Monitoring and Administering a Network

In addition to the tools you need to configure and start various network services, such as file sharing or FTP, Mac OS X includes tools you can use to monitor and administer your network. Two of these are the Network Utility, which enables you to diagnose your network connections, and the NetInfo Manager, which provides comprehensive control over many aspects of a Mac OS X machine.

Using the Network Utility to Assess Your Network

The Network Utility provides a set of tools you can use to assess the condition of communication across machines on your network as well as a set of tools that enable you to get information about various sites on your network and the Internet.

When you launch the Network Utility (Applications/Utilities), you see a window with nine tabs, one for each service the application provides (see Figure 26.13).

Figure 26.13. Ping is a useful way to test your connection to another machine (in this case, I pinged


Table 26.2 summarizes the tabs in the Network Utility application.

Table 26.2. Tabs in the Network Utility Application




Provides information about the selected network interface. For example, you can get the IP address, connection speed, connection status, and hardware information. You also see the statistics about the transfers over the selected interface.


Presents various statistics about the performance of the various network protocols. To access this data, select the Netstat tab, choose one of the options by selecting a radio button, and click Netstat. The data appears in the Netstat pane.


Provides information about active AppleTalk services on the machine.


Contacts a specific server to assess network performance.


Provides various information about a specific Internet address. For example, you can enter a URL and get the IP address for that site.


Traces a specific route between machines and provides statistics about that route, such as the maximum number of hops needed.


Enables you to look up information about a domain or an IP address, such as to whom it is registered.


Reports information about a specific individual based on the person's email address.

Port Scan

Enables you to scan for open access ports on a specific domain or IP address.

Covering each of these services in detail is beyond the scope of this chapter, but the next couple of examples should be helpful in getting you started.

Checking Network Connections with Ping

Troubleshooting network problems can be difficult because identifying where the source of the problem is can be hard?for example, with the machine you are using, with the machine you are accessing, with an application, and so on. Ping is a way to check on the fundamental communication between two machines. If the ping is successful, you know that a valid communication path exists between two machines. If it isn't successful, you know that a fundamental problem exists with the communication between the machines, and this helps you know where to troubleshoot.

To ping a machine, perform the following steps:

  1. Open the Network Utility and click the Ping tab.

  2. Enter the IP address or URL for the machine you want to ping.

  3. Click "Send an unlimited number of pings" to send a continuous number of pings, or click "Send only ___ pings" and enter the number of pings if you want to send a specific number.

  4. Click Ping.

Watch the results in the lower part of the window. You can see your machine attempt to communicate with the machine whose address you entered. If they are able to successfully communicate, you see statistics about how fast the pings are (refer to Figure 26.13). If the pings are successful, you know the communication path between the machines is valid. If not, you know you have a fundamental connection problem between the two machines.

Tracing a Route with Traceroute

Sometimes looking at the specific route between two machines can help identify the source of problems you might be having:

  1. Open the Network Utility and click the Traceroute tab.

  2. Enter the domain name or IP address to which you want to trace a route, and click Trace. The window is filled with information that shows each step of the path from your machine to the one whose information you entered (see Figure 26.14).

    Figure 26.14. This Traceroute window shows the path from my machine to


Understanding and Setting Permissions

Access to items on your Mac OS X machine, whether from the machine directly or over a network, is determined by the access privileges set for those items. Three levels of access privilege can be set for any item; these are the following:

  • Owner

  • Group

  • Others

The owner is the owner of the item.

The group is a set of users. By default, Mac OS X includes several groups for which various permissions are assigned to different volumes and directories. Many of these default groups look odd, and some are even nonexistent (you see Members of group "").

Others includes those users who are neither the owners nor members of a group.

Each level of access has four access options:

  • Read & Write? This is the broadest level of access and lets the user to whom it is assigned read and write to the item to which it is assigned.

  • Read only? This privilege lets a user see items in a directory but not change them.

  • Write only (Drop Box)? With this access, a user can place items in a directory but can't see the contents of that directory.

  • No Access? The user can't do anything with the item.

