Tutorial

Neue Updates und Verbesserungen zu Macfleet.
Folgen Sie uns auf X.com

Wichtiger Hinweis

Die in diesen Tutorials bereitgestellten Codebeispiele und Skripte dienen nur zu Bildungszwecken. Macfleet ist nicht verantwortlich für Probleme, Schäden oder Sicherheitslücken, die durch die Verwendung, Änderung oder Implementierung dieser Beispiele entstehen können. Überprüfen und testen Sie Code immer in einer sicheren Umgebung, bevor Sie ihn in Produktionssystemen verwenden.

← Alle Beiträge

File Ownership Management on macOS

Master file and folder ownership operations on your MacFleet devices using powerful command-line tools. This tutorial covers ownership changes, permission management, group assignments, and advanced ownership policies for secure file system administration.

Understanding macOS File Ownership

macOS file ownership system consists of several key concepts:

  • Owner (User) - The user who owns the file/folder and has primary control
  • Group - A collection of users who share specific permissions
  • Others - All other users on the system
  • Permissions - Read (r), Write (w), Execute (x) permissions for each category

Basic File Ownership Operations

Change File Owner

#!/bin/bash

# Change ownership of a specific file
USERNAME="Daniel"
FILE_PATH="/Users/Alex/Desktop/Dustin"

chown "$USERNAME" "$FILE_PATH"

echo "File ownership changed to $USERNAME successfully"

Change Folder Owner

#!/bin/bash

# Change ownership of a folder
USERNAME="Daniel"
FOLDER_PATH="/Users/Alex/Desktop/ProjectFolder"

chown "$USERNAME" "$FOLDER_PATH"

echo "Folder ownership changed to $USERNAME successfully"

Recursive Ownership Change

#!/bin/bash

# Change ownership recursively for all files and subfolders
USERNAME="Daniel"
FOLDER_PATH="/Users/Alex/Desktop/ProjectFolder"

chown -R "$USERNAME" "$FOLDER_PATH"

echo "Recursive ownership change completed for $USERNAME"

Advanced Ownership Management

Change Owner and Group

#!/bin/bash

# Change both owner and group
USERNAME="Daniel"
GROUPNAME="developers"
FILE_PATH="/Users/Alex/Desktop/project.txt"

chown "$USERNAME:$GROUPNAME" "$FILE_PATH"

echo "Ownership changed to $USERNAME:$GROUPNAME"

Ownership with Permission Verification

#!/bin/bash

# Change ownership and verify permissions
change_ownership_safe() {
    local username="$1"
    local file_path="$2"
    
    # Verify file exists
    if [[ ! -e "$file_path" ]]; then
        echo "Error: File or folder not found: $file_path"
        return 1
    fi
    
    # Verify user exists
    if ! id "$username" &>/dev/null; then
        echo "Error: User '$username' does not exist"
        return 1
    fi
    
    # Get current ownership
    local current_owner=$(stat -f "%Su" "$file_path")
    echo "Current owner: $current_owner"
    
    # Change ownership
    if chown "$username" "$file_path"; then
        echo "Ownership successfully changed from $current_owner to $username"
        
        # Display new permissions
        echo "New permissions:"
        ls -la "$file_path"
        return 0
    else
        echo "Error: Failed to change ownership"
        return 1
    fi
}

# Usage example
change_ownership_safe "Daniel" "/Users/Alex/Desktop/document.txt"

Bulk Ownership Management

#!/bin/bash

# Change ownership for multiple files/folders
bulk_ownership_change() {
    local username="$1"
    shift
    local paths=("$@")
    
    echo "Starting bulk ownership change to user: $username"
    
    for path in "${paths[@]}"; do
        if [[ -e "$path" ]]; then
            if chown "$username" "$path"; then
                echo "✓ Changed ownership: $path"
            else
                echo "✗ Failed to change ownership: $path"
            fi
        else
            echo "✗ File not found: $path"
        fi
    done
    
    echo "Bulk ownership change completed"
}

# Usage example
bulk_ownership_change "Daniel" "/Users/Alex/Desktop/file1.txt" "/Users/Alex/Desktop/file2.txt" "/Users/Alex/Desktop/folder1"

