to different volumes and directories. Many of these default groups will look odd, and some are even nonexistent (you will see Members of group "").

Others includes those users who are neither the owner nor members of a group.

For each level of access, there are four access options:

  • Read & Write This is the broadest level of access and lets the user to whom it is assigned read and write to the item to which it is assigned.

  • Read only This privilege lets a user see items in a directory, but not change them.

  • Write only (Drop Box) With this privilege, a user can place items into a directory, but can't see the contents of that directory.

  • No Access The user can't do anything with the item.

If you open the Info window for an item and expand the Ownership & Privileges area, you will see the current access privileges for the item for the owner, group, and others. For example, Figure 25.12 shows the Privileges information for the volume on which Mac OS X is installed, whereas Figure 25.13 shows similar information for a folder within the logged-in user's Home directory.

Figure 25.12. This Info window for the startup Mac OS X volume shows that only the owner and group can modify it.


Figure 25.13. This Info window is for the Documents folder within a user's Home directory; its pop-up menus are active and you can use them to set access privileges for the item.


There are several things you need to know about the Privileges information shown in the Info window.

First, unless you are logged in under the root account, you can't use the pop-up menus to change the Privileges assigned to items on the Mac OS X startup volume above a particular user's Home directory?this even includes when you are logged in under the Administrator account. However, when you open the Privileges pane of the Info window for an item on another volume or within a user's Home directory, the pop-up menus become active and you can use them to change the privileges for the item.

Second, the groups you see in the Info window are default groups created when you installed Mac OS X. The user accounts that are members of these groups can access the item with the group's privileges. You can't change the members of those groups from the Finder; you have to use the NetInfo Manager application, as you will see in the next section.


Under previous versions of the Mac OS, you configured groups using the File Sharing control panel and the Sharing pane of the Info window. Accomplishing the same tasks under Mac OS X is a bit more complicated.

To be able to configure access privileges for most items, you will need to be logged in as an Administrator or you have to authenticate yourself in the Info window. To do so, click the Lock icon and enter an Administrator username and password.

To set the access privileges for all items, perform the following steps:

  1. Log in under the account that is the owner for the items for which you want to change access privileges. For example, to change the access privileges for the items in a user's Home directory, log in under that user account. (Remember that you can see the owner for any item by opening the Privileges pane of the Info window for that item.)


    The owner for most items you will see is the original Administrator account. The owner of items with the user directories is the user account for that directory. The owner of system items is "system," which is actually the root account.

    To learn how to log in under the root account, see "Logging In As Root," p. 206.

  2. Select the item for which you want to set permissions and press graphics/symbol.gif+I.

  3. Expand the Ownership & Permissions section in the Info window.

    Use the access privilege pop-up menus to set the access privileges for each type of user. Different pop-up menus are active depending on the specific item for which you are setting access permissions and the user account you are using. If you aren't in a position to change an aspect of the permissions, the pop-up menus for that aspect will be disabled.

  4. If the Owner pop-up menu is active, use it to set the owner of the item. When you open this menu, you will see each user account on the machine plus a bunch of other user accounts you probably have not seen before. The only ones you need to concern yourself with are system, which is the root account, or nobody, which makes no account the owner of an item. The current user account is indicated by the text "(Me)" next to the user account name.

  5. Use the Owner Access pop-up menu to configure the access that the owner has to that item. Typically, the owner of an item is granted Read & Write access, which is the broadest access possible.

  6. Open the Group pop-up menu and assign a group to the item. As with the Owner pop-up menu, you will see all sorts of odd-looking groups on the Group pop-up menu. The staff group is selected for many items by default?you will be a member of this group. The other groups you see have been created by default or by using the NetInfo Manager application. You can determine the members of the groups by using this application as well.

  7. Use the Group Access pop-up menu to configure the access that members of the group will have to the item. Usually, you will allow Read access for a group.

  8. Use the Others pop-up menu to set the access that everyone else (everyone who is not the assigned owner or a member of the assigned group) has. Typically, you will allow either None or Write only (Drop Box) to others.

  9. If you want the same privileges to apply to every item contained in the item you selected, click the button labeled Apply to enclosed items. The same set of permissions will be applied to every item contained in the current item.

  10. Continue setting privileges for other items as needed.


Under Mac OS X, version 10.2, you can open multiple Info windows at the same time. This is a handy way to compare and contrast the permissions provided for different items.

Using NetInfo Manager to Administer Your Network

The NetInfo Manager application (Applications/Utilities) can be used to view and change an extensive amount of configuration information for a system. The application presents information based on a selected directory; by default, this is the information for the localhost directory, which is the machine on which Mac OS X is installed.


Using the NetInfo Manager application is not for the faint of heart. The information it presents and the controls that it provides are quite complicated and can also be quite dangerous to your system. This section can only scratch the surface of this application, and you should be a bit careful if you explore the application on your own.

When you open the application, click the Lock icon and enter your Administrator account information to enable changes to be made. You will see a two-paned window with some tools across its top (see Figure 25.14).

Figure 25.14. This NetInfo Manager window shows information for the base level of the localhost machine.


