Tutorial

Nuevas actualizaciones y mejoras para Macfleet.
Síguenos en X.com

Aviso importante

Los ejemplos de código y scripts proporcionados en estos tutoriales son solo para propósitos educativos. Macfleet no es responsable de ningún problema, daño o vulnerabilidad de seguridad que pueda surgir del uso, modificación o implementación de estos ejemplos. Siempre revisa y prueba el código en un entorno seguro antes de usarlo en sistemas de producción.

← Todas las publicaciones

File Ownership Management on macOS

Master file and folder ownership operations on your MacFleet devices using powerful command-line tools. This tutorial covers ownership changes, permission management, group assignments, and advanced ownership policies for secure file system administration.

Understanding macOS File Ownership

macOS file ownership system consists of several key concepts:

  • Owner (User) - The user who owns the file/folder and has primary control
  • Group - A collection of users who share specific permissions
  • Others - All other users on the system
  • Permissions - Read (r), Write (w), Execute (x) permissions for each category

Basic File Ownership Operations

Change File Owner

#!/bin/bash

# Change ownership of a specific file
USERNAME="Daniel"
FILE_PATH="/Users/Alex/Desktop/Dustin"

chown "$USERNAME" "$FILE_PATH"

echo "File ownership changed to $USERNAME successfully"

Change Folder Owner

#!/bin/bash

# Change ownership of a folder
USERNAME="Daniel"
FOLDER_PATH="/Users/Alex/Desktop/ProjectFolder"

chown "$USERNAME" "$FOLDER_PATH"

echo "Folder ownership changed to $USERNAME successfully"

Recursive Ownership Change

#!/bin/bash

# Change ownership recursively for all files and subfolders
USERNAME="Daniel"
FOLDER_PATH="/Users/Alex/Desktop/ProjectFolder"

chown -R "$USERNAME" "$FOLDER_PATH"

echo "Recursive ownership change completed for $USERNAME"

Advanced Ownership Management

Change Owner and Group

#!/bin/bash

# Change both owner and group
USERNAME="Daniel"
GROUPNAME="developers"
FILE_PATH="/Users/Alex/Desktop/project.txt"

chown "$USERNAME:$GROUPNAME" "$FILE_PATH"

echo "Ownership changed to $USERNAME:$GROUPNAME"

Ownership with Permission Verification

#!/bin/bash

# Change ownership and verify permissions
change_ownership_safe() {
    local username="$1"
    local file_path="$2"
    
    # Verify file exists
    if [[ ! -e "$file_path" ]]; then
        echo "Error: File or folder not found: $file_path"
        return 1
    fi
    
    # Verify user exists
    if ! id "$username" &>/dev/null; then
        echo "Error: User '$username' does not exist"
        return 1
    fi
    
    # Get current ownership
    local current_owner=$(stat -f "%Su" "$file_path")
    echo "Current owner: $current_owner"
    
    # Change ownership
    if chown "$username" "$file_path"; then
        echo "Ownership successfully changed from $current_owner to $username"
        
        # Display new permissions
        echo "New permissions:"
        ls -la "$file_path"
        return 0
    else
        echo "Error: Failed to change ownership"
        return 1
    fi
}

# Usage example
change_ownership_safe "Daniel" "/Users/Alex/Desktop/document.txt"

Bulk Ownership Management

#!/bin/bash

# Change ownership for multiple files/folders
bulk_ownership_change() {
    local username="$1"
    shift
    local paths=("$@")
    
    echo "Starting bulk ownership change to user: $username"
    
    for path in "${paths[@]}"; do
        if [[ -e "$path" ]]; then
            if chown "$username" "$path"; then
                echo "✓ Changed ownership: $path"
            else
                echo "✗ Failed to change ownership: $path"
            fi
        else
            echo "✗ File not found: $path"
        fi
    done
    
    echo "Bulk ownership change completed"
}

# Usage example
bulk_ownership_change "Daniel" "/Users/Alex/Desktop/file1.txt" "/Users/Alex/Desktop/file2.txt" "/Users/Alex/Desktop/folder1"