Permission Management

Set Specific Permissions

#!/bin/bash

# Change ownership and set specific permissions
set_ownership_and_permissions() {
    local username="$1"
    local file_path="$2"
    local permissions="$3"
    
    echo "Setting ownership and permissions for: $file_path"
    
    # Change ownership
    chown "$username" "$file_path"
    
    # Set permissions
    chmod "$permissions" "$file_path"
    
    echo "Ownership: $username, Permissions: $permissions"
    ls -la "$file_path"
}

# Usage examples
set_ownership_and_permissions "Daniel" "/Users/Alex/Desktop/script.sh" "755"
set_ownership_and_permissions "Daniel" "/Users/Alex/Desktop/document.txt" "644"

Permission Analysis

#!/bin/bash

# Analyze current permissions and ownership
analyze_permissions() {
    local file_path="$1"
    
    if [[ ! -e "$file_path" ]]; then
        echo "File or folder not found: $file_path"
        return 1
    fi
    
    echo "=== Permission Analysis for: $file_path ==="
    
    # Get detailed information
    local owner=$(stat -f "%Su" "$file_path")
    local group=$(stat -f "%Sg" "$file_path")
    local permissions=$(stat -f "%Sp" "$file_path")
    local octal_permissions=$(stat -f "%A" "$file_path")
    local size=$(stat -f "%z" "$file_path")
    local modified=$(stat -f "%Sm" "$file_path")
    
    echo "Owner: $owner"
    echo "Group: $group"
    echo "Permissions: $permissions"
    echo "Octal: $octal_permissions"
    echo "Size: $size bytes"
    echo "Modified: $modified"
    
    # Check if writable by others
    if [[ "$permissions" =~ .*w.*w.*w.* ]]; then
        echo "⚠️  WARNING: File is world-writable"
    fi
    
    # Check if executable
    if [[ "$permissions" =~ .*x.* ]]; then
        echo "ℹ️  File is executable"
    fi
}

# Usage
analyze_permissions "/Users/Alex/Desktop/document.txt"

Enterprise Ownership Management System

#!/bin/bash

# MacFleet File Ownership Management Tool
# Comprehensive ownership and permission management for fleet devices

# Configuration
SCRIPT_VERSION="1.0.0"
LOG_FILE="/var/log/macfleet_ownership.log"
REPORT_DIR="/etc/macfleet/reports/ownership"
CONFIG_DIR="/etc/macfleet/ownership"
POLICY_DIR="$CONFIG_DIR/policies"

# Create directories if they don't exist
mkdir -p "$REPORT_DIR" "$CONFIG_DIR" "$POLICY_DIR"

# Ownership categories for different file types
declare -A OWNERSHIP_CATEGORIES=(
    ["system_files"]="root:wheel"
    ["application_data"]="root:admin"
    ["user_documents"]="user:staff"
    ["shared_resources"]="shared:staff"
    ["development_files"]="developer:developer"
    ["web_content"]="www:www"
    ["log_files"]="root:wheel"
    ["configuration_files"]="root:wheel"
    ["temporary_files"]="user:staff"
    ["backup_files"]="backup:backup"
)

# Ownership policies for different security levels
declare -A OWNERSHIP_POLICIES=(
    ["public_access"]="644,755,user:staff,world_readable"
    ["restricted_access"]="600,700,user:staff,owner_only"
    ["shared_collaboration"]="664,775,user:staff,group_writable"
    ["system_secure"]="644,755,root:wheel,admin_managed"
    ["development_team"]="664,775,developer:developer,team_access"
    ["confidential_data"]="600,700,secure:secure,encrypted_required"
)

# Logging function
log_action() {
    local message="$1"
    local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
    echo "[$timestamp] $message" | tee -a "$LOG_FILE"
}

# User and group validation
validate_user_group() {
    local user="$1"
    local group="$2"
    
    # Check if user exists
    if ! id "$user" &>/dev/null; then
        log_action "ERROR: User '$user' does not exist"
        return 1
    fi
    
    # Check if group exists (if specified)
    if [[ -n "$group" ]] && ! dscl . -read /Groups/"$group" &>/dev/null; then
        log_action "ERROR: Group '$group' does not exist"
        return 1
    fi
    
    return 0
}

# Advanced ownership change with backup and rollback
change_ownership_advanced() {
    local target_path="$1"
    local new_owner="$2"
    local new_group="${3:-}"
    local recursive="${4:-false}"
    local backup_metadata="${5:-true}"
    
    log_action "Starting advanced ownership change: $target_path -> $new_owner:$new_group"
    
    if [[ ! -e "$target_path" ]]; then
        log_action "ERROR: Target path does not exist: $target_path"
        return 1
    fi
    
    # Validate user and group
    if ! validate_user_group "$new_owner" "$new_group"; then
        return 1
    fi
    
    # Create backup of current metadata
    local backup_file=""
    if [[ "$backup_metadata" == "true" ]]; then
        backup_file="$REPORT_DIR/ownership_backup_$(date +%Y%m%d_%H%M%S).json"
        create_ownership_backup "$target_path" "$backup_file" "$recursive"
    fi
    
    # Construct chown command
    local chown_target="$new_owner"
    if [[ -n "$new_group" ]]; then
        chown_target="$new_owner:$new_group"
    fi
    
    local chown_cmd="chown"
    if [[ "$recursive" == "true" ]]; then
        chown_cmd="chown -R"
    fi
    
    # Execute ownership change
    if $chown_cmd "$chown_target" "$target_path"; then
        log_action "SUCCESS: Ownership changed to $chown_target for $target_path"
        
        # Create post-change report
        local report_file="$REPORT_DIR/ownership_change_$(date +%Y%m%d_%H%M%S).json"
        create_ownership_report "$target_path" "$report_file" "$recursive"
        
        echo "$report_file"
        return 0
    else
        log_action "ERROR: Failed to change ownership for $target_path"
        return 1
    fi
}

# Create ownership backup
create_ownership_backup() {
    local target_path="$1"
    local backup_file="$2"
    local recursive="$3"
    
    cat > "$backup_file" << EOF
{
    "backup_info": {
        "target_path": "$target_path",
        "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
        "hostname": "$(hostname)",
        "recursive": $recursive
    },
    "original_ownership": []
}
EOF
    
    if [[ "$recursive" == "true" ]]; then
        # Recursive backup
        find "$target_path" -exec stat -f '{"path":"%N","owner":"%Su","group":"%Sg","permissions":"%Sp","octal":"%A"}' {} \; | \
        jq -s '.' | \
        jq --slurpfile backup "$backup_file" '.backup_info = $backup[0].backup_info | .original_ownership = .' > "${backup_file}.tmp" && \
        mv "${backup_file}.tmp" "$backup_file"
    else
        # Single file backup
        local owner=$(stat -f "%Su" "$target_path")
        local group=$(stat -f "%Sg" "$target_path")
        local permissions=$(stat -f "%Sp" "$target_path")
        local octal=$(stat -f "%A" "$target_path")
        
        jq --arg path "$target_path" \
           --arg owner "$owner" \
           --arg group "$group" \
           --arg permissions "$permissions" \
           --arg octal "$octal" \
           '.original_ownership = [{"path": $path, "owner": $owner, "group": $group, "permissions": $permissions, "octal": $octal}]' \
           "$backup_file" > "${backup_file}.tmp" && mv "${backup_file}.tmp" "$backup_file"
    fi
    
    log_action "Ownership backup created: $backup_file"
}

# Create ownership report
create_ownership_report() {
    local target_path="$1"
    local report_file="$2"
    local recursive="$3"
    
    cat > "$report_file" << EOF
{
    "report_info": {
        "target_path": "$target_path",
        "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
        "hostname": "$(hostname)",
        "recursive": $recursive,
        "script_version": "$SCRIPT_VERSION"
    },
    "current_ownership": [],
    "security_analysis": {},
    "recommendations": []
}
EOF
    
    # Get current ownership information
    if [[ "$recursive" == "true" ]]; then
        find "$target_path" -exec stat -f '{"path":"%N","owner":"%Su","group":"%Sg","permissions":"%Sp","octal":"%A","size":%z,"modified":"%Sm"}' {} \; | \
        jq -s '.' | \
        jq --slurpfile report "$report_file" '.report_info = $report[0].report_info | .current_ownership = .' > "${report_file}.tmp" && \
        mv "${report_file}.tmp" "$report_file"
    else
        local owner=$(stat -f "%Su" "$target_path")
        local group=$(stat -f "%Sg" "$target_path")
        local permissions=$(stat -f "%Sp" "$target_path")
        local octal=$(stat -f "%A" "$target_path")
        local size=$(stat -f "%z" "$target_path")
        local modified=$(stat -f "%Sm" "$target_path")
        
        jq --arg path "$target_path" \
           --arg owner "$owner" \
           --arg group "$group" \
           --arg permissions "$permissions" \
           --arg octal "$octal" \
           --arg size "$size" \
           --arg modified "$modified" \
           '.current_ownership = [{"path": $path, "owner": $owner, "group": $group, "permissions": $permissions, "octal": $octal, "size": $size, "modified": $modified}]' \
           "$report_file" > "${report_file}.tmp" && mv "${report_file}.tmp" "$report_file"
    fi
    
    # Perform security analysis
    perform_security_analysis "$target_path" "$report_file" "$recursive"
    
    log_action "Ownership report created: $report_file"
}

# Security analysis
perform_security_analysis() {
    local target_path="$1"
    local report_file="$2"
    local recursive="$3"
    
    local world_writable_count=0
    local world_readable_count=0
    local executable_count=0
    local setuid_count=0
    local security_issues=()
    
    if [[ "$recursive" == "true" ]]; then
        world_writable_count=$(find "$target_path" -type f -perm -002 2>/dev/null | wc -l)
        world_readable_count=$(find "$target_path" -type f -perm -004 2>/dev/null | wc -l)
        executable_count=$(find "$target_path" -type f -perm -111 2>/dev/null | wc -l)
        setuid_count=$(find "$target_path" -type f -perm -4000 2>/dev/null | wc -l)
    else
        local perms=$(stat -f "%A" "$target_path")
        [[ $((perms & 002)) -ne 0 ]] && world_writable_count=1
        [[ $((perms & 004)) -ne 0 ]] && world_readable_count=1
        [[ $((perms & 111)) -ne 0 ]] && executable_count=1
        [[ $((perms & 4000)) -ne 0 ]] && setuid_count=1
    fi
    
    # Identify security issues
    [[ $world_writable_count -gt 0 ]] && security_issues+=("World-writable files detected")
    [[ $setuid_count -gt 0 ]] && security_issues+=("SETUID files detected")
    
    # Update report with security analysis
    jq --argjson world_writable "$world_writable_count" \
       --argjson world_readable "$world_readable_count" \
       --argjson executable "$executable_count" \
       --argjson setuid "$setuid_count" \
       --argjson issues "$(printf '%s\n' "${security_issues[@]}" | jq -R . | jq -s .)" \
       '.security_analysis = {
           "world_writable_files": $world_writable,
           "world_readable_files": $world_readable,
           "executable_files": $executable,
           "setuid_files": $setuid,
           "security_issues": $issues
       }' "$report_file" > "${report_file}.tmp" && mv "${report_file}.tmp" "$report_file"
}

# Apply ownership policy
apply_ownership_policy() {
    local target_path="$1"
    local policy_name="$2"
    local recursive="${3:-false}"
    
    log_action "Applying ownership policy '$policy_name' to $target_path"
    
    if [[ -z "${OWNERSHIP_POLICIES[$policy_name]}" ]]; then
        log_action "ERROR: Unknown ownership policy: $policy_name"
        return 1
    fi
    
    # Parse policy
    IFS=',' read -ra POLICY_PARTS <<< "${OWNERSHIP_POLICIES[$policy_name]}"
    local file_perms="${POLICY_PARTS[0]}"
    local dir_perms="${POLICY_PARTS[1]}"
    local ownership="${POLICY_PARTS[2]}"
    local access_level="${POLICY_PARTS[3]}"
    
    # Extract user and group
    IFS=':' read -ra OWNER_PARTS <<< "$ownership"
    local user="${OWNER_PARTS[0]}"
    local group="${OWNER_PARTS[1]:-}"
    
    # Apply ownership
    change_ownership_advanced "$target_path" "$user" "$group" "$recursive" "true"
    
    # Apply permissions
    if [[ -d "$target_path" ]]; then
        chmod "$dir_perms" "$target_path"
    else
        chmod "$file_perms" "$target_path"
    fi
    
    if [[ "$recursive" == "true" ]]; then
        find "$target_path" -type f -exec chmod "$file_perms" {} \;
        find "$target_path" -type d -exec chmod "$dir_perms" {} \;
    fi
    
    log_action "Policy '$policy_name' applied successfully"
}

# Fleet ownership management
manage_fleet_ownership() {
    local action="$1"
    local target_pattern="$2"
    local ownership_spec="$3"
    
    log_action "Fleet ownership management: $action on $target_pattern"
    
    case "$action" in
        "audit")
            audit_fleet_ownership "$target_pattern"
            ;;
        "standardize")
            standardize_fleet_ownership "$target_pattern" "$ownership_spec"
            ;;
        "policy-apply")
            apply_fleet_policy "$target_pattern" "$ownership_spec"
            ;;
        "report")
            generate_fleet_ownership_report
            ;;
    esac
}

# Audit fleet ownership
audit_fleet_ownership() {
    local target_pattern="$1"
    
    echo "Auditing fleet ownership for pattern: $target_pattern"
    
    # Find files matching pattern
    local files=($(find / -path "$target_pattern" 2>/dev/null | head -100))
    
    local audit_report="$REPORT_DIR/fleet_ownership_audit_$(date +%Y%m%d_%H%M%S).json"
    
    cat > "$audit_report" << EOF
{
    "audit_info": {
        "pattern": "$target_pattern",
        "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
        "hostname": "$(hostname)",
        "files_found": ${#files[@]}
    },
    "ownership_summary": {},
    "security_findings": [],
    "recommendations": []
}
EOF
    
    # Analyze ownership patterns
    local owners=()
    local groups=()
    local permissions=()
    
    for file in "${files[@]}"; do
        if [[ -e "$file" ]]; then
            owners+=($(stat -f "%Su" "$file"))
            groups+=($(stat -f "%Sg" "$file"))
            permissions+=($(stat -f "%A" "$file"))
        fi
    done
    
    # Generate summary
    local unique_owners=($(printf '%s\n' "${owners[@]}" | sort -u))
    local unique_groups=($(printf '%s\n' "${groups[@]}" | sort -u))
    
    jq --argjson owners "$(printf '%s\n' "${unique_owners[@]}" | jq -R . | jq -s .)" \
       --argjson groups "$(printf '%s\n' "${unique_groups[@]}" | jq -R . | jq -s .)" \
       '.ownership_summary = {
           "unique_owners": $owners,
           "unique_groups": $groups,
           "total_files": '${#files[@]}'
       }' "$audit_report" > "${audit_report}.tmp" && mv "${audit_report}.tmp" "$audit_report"
    
    log_action "Fleet ownership audit completed: $audit_report"
    echo "$audit_report"
}

# Main execution function
main() {
    local action="${1:-change}"
    local target="${2:-}"
    local owner="${3:-}"
    local group="${4:-}"
    local options="${5:-}"
    
    log_action "=== MacFleet Ownership Management Started ==="
    log_action "Action: $action, Target: $target, Owner: $owner, Group: $group"
    
    case "$action" in
        "change")
            if [[ -z "$target" || -z "$owner" ]]; then
                echo "Usage: $0 change <target_path> <owner> [group] [recursive]"
                exit 1
            fi
            change_ownership_advanced "$target" "$owner" "$group" "$options"
            ;;
        "policy")
            if [[ -z "$target" || -z "$owner" ]]; then
                echo "Usage: $0 policy <target_path> <policy_name> [recursive]"
                exit 1
            fi
            apply_ownership_policy "$target" "$owner" "$group"
            ;;
        "audit")
            audit_fleet_ownership "${target:-/Users/*}"
            ;;
        "fleet")
            manage_fleet_ownership "$owner" "$target" "$group"
            ;;
        "help")
            echo "Usage: $0 [action] [options...]"
            echo "Actions:"
            echo "  change <path> <owner> [group] [recursive] - Change ownership"
            echo "  policy <path> <policy> [recursive] - Apply ownership policy"
            echo "  audit [pattern] - Audit ownership across fleet"
            echo "  fleet <action> <pattern> <spec> - Fleet management"
            echo "  help - Show this help"
            echo ""
            echo "Available policies: ${!OWNERSHIP_POLICIES[*]}"
            ;;
        *)
            log_action "ERROR: Unknown action: $action"
            exit 1
            ;;
    esac
    
    log_action "=== Ownership management completed ==="
}

# Execute main function
main "$@"

Common Ownership Scenarios

Employee Role Change

#!/bin/bash

# Transfer ownership when employee changes roles
transfer_employee_files() {
    local old_user="$1"
    local new_user="$2"
    local base_path="$3"
    
    echo "Transferring files from $old_user to $new_user in $base_path"
    
    # Find all files owned by old user
    local files=($(find "$base_path" -user "$old_user" 2>/dev/null))
    
    echo "Found ${#files[@]} files owned by $old_user"
    
    for file in "${files[@]}"; do
        if chown "$new_user" "$file"; then
            echo "✓ Transferred: $file"
        else
            echo "✗ Failed: $file"
        fi
    done
    
    echo "Transfer completed"
}

# Usage
transfer_employee_files "john.doe" "jane.smith" "/Users/Shared/Projects"

Project Handover

#!/bin/bash

# Complete project handover with ownership and permissions
project_handover() {
    local project_path="$1"
    local new_owner="$2"
    local team_group="$3"
    
    echo "Starting project handover: $project_path"
    
    # Change ownership recursively
    chown -R "$new_owner:$team_group" "$project_path"
    
    # Set appropriate permissions
    find "$project_path" -type d -exec chmod 775 {} \;  # Directories
    find "$project_path" -type f -exec chmod 664 {} \;  # Files
    find "$project_path" -name "*.sh" -exec chmod 755 {} \;  # Scripts
    
    echo "Project handover completed"
    echo "New owner: $new_owner"
    echo "Team group: $team_group"
    ls -la "$project_path"
}

# Usage
project_handover "/Users/Shared/ProjectAlpha" "daniel" "developers"

Security Compliance Check

#!/bin/bash

# Check ownership compliance across critical directories
compliance_check() {
    local directories=("/etc" "/usr/local" "/Applications" "/Users/Shared")
    
    echo "=== Ownership Compliance Check ==="
    
    for dir in "${directories[@]}"; do
        if [[ -d "$dir" ]]; then
            echo -e "\nChecking: $dir"
            
            # Find world-writable files
            local world_writable=$(find "$dir" -type f -perm -002 2>/dev/null | head -5)
            if [[ -n "$world_writable" ]]; then
                echo "⚠️  World-writable files found:"
                echo "$world_writable"
            fi
            
            # Find files with unusual ownership
            local unusual_owners=$(find "$dir" -maxdepth 2 ! -user root ! -user "$(whoami)" 2>/dev/null | head -5)
            if [[ -n "$unusual_owners" ]]; then
                echo "ℹ️  Non-standard ownership:"
                echo "$unusual_owners" | xargs ls -la
            fi
        fi
    done
}

# Run compliance check
compliance_check

Important Notes

  • Admin privileges required for changing ownership of files not owned by current user
  • User validation - Always verify target user exists before changing ownership
  • Backup metadata before making bulk ownership changes
  • Test scripts on sample files before production deployment
  • Monitor permissions after ownership changes to ensure proper access
  • Use recursive options carefully to avoid unintended changes
  • Group membership affects file access even with proper ownership

Tutorial

Neue Updates und Verbesserungen zu Macfleet.
Folgen Sie uns auf X.com

Konfiguration eines GitHub Actions Runners auf einem Mac Mini (Apple Silicon)

GitHub Actions Runner

GitHub Actions ist eine leistungsstarke CI/CD-Plattform, die es Ihnen ermöglicht, Ihre Software-Entwicklungsworkflows zu automatisieren. Während GitHub gehostete Runner anbietet, bieten selbst-gehostete Runner erhöhte Kontrolle und Anpassung für Ihr CI/CD-Setup. Dieses Tutorial führt Sie durch die Einrichtung, Konfiguration und Verbindung eines selbst-gehosteten Runners auf einem Mac mini zur Ausführung von macOS-Pipelines.

Voraussetzungen

Bevor Sie beginnen, stellen Sie sicher, dass Sie haben:

  • Einen Mac mini (registrieren Sie sich bei Macfleet)
  • Ein GitHub-Repository mit Administratorrechten
  • Einen installierten Paketmanager (vorzugsweise Homebrew)
  • Git auf Ihrem System installiert

Schritt 1: Ein dediziertes Benutzerkonto erstellen

Erstellen Sie zunächst ein dediziertes Benutzerkonto für den GitHub Actions Runner:

# Das 'gh-runner' Benutzerkonto erstellen
sudo dscl . -create /Users/gh-runner
sudo dscl . -create /Users/gh-runner UserShell /bin/bash
sudo dscl . -create /Users/gh-runner RealName "GitHub runner"
sudo dscl . -create /Users/gh-runner UniqueID "1001"
sudo dscl . -create /Users/gh-runner PrimaryGroupID 20
sudo dscl . -create /Users/gh-runner NFSHomeDirectory /Users/gh-runner

# Das Passwort für den Benutzer setzen
sudo dscl . -passwd /Users/gh-runner ihr_passwort

# 'gh-runner' zur 'admin'-Gruppe hinzufügen
sudo dscl . -append /Groups/admin GroupMembership gh-runner

Wechseln Sie zum neuen Benutzerkonto:

su gh-runner

Schritt 2: Erforderliche Software installieren

Installieren Sie Git und Rosetta 2 (wenn Sie Apple Silicon verwenden):

# Git installieren, falls noch nicht installiert
brew install git

# Rosetta 2 für Apple Silicon Macs installieren
softwareupdate --install-rosetta

Schritt 3: Den GitHub Actions Runner konfigurieren

  1. Gehen Sie zu Ihrem GitHub-Repository
  2. Navigieren Sie zu Einstellungen > Actions > Runners

GitHub Actions Runner

  1. Klicken Sie auf "New self-hosted runner" (https://github.com/<username>/<repository>/settings/actions/runners/new)
  2. Wählen Sie macOS als Runner-Image und ARM64 als Architektur
  3. Folgen Sie den bereitgestellten Befehlen, um den Runner herunterzuladen und zu konfigurieren

GitHub Actions Runner

Erstellen Sie eine .env-Datei im _work-Verzeichnis des Runners:

# _work/.env Datei
ImageOS=macos15
XCODE_15_DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer
  1. Führen Sie das run.sh-Skript in Ihrem Runner-Verzeichnis aus, um die Einrichtung abzuschließen.
  2. Überprüfen Sie, dass der Runner aktiv ist und auf Jobs im Terminal wartet, und überprüfen Sie die GitHub-Repository-Einstellungen für die Runner-Zuordnung und den Idle-Status.

GitHub Actions Runner

Schritt 4: Sudoers konfigurieren (Optional)

Wenn Ihre Actions Root-Privilegien benötigen, konfigurieren Sie die sudoers-Datei:

sudo visudo

Fügen Sie die folgende Zeile hinzu:

gh-runner ALL=(ALL) NOPASSWD: ALL

Schritt 5: Den Runner in Workflows verwenden

Konfigurieren Sie Ihren GitHub Actions Workflow, um den selbst-gehosteten Runner zu verwenden:

name: Beispiel-Workflow

on:
  workflow_dispatch:

jobs:
  build:
    runs-on: [self-hosted, macOS, ARM64]
    steps:
      - name: NodeJS installieren
        run: brew install node

Der Runner ist bei Ihrem Repository authentifiziert und mit self-hosted, macOS und ARM64 markiert. Verwenden Sie ihn in Ihren Workflows, indem Sie diese Labels im runs-on-Feld angeben:

runs-on: [self-hosted, macOS, ARM64]

Best Practices

  • Halten Sie Ihre Runner-Software auf dem neuesten Stand
  • Überwachen Sie regelmäßig Runner-Logs auf Probleme
  • Verwenden Sie spezifische Labels für verschiedene Runner-Typen
  • Implementieren Sie angemessene Sicherheitsmaßnahmen
  • Erwägen Sie die Verwendung mehrerer Runner für Lastverteilung

Fehlerbehebung

Häufige Probleme und Lösungen:

  1. Runner verbindet sich nicht:

    • Überprüfen Sie die Netzwerkverbindung
    • Überprüfen Sie die Gültigkeit des GitHub-Tokens
    • Stellen Sie angemessene Berechtigungen sicher

  2. Build-Fehler:

    • Überprüfen Sie die Xcode-Installation
    • Überprüfen Sie erforderliche Abhängigkeiten
    • Überprüfen Sie Workflow-Logs

  3. Berechtigungsprobleme:

    • Überprüfen Sie Benutzerberechtigungen
    • Überprüfen Sie sudoers-Konfiguration
    • Überprüfen Sie Dateisystem-Berechtigungen

Fazit

Sie haben jetzt einen selbst-gehosteten GitHub Actions Runner auf Ihrem Mac mini konfiguriert. Diese Einrichtung bietet Ihnen mehr Kontrolle über Ihre CI/CD-Umgebung und ermöglicht es Ihnen, macOS-spezifische Workflows effizient auszuführen.

Denken Sie daran, Ihren Runner regelmäßig zu warten und ihn mit den neuesten Sicherheitspatches und Software-Versionen auf dem neuesten Stand zu halten.

Native App

Macfleet native App

Macfleet Installationsanleitung

Macfleet ist eine leistungsstarke Flottenmanagement-Lösung, die speziell für Cloud-gehostete Mac Mini-Umgebungen entwickelt wurde. Als Mac Mini Cloud-Hosting-Anbieter können Sie Macfleet verwenden, um Ihre gesamte Flotte virtualisierter Mac-Instanzen zu überwachen, zu verwalten und zu optimieren.

Diese Installationsanleitung führt Sie durch die Einrichtung der Macfleet-Überwachung auf macOS-, Windows- und Linux-Systemen, um eine umfassende Übersicht über Ihre Cloud-Infrastruktur zu gewährleisten.

🍎 macOS

  • Laden Sie die .dmg-Datei für Mac hier herunter
  • Doppelklicken Sie auf die heruntergeladene .dmg-Datei
  • Ziehen Sie die Macfleet-App in den Anwendungsordner
  • Werfen Sie die .dmg-Datei aus
  • Öffnen Sie Systemeinstellungen > Sicherheit & Datenschutz
    • Datenschutz-Tab > Bedienungshilfen
    • Aktivieren Sie Macfleet, um Überwachung zu erlauben
  • Starten Sie Macfleet aus den Anwendungen
  • Die Verfolgung startet automatisch

🪟 Windows

  • Laden Sie die .exe-Datei für Windows hier herunter
  • Rechtsklick auf die .exe-Datei > "Als Administrator ausführen"
  • Folgen Sie dem Installationsassistenten
  • Akzeptieren Sie die Allgemeinen Geschäftsbedingungen
  • Erlauben Sie in Windows Defender, wenn aufgefordert
  • Gewähren Sie Anwendungsüberwachungsberechtigungen
  • Starten Sie Macfleet aus dem Startmenü
  • Die Anwendung beginnt automatisch mit der Verfolgung

🐧 Linux

  • Laden Sie das .deb-Paket (Ubuntu/Debian) oder .rpm (CentOS/RHEL) hier herunter
  • Installieren Sie mit Ihrem Paketmanager
    • Ubuntu/Debian: sudo dpkg -i Macfleet-linux.deb
    • CentOS/RHEL: sudo rpm -ivh Macfleet-linux.rpm
  • Erlauben Sie X11-Zugriffsberechtigungen, wenn aufgefordert
  • Fügen Sie den Benutzer zu entsprechenden Gruppen hinzu, falls erforderlich
  • Starten Sie Macfleet aus dem Anwendungsmenü
  • Die Anwendung beginnt automatisch mit der Verfolgung

Hinweis: Nach der Installation auf allen Systemen melden Sie sich mit Ihren Macfleet-Anmeldedaten an, um Daten mit Ihrem Dashboard zu synchronisieren.