Networks and Complexity

As you explore networking, you might find yourself thinking that Mac OS X is much more complicated and less intuitive to set up and manage than were previous versions. If you have these thoughts, I agree with you. Although under Mac OS 9, it is quite simple to set up users and groups and apply permissions to specific items to enable file sharing for anyone on the network, the same tasks aren't so easy under Mac OS X. And under previous versions of the OS, you never had to deal with anything approaching the complexity of the NetInfo Manager application.

This complexity is part of the price paid for the additional capabilities and security of Mac OS X when compared to previous versions of the OS. Mac OS X is based on Unix, and the complexity of Unix comes to the forefront more in some specific areas of the OS than in others. And networking is a prime example of where Unix really moves to the foreground. Fortunately, as you have seen, it is relatively simple to use the default configuration to provide basic services, such as file sharing, Web sites, and so on. It is only when you are doing more complex tasks, such as changing the composition of the default user groups, that you have to get face-to-face with Unix.

In the upper pane, you see a browse window that works similarly to a Finder window in the Columns view. In the center column, you can browse the contents of an item selected in the left column. Similarly, in the far-right column, you can browse the contents of an item selected in the center column.

In the lower pane, you see the details for the item you have selected in the upper pane. The specific details you see are related to what you have selected in the upper pane. For example, in Figure 25.15, you see the details for the user account mmiser?selected in the upper pane?in the lower pane of the window.

Figure 25.15. You can use the NetInfo Manager to view and change information about the items you select.


When you have selected an item, you can change its information by editing the property and value data in the lower pane of the window.

NetInfo Manager is an extremely powerful utility, and you can administer many parts of your system with it. Because of space limitations, I can't cover it in much detail. However, a sample task will show you how it works in general.

You can change the members of a group through which access privileges are assigned by changing the members in that group. For example, you can add members to the group admin to change which user accounts have Administrator privileges on your machine.

  1. Open the NetInfo Manager application (Applications/Utilities).

  2. Authenticate yourself as an Administrator by clicking the Lock icon and entering an Administrator username and password.

  3. In the center column of the window, click groups and then select admin in the right column. In the lower pane, you will see the various properties and their corresponding values.

  4. Click the Expansion triangle next to the users property to expand it (see Figure 25.16). You will see each member listed on a separate line. If you have created only one Administrator account, you will see that account and the root account in the list.

    Figure 25.16. Expanding the users property by clicking its Expansion triangle will reveal the members of the admin group (in this case, root and bmiser).


  5. Choose Directory, New Value. A new line will be added to the users property; the value will be "new_value."

  6. With the new value highlighted, change it to the short name of the user account that you want to make a member of the admin group; then press Return.

  7. Repeat the steps to add other members to the admin group.

  8. Quit the application; in the Quit dialog box, click Review Unsaved and then click Save in the Warning dialog box.

  9. In the next dialog box, click the Update this copy button.


If the changes you make don't appear to be reflected, restart Mac OS X. This will force the new values to be implemented.


You can make copies of directories so that you can make changes to one and use it without writing over the previous version. This gives you a way to recover in case you mess something up.

The users you added to the admin group will have the privileges for this group. If you open the Accounts pane of the System Preferences utility, you will see that the user account you added to the admin group is now designated as an Administrator account.

You can change the members of other groups you encounter in the same way.


Of course, it would be a lot faster to use the Accounts pane of the System Preferences utility to edit a user account to make it part of the admin group, but this example serves to show you generally how the NetInfo Manager application works. To change the members of other groups, you have to use the NetInfo Manager application, and you can do so using the same steps as those to change the members of the admin group.

Using iChat to Communicate with Others on Your Network


Version 10.2 of Mac OS X introduced the iChat application. This application is designed to enable you to use instant messaging to communicate with other people, such as those who use AOL Instant Messenger. Because of space limitations, I don't cover using iChat for instant messaging in this book. However, iChat can be used to quickly communicate with users on your network who use Rendezvous-enabled computers. This capability can come in very handy.

To use iChat for instant messaging even over the Internet, a user must have a .Mac or AOL account. However, a user does not need one of these accounts to communicate via Rendezvous.

First, configure iChat to communicate via Rendezvous:

  1. Open the iChat application (use the icon on the Dock or open the Applications folder). You will be prompted to enter your user information, such as your .Mac account information. This enables you to use iChat instant messaging.

  2. Enter your .Mac information. If you don't have a .Mac account, just enter your first and last name. You will be prompted to turn on Rendezvous messaging.

  3. Click Yes to enable it. You will move to the iChat application and will see two windows. The Rendezvous window enables you to communicate over the network, and the Buddy List window enables you to communicate over the Internet using instant messaging. In the Rendezvous window, you will see the users who are currently available for messages (see Figure 25.17).

    Figure 25.17. This window shows that one person is available for chatting over Rendezvous.


To send a message to a user on your network, carry out the following steps:

  1. In the Rendezvous window, double-click the person with whom you want to communicate. The Instant message window will appear.

  2. Enter your message in the message line. The message will appear on the recipient's computer.

The person with whom you communicate can reply to your message. If the recipient does reply, you will see the reply in the window with the person's name as its title (see Figure 25.18).

Figure 25.18. Replies you receive to your messages appear in threads in the person's window.



If people on your network don't show up in the Rendezvous window, see "I Can't Communicate with Others on My Network" in the Troubleshooting section at the end of this chapter.

    Part I: Mac OS X: Exploring the Core
    Part III: Mac OS X: Living the Digital Lifestyle