One of the biggest tasks associated with remotely administering a computer is to perform maintenance.
Our article about Panther Maintenance should give you an idea of what should be performed and when. Some of the maintenance steps that can be performed through the command line are already covered in detail, so I won't repeat them here.
However, in order to do the rest, you can rely on another nifty remote management tool that has been recently introduced by Apple: "diskutil," the CLI equivalent of the good old "Disk Utility." As a general rule, everything that can be done through the latter can be done through the former -- and more.
Before using it directly, though, you need to get the UNIX identifiers for the various disks on your Mac, which would be the equivalent of reading the list of drives printed on the left of the Disk Utility window. In order to do so, enter "diskutil list" and enter return. This will give you a very comprehensive list of all that's inside of or connected to your Mac, drive-wise. As you can see, there are many "hidden" partitions on your drives, used to store drivers or various catalog-related files.
What we are looking for, however, are simply the lines that aren't indented and begin with "/dev/..." Indeed, they give the identifiers for every disk, which we will then use to tell
diskutil on which drive we want to act. Would you want to act on a partition, look for the identifier on the right-hand side column, conveniently labeled "identifier."
On my Mac, for example, the "Panther" volume (a partition of my internal drive) has identifier disk0s3 and my internal drive is /dev/disk0.
Without a doubt, the most commonly performed task while maintaining a Mac is repairing the permissions. In order to repair them through the command line, use "diskutil repairPermissions disk0s3" (replace disk0s3 by the identifier of your boot drive or partition). You will then see the usual messages appear on your Terminal window ( "Determining correct file permissions.", "Owner and group corrected"...). Unlike the graphical version of Disk Utility, the Terminal won't provide you with a progress bar, so you should keep in mind that the process can last a good while.
Repairing a Drive
Repairing a drive usually requires you to boot from an external volume -- a CD, another partition, or even a FireWire drive. Even when you administer it remotely, the Mac is booted from its internal drive, so you still won't be able to repair this one. Nevertheless, being able to verify and repair a drive through the command line can be useful, especially if one of your non-boot partitions or peripherals is acting weird.
In order to use this function, simply type "diskutil repairDisk /dev/disk0s5". Of course, replace disk0s5 by the identifier of the non-boot partition you wish to repair. You will then see the usual messages and, hopefully "The volume appears to be OK."
Lots of Other Options
Disk Utility has many tricks up its sleeve, including the ability to format drives, mount, unmount, and eject them all through the command line. In order to learn to use it -- its syntax is extremely simple -- just check the man pages. Keep in mind however that you could easily make a mistake while working remotely -- once you eject a drive, you may need to manually reconnect it or flip a switch on it to mount it again, for example. This is therefore reserved for more advanced users.
The most difficult and important part when using this command-line tool is to pick the right identifier. It should, however, be quite easy if you already make the distinction between "volumes" and "drives." For example, the two partitions on my built-in hard drive are two "volumes" on the "boot drive." When taking this into account, the identifiers make a lot of sense: disk0s1, disk0s3, and disk0s5 are obviously segments of the drive disk0.
FileVault users should keep in mind that their Home Folder is an encrypted disk image and will therefore appear as a volume of its own. Please, don't play with this volume unless you really know what you are doing, since it really is at the heart of your account.
Taking Screen Captures
Taking screen captures of a remote computer is at the same time a good and a bad idea. Indeed, it can allow you to easily troubleshoot an issue that a user cannot describe. On the other hand, it can be an intrusion on someone's privacy that, in some countries, can easily lead to prosecution, so make sure you don't capture anything without warning users first.
The easiest way to take a screen capture is to use the "screencapture" command-line tool. In order to capture a screen, enter the following command:
sudo screencapture -x /capture.pdf
The "x" will mute capture sounds to avoid frightening an unsuspecting user -- who should really not be unsuspecting if you follow our advice. The "/capture.pdf" specifies where the resulting PDF file should be placed. In our example, it is at the root of the hard drive. "sudo" is required when taking a capture through Terminal if you are not logged in locally as your SSH user. This is a security measure that will prevent people from spying on a user too easily -- remember that administrators are trusted users in the computing world.
You can then download the file through scp onto your Mac to view it. Do not open the file by using the "open" command. It will open the file on the remote computer, not on yours!
In order to download the file to your desktop, terminate your SSH session and simply enter:
scp user@ddnsdomainname:/capture.pdf Desktop/capture.pdf
Using the System Profiler
Very often, when a user experiences an issue, you ask for detailed hardware information. A good way to make sure it is accurate is to ask the user to open the "System Profiler" utility and read its contents. Unfortunately, System Profiler is a GUI application, meaning that you cannot use it through Terminal, right?
Well, not really. Indeed, Apple thought of including a "system_profiler" command-line tool that prints the information you want to the Terminal.
Its usage is extremely simple. In order to get a report, enter "system_profiler -detaillevel", followed by a number between "-2" and "1" -- the higher the number, the longer the report.
For example, you could type
"system_profiler -detailLevel -2" to get a nice overview of what is happening on the machine you are working on. This is also a great way to make sure that updates have been installed as they should.