If you open the Info window for an item and expand the Ownership & Permissions area, the current access permissions for the item are shown. If you expand the Details area, the current permissions set for the owner, group, and others are displayed. For example, Figure 26.15 shows the Permissions information for the volume on which Mac OS X is installed, whereas Figure 26.16 shows similar information for a folder within the logged-in user's Home directory.

Figure 26.15. This Info window for the startup Mac OS X volume shows that the current user (You can) can read and write to the selected volume; the system admin and anyone in the admin group has the same access.


Figure 26.16. This Info window is for the Documents folder within a user's Home directory; its pop-up menus are active and you can use them to set access permissions for the item.



To change permissions, click the Lock icon next to the Owner pop-up menu. When the Lock icon is unlocked, the pop-up menus become active.

There are several things you need to know about the Ownership & Permissions information shown in the Info window.

First, unless you are logged in under the root or administrator account, you can't use the pop-up menus to change the permissions assigned to items on the Mac OS X startup volume above the current user's Home directory. However, when you open the Ownership & Permissions area of the Info window for an item on another volume or within a user's Home directory, the pop-up menus become active and you can use them to change the privileges for the item.

Second, the groups you see in the Info window are default groups created when you install Mac OS X. The user accounts that are members of these groups can access the item with the group's privileges. You can't change the members of those groups from the Finder; you have to use the NetInfo Manager application, as you will see in the next section.

To configure access privileges for most items, you need to either be logged in as an administrator or authenticate yourself in the Info window. To do so, click the Lock icon and enter an administrator username and password.

To set the access privileges for all items, perform the following steps:

  1. Log in under the account that is the owner of the items for which you want to change access permissions. For example, to change the access permissions for the items in a user's Home directory, log in under that user account. (You can see the owner for any item by opening the Details area of the Ownership & Permissions area of the Info window for that item.)


    The owner for most items you will see is the original administrator account. The owner of items with the user directories is the user account for that directory, and the owner of system items is system, which is actually the root account.

    To learn how to log in under the root account, see "Logging In As Root," p. 236.

  2. Select the item for which you want to set permissions and press graphics/mac.gif-I.

  3. Expand the Ownership & Permissions section in the Info window and then expand the Details section.

    Use the access permission pop-up menus to set the access privileges for each type of user. Different pop-up menus are active depending on the specific item for which you are setting access permissions and the user account you are using. If you aren't in a position to change an aspect of the permissions, the pop-up menus for that aspect are disabled.

  4. If the Owner pop-up menu is active, use it to set the owner of the item. When you open this menu, you see each user account on the machine plus several other user accounts you probably have not seen before (see Figure 26.17). The primary ones you need to concern yourself with are system, which is the root account, and nobody, which makes no account the owner of an item. The current owner is indicated by a check mark.

    Figure 26.17. You can use the Owner pop-up menu to set the owner for an item.



    If you select Other on the Owner pop-up menu, you see the User Listing dialog box, which shows every user on your machine.

  5. Use the Access pop-up menu under the Owner pop-up menu to configure the access the owner has to that item. Typically, the owner of an item is granted Read & Write access, which is the broadest access possible.

  6. Open the Group pop-up menu and assign a group to the item. As with the Owner pop-up menu, all sorts of odd-looking groups appear on the Group pop-up menu. The staff group is selected for many items by default?you are a member of this group. The other groups you see have been created by default or by using the NetInfo Manager application. You can determine the members of the groups by using the NetInfo Manager application as well.

  7. Use the Group Access pop-up menu to configure the access that members of the group you selected in the previous step have to the item. Usually, you should allow Read access for a group.

  8. Use the Others pop-up menu to set the access everyone else (everyone who is not the assigned owner or a member of the assigned group) has. Typically, you allow either None or Write only (Drop Box) to others.

  9. If you want the same privileges to apply to every item contained in the item you selected, click the button labeled "Apply to enclosed items." The same set of permissions are then applied to every item contained in the current item.

  10. Continue setting permissions for other items as necessary.

Under Mac OS X, you can open multiple Info windows at the same time. This is a handy way to compare and contrast the permissions provided for different items.

Using the NetInfo Manager to Administer Your Network

The NetInfo Manager application (Applications/Utilities) can be used to view and change an extensive amount of configuration information for a system. The application presents information based on a selected directory; by default, this is the information for the localhost directory, which is the machine on which Mac OS X is installed.


Using the NetInfo Manager application is not for the faint of heart. The information it presents and the controls it provides are complicated and can be quite dangerous to your system. This section can only scratch the surface of this application, and you should be careful if you explore the application on your own.

When you open the application, click the Lock icon and enter your administrator account information to enable changes to be made. A two-paned window with a toolbar appears (see Figure 26.18).

Figure 26.18. This NetInfo Manager window shows information for the base level of the localhost machine.


Networks and Complexity

As you explore networking, you might find yourself thinking that Mac OS X is much more complicated and less intuitive to set up and manage than previous versions. If you have these thoughts, I agree with you. Although under Mac OS 9, setting up users and groups and applying permissions to specific items to enable file sharing for anyone on the network is easy, the same tasks aren't so easy under Mac OS X. And under previous versions of the OS, you never had to deal with anything approaching the complexity of the NetInfo Manager application.

This complexity is part of the price paid for the additional capabilities and security of Mac OS X when compared to previous versions of the OS. Mac OS X is based on Unix, and the complexity of Unix comes to the forefront more in some specific areas of the OS than in others?networking is a prime example of where Unix really moves to the foreground. Fortunately, as you have seen, using the default configuration to provide basic services, such as file sharing, Web sites, and so on, is relatively easy. It is only when you are doing more complex tasks, such as changing the composition of the default user groups, that you have to get face-to-face with Unix.

In the upper pane is a browse window that works similarly to a Finder window in the Columns view. In the center column, you can browse the contents of an item selected in the left column. Similarly, in the far right column, you can browse the contents of an item selected in the center column.

In the lower pane are the details for the item you have selected in the upper pane. The specific details you see are related to what you have selected in the upper pane. For example, Figure 26.19 shows the details for the user account mmiser?selected in the upper pane?in the lower pane of the window.

Figure 26.19. You can use the NetInfo Manager to view and change information about the items you select.


When you have selected an item, you can change its information by editing the property and value data in the lower pane of the window.

NetInfo Manager is an extremely powerful utility, and you can administer many parts of your system with it. Because of space limitations, I can't cover it in much detail. However, a sample task will show you how it works in general.

You can change the members of a group through which access privileges are assigned by changing the members in that group. For example, you can add members to the group admin to change which user accounts have administrator privileges on your machine:

  1. Open the NetInfo Manager application (Applications/Utilities).

  2. Authenticate yourself as an administrator by clicking the Lock icon and entering an administrator username and password.

  3. In the center column of the window, click groups and then select admin in the right column. The lower pane displays the various properties and their corresponding values.

  4. Click the Expansion triangle next to the users property to expand it (see Figure 26.20). Each member is listed on a separate line. If you have created only one administrator account, that account and the root account appear in the list. If you have created more than one administrator account, each administrator account and the root account appear.

    Figure 26.20. Expanding the users property by clicking its Expansion triangle reveals the members of the admin group (in this case, root, bmiser, and mmiser).


  5. Select Directory, New Value. A new line is added to the users property; the value is new_value.

  6. With the new value highlighted, change it to the short name of the user account you want to make a member of the admin group; then press Return.

  7. Repeat the steps to add other members to the admin group.

  8. Quit the application. In the Quit dialog box, click Review Unsaved, and then click Save in the Warning dialog box.

  9. In the next dialog box, click the "Update this copy" button.


If the changes you make don't appear to be reflected, restart Mac OS X to force the new values to be implemented.


You can make copies of directories so you can make changes to one and use it without writing over the previous version. This gives you a way to recover in case you mess something up.

The users you added to the admin group now have the privileges designated for this group. Opening the Accounts pane of the System Preferences application shows that the user accounts you added to the admin group are now designated as administrator accounts.

You can change the members of other groups you encounter in the same way.


Of course, it would be a lot faster to use the Accounts pane of the System Preferences application to edit a user account to make it part of the admin group, but this example serves to show you generally how the NetInfo Manager application works. To change the members of other groups, you have to use the NetInfo Manager application; you can do so using the same steps as those to change the members of the admin group.

    Part I: Mac OS X: Exploring the Core
    Part III: Mac OS X: Living the Digital Life