BOOT INTO SINGLE-USER MODE
Turn on the computer. Upon hearing the startup chime, hold the key combination CMD+S. This boots the computer into single-user mode, which in turn gives you access via the root user. It is important to note, however, that this can be blocked by a firmware password. (if so, see here)
if that doesn’t work:
dscl . -create /Users/luser dscl . -create /Users/luser UserShell /bin/bash dscl . -create /Users/luser RealName "Lucius Q. User" dscl . -create /Users/luser UniqueID "1010" dscl . -create /Users/luser PrimaryGroupID 80 dscl . -create /Users/luser NFSHomeDirectory /Users/luser
You can then use passwd to change the user’s password, or use:
dscl . -passwd /Users/luser password
You’ll have to create /Users/luser for the user’s home directory and change ownership so the user can access it, and be sure that the UniqueID is in fact unique.
This line will add the user to the administrator’s group:
dscl . -append /Groups/admin GroupMembership luser
dscl . -readall /Users dscl . -readall /Users | grep RecordName
just change the root password via passwd (after mounting fs).
for 10..7+ may need:
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist
Password protect a directory on Apache is another syntax I use intermittently enough to forget the exact syntax. This assumes you have command-line access to your server to create the password file. If you are using the apache config in an htaccess file (easiest but not the best for production sites), make sure you have the appropriate apache permissions for that directory (AllowOverride).
first, create (-c) or update the password file:
htpasswd [ -c ] [ -m ] [ -D ] passwdfile username
-c Create the passwdfile. If passwdfile already exists, it is rewritten and truncated. This option cannot be combined with the -n option.
-m Use MD5 encryption for passwords. On Windows, Netware and TPF, this is the default.
-D Delete user. If the username exists in the specified htpasswd file, it will be deleted.
Then, update apache config (or htaccess):
AuthUserFile /var/www/path/to/.htpasswd AuthName "Title for Protected Site" AuthType Basic Require valid-user
You can also allow from just certain IP addresses or domains either instead or in addition to user/pass. A whole or partial IP can be specified like so:
Allow from apache.org Allow from 192.168.1.104 Allow from 10 172.20 Allow from 2001:db8::a00:20ff:fea7:ccea
(Note that IP and domain info can be faked pretty easily, so this method should not be used on anything too sensitive. In those cases, a public-private key/browser certificate system is best.)
There are also times that you want to restrict access to or from certain user agents. This can be done like so:
SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in <Directory /docroot> Order Deny,Allow Deny from all Allow from env=let_me_in </Directory>
for more info on htaccess see: Apache Tutorial: .htaccess files