Mac hacks

Turn on the computer. Upon hearing the startup chime, hold the key combination CMD+S. This boots the computer into single-user mode, which in turn gives you access via the root user. It is important to note, however, that this can be blocked by a firmware password. (if so, see here)


if that doesn’t work:

dscl . -create /Users/luser
dscl . -create /Users/luser UserShell /bin/bash
dscl . -create /Users/luser RealName "Lucius Q. User"
dscl . -create /Users/luser UniqueID "1010"
dscl . -create /Users/luser PrimaryGroupID 80
dscl . -create /Users/luser NFSHomeDirectory /Users/luser

You can then use passwd to change the user’s password, or use:

dscl . -passwd /Users/luser password

You’ll have to create /Users/luser for the user’s home directory and change ownership so the user can access it, and be sure that the UniqueID is in fact unique.

This line will add the user to the administrator’s group:

dscl . -append /Groups/admin GroupMembership luser

view local users:

dscl . -readall /Users
dscl . -readall /Users | grep RecordName

Alternate method:

just change the root password via passwd (after mounting fs).

for 10..7+ may need:

launchctl load /System/Library/LaunchDaemons/

Apache password protect directory

Password protect a directory on Apache is another syntax I use intermittently enough to forget the exact syntax. This assumes you have command-line access to your server to create the password file. If you are using the apache config in an htaccess file (easiest but not the best for production sites), make sure you have the appropriate apache permissions for that directory (AllowOverride).

first, create (-c) or update the password file:

htpasswd [ -c ] [ -m ] [ -D ] passwdfile username

-c Create the passwdfile. If passwdfile already exists, it is rewritten and truncated. This option cannot be combined with the -n option.
-m Use MD5 encryption for passwords. On Windows, Netware and TPF, this is the default.
-D Delete user. If the username exists in the specified htpasswd file, it will be deleted.

Then, update apache config (or htaccess):

AuthUserFile /var/www/path/to/.htpasswd
AuthName "Title for Protected Site"
AuthType Basic
Require valid-user

You can also allow from just certain IP addresses or domains either instead or in addition to user/pass. A whole or partial IP can be specified like so:

Allow from
Allow from
Allow from 10 172.20
Allow from 2001:db8::a00:20ff:fea7:ccea

(Note that IP and domain info can be faked pretty easily, so this method should not be used on anything too sensitive. In those cases, a public-private key/browser certificate system is best.)

There are also times that you want to restrict access to or from certain user agents. This can be done like so:

SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
<Directory /docroot>
Order Deny,Allow
Deny from all
Allow from env=let_me_in

for more info on htaccess see: Apache Tutorial: .htaccess files