Permission Management

Set Specific Permissions

#!/bin/bash

# Change ownership and set specific permissions
set_ownership_and_permissions() {
    local username="$1"
    local file_path="$2"
    local permissions="$3"
    
    echo "Setting ownership and permissions for: $file_path"
    
    # Change ownership
    chown "$username" "$file_path"
    
    # Set permissions
    chmod "$permissions" "$file_path"
    
    echo "Ownership: $username, Permissions: $permissions"
    ls -la "$file_path"
}

# Usage examples
set_ownership_and_permissions "Daniel" "/Users/Alex/Desktop/script.sh" "755"
set_ownership_and_permissions "Daniel" "/Users/Alex/Desktop/document.txt" "644"

Permission Analysis

#!/bin/bash

# Analyze current permissions and ownership
analyze_permissions() {
    local file_path="$1"
    
    if [[ ! -e "$file_path" ]]; then
        echo "File or folder not found: $file_path"
        return 1
    fi
    
    echo "=== Permission Analysis for: $file_path ==="
    
    # Get detailed information
    local owner=$(stat -f "%Su" "$file_path")
    local group=$(stat -f "%Sg" "$file_path")
    local permissions=$(stat -f "%Sp" "$file_path")
    local octal_permissions=$(stat -f "%A" "$file_path")
    local size=$(stat -f "%z" "$file_path")
    local modified=$(stat -f "%Sm" "$file_path")
    
    echo "Owner: $owner"
    echo "Group: $group"
    echo "Permissions: $permissions"
    echo "Octal: $octal_permissions"
    echo "Size: $size bytes"
    echo "Modified: $modified"
    
    # Check if writable by others
    if [[ "$permissions" =~ .*w.*w.*w.* ]]; then
        echo "⚠️  WARNING: File is world-writable"
    fi
    
    # Check if executable
    if [[ "$permissions" =~ .*x.* ]]; then
        echo "ℹ️  File is executable"
    fi
}

# Usage
analyze_permissions "/Users/Alex/Desktop/document.txt"

Enterprise Ownership Management System

#!/bin/bash

# MacFleet File Ownership Management Tool
# Comprehensive ownership and permission management for fleet devices

# Configuration
SCRIPT_VERSION="1.0.0"
LOG_FILE="/var/log/macfleet_ownership.log"
REPORT_DIR="/etc/macfleet/reports/ownership"
CONFIG_DIR="/etc/macfleet/ownership"
POLICY_DIR="$CONFIG_DIR/policies"

# Create directories if they don't exist
mkdir -p "$REPORT_DIR" "$CONFIG_DIR" "$POLICY_DIR"

# Ownership categories for different file types
declare -A OWNERSHIP_CATEGORIES=(
    ["system_files"]="root:wheel"
    ["application_data"]="root:admin"
    ["user_documents"]="user:staff"
    ["shared_resources"]="shared:staff"
    ["development_files"]="developer:developer"
    ["web_content"]="www:www"
    ["log_files"]="root:wheel"
    ["configuration_files"]="root:wheel"
    ["temporary_files"]="user:staff"
    ["backup_files"]="backup:backup"
)

# Ownership policies for different security levels
declare -A OWNERSHIP_POLICIES=(
    ["public_access"]="644,755,user:staff,world_readable"
    ["restricted_access"]="600,700,user:staff,owner_only"
    ["shared_collaboration"]="664,775,user:staff,group_writable"
    ["system_secure"]="644,755,root:wheel,admin_managed"
    ["development_team"]="664,775,developer:developer,team_access"
    ["confidential_data"]="600,700,secure:secure,encrypted_required"
)

# Logging function
log_action() {
    local message="$1"
    local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
    echo "[$timestamp] $message" | tee -a "$LOG_FILE"
}

# User and group validation
validate_user_group() {
    local user="$1"
    local group="$2"
    
    # Check if user exists
    if ! id "$user" &>/dev/null; then
        log_action "ERROR: User '$user' does not exist"
        return 1
    fi
    
    # Check if group exists (if specified)
    if [[ -n "$group" ]] && ! dscl . -read /Groups/"$group" &>/dev/null; then
        log_action "ERROR: Group '$group' does not exist"
        return 1
    fi
    
    return 0
}

# Advanced ownership change with backup and rollback
change_ownership_advanced() {
    local target_path="$1"
    local new_owner="$2"
    local new_group="${3:-}"
    local recursive="${4:-false}"
    local backup_metadata="${5:-true}"
    
    log_action "Starting advanced ownership change: $target_path -> $new_owner:$new_group"
    
    if [[ ! -e "$target_path" ]]; then
        log_action "ERROR: Target path does not exist: $target_path"
        return 1
    fi
    
    # Validate user and group
    if ! validate_user_group "$new_owner" "$new_group"; then
        return 1
    fi
    
    # Create backup of current metadata
    local backup_file=""
    if [[ "$backup_metadata" == "true" ]]; then
        backup_file="$REPORT_DIR/ownership_backup_$(date +%Y%m%d_%H%M%S).json"
        create_ownership_backup "$target_path" "$backup_file" "$recursive"
    fi
    
    # Construct chown command
    local chown_target="$new_owner"
    if [[ -n "$new_group" ]]; then
        chown_target="$new_owner:$new_group"
    fi
    
    local chown_cmd="chown"
    if [[ "$recursive" == "true" ]]; then
        chown_cmd="chown -R"
    fi
    
    # Execute ownership change
    if $chown_cmd "$chown_target" "$target_path"; then
        log_action "SUCCESS: Ownership changed to $chown_target for $target_path"
        
        # Create post-change report
        local report_file="$REPORT_DIR/ownership_change_$(date +%Y%m%d_%H%M%S).json"
        create_ownership_report "$target_path" "$report_file" "$recursive"
        
        echo "$report_file"
        return 0
    else
        log_action "ERROR: Failed to change ownership for $target_path"
        return 1
    fi
}

# Create ownership backup
create_ownership_backup() {
    local target_path="$1"
    local backup_file="$2"
    local recursive="$3"
    
    cat > "$backup_file" << EOF
{
    "backup_info": {
        "target_path": "$target_path",
        "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
        "hostname": "$(hostname)",
        "recursive": $recursive
    },
    "original_ownership": []
}
EOF
    
    if [[ "$recursive" == "true" ]]; then
        # Recursive backup
        find "$target_path" -exec stat -f '{"path":"%N","owner":"%Su","group":"%Sg","permissions":"%Sp","octal":"%A"}' {} \; | \
        jq -s '.' | \
        jq --slurpfile backup "$backup_file" '.backup_info = $backup[0].backup_info | .original_ownership = .' > "${backup_file}.tmp" && \
        mv "${backup_file}.tmp" "$backup_file"
    else
        # Single file backup
        local owner=$(stat -f "%Su" "$target_path")
        local group=$(stat -f "%Sg" "$target_path")
        local permissions=$(stat -f "%Sp" "$target_path")
        local octal=$(stat -f "%A" "$target_path")
        
        jq --arg path "$target_path" \
           --arg owner "$owner" \
           --arg group "$group" \
           --arg permissions "$permissions" \
           --arg octal "$octal" \
           '.original_ownership = [{"path": $path, "owner": $owner, "group": $group, "permissions": $permissions, "octal": $octal}]' \
           "$backup_file" > "${backup_file}.tmp" && mv "${backup_file}.tmp" "$backup_file"
    fi
    
    log_action "Ownership backup created: $backup_file"
}

# Create ownership report
create_ownership_report() {
    local target_path="$1"
    local report_file="$2"
    local recursive="$3"
    
    cat > "$report_file" << EOF
{
    "report_info": {
        "target_path": "$target_path",
        "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
        "hostname": "$(hostname)",
        "recursive": $recursive,
        "script_version": "$SCRIPT_VERSION"
    },
    "current_ownership": [],
    "security_analysis": {},
    "recommendations": []
}
EOF
    
    # Get current ownership information
    if [[ "$recursive" == "true" ]]; then
        find "$target_path" -exec stat -f '{"path":"%N","owner":"%Su","group":"%Sg","permissions":"%Sp","octal":"%A","size":%z,"modified":"%Sm"}' {} \; | \
        jq -s '.' | \
        jq --slurpfile report "$report_file" '.report_info = $report[0].report_info | .current_ownership = .' > "${report_file}.tmp" && \
        mv "${report_file}.tmp" "$report_file"
    else
        local owner=$(stat -f "%Su" "$target_path")
        local group=$(stat -f "%Sg" "$target_path")
        local permissions=$(stat -f "%Sp" "$target_path")
        local octal=$(stat -f "%A" "$target_path")
        local size=$(stat -f "%z" "$target_path")
        local modified=$(stat -f "%Sm" "$target_path")
        
        jq --arg path "$target_path" \
           --arg owner "$owner" \
           --arg group "$group" \
           --arg permissions "$permissions" \
           --arg octal "$octal" \
           --arg size "$size" \
           --arg modified "$modified" \
           '.current_ownership = [{"path": $path, "owner": $owner, "group": $group, "permissions": $permissions, "octal": $octal, "size": $size, "modified": $modified}]' \
           "$report_file" > "${report_file}.tmp" && mv "${report_file}.tmp" "$report_file"
    fi
    
    # Perform security analysis
    perform_security_analysis "$target_path" "$report_file" "$recursive"
    
    log_action "Ownership report created: $report_file"
}

# Security analysis
perform_security_analysis() {
    local target_path="$1"
    local report_file="$2"
    local recursive="$3"
    
    local world_writable_count=0
    local world_readable_count=0
    local executable_count=0
    local setuid_count=0
    local security_issues=()
    
    if [[ "$recursive" == "true" ]]; then
        world_writable_count=$(find "$target_path" -type f -perm -002 2>/dev/null | wc -l)
        world_readable_count=$(find "$target_path" -type f -perm -004 2>/dev/null | wc -l)
        executable_count=$(find "$target_path" -type f -perm -111 2>/dev/null | wc -l)
        setuid_count=$(find "$target_path" -type f -perm -4000 2>/dev/null | wc -l)
    else
        local perms=$(stat -f "%A" "$target_path")
        [[ $((perms & 002)) -ne 0 ]] && world_writable_count=1
        [[ $((perms & 004)) -ne 0 ]] && world_readable_count=1
        [[ $((perms & 111)) -ne 0 ]] && executable_count=1
        [[ $((perms & 4000)) -ne 0 ]] && setuid_count=1
    fi
    
    # Identify security issues
    [[ $world_writable_count -gt 0 ]] && security_issues+=("World-writable files detected")
    [[ $setuid_count -gt 0 ]] && security_issues+=("SETUID files detected")
    
    # Update report with security analysis
    jq --argjson world_writable "$world_writable_count" \
       --argjson world_readable "$world_readable_count" \
       --argjson executable "$executable_count" \
       --argjson setuid "$setuid_count" \
       --argjson issues "$(printf '%s\n' "${security_issues[@]}" | jq -R . | jq -s .)" \
       '.security_analysis = {
           "world_writable_files": $world_writable,
           "world_readable_files": $world_readable,
           "executable_files": $executable,
           "setuid_files": $setuid,
           "security_issues": $issues
       }' "$report_file" > "${report_file}.tmp" && mv "${report_file}.tmp" "$report_file"
}

# Apply ownership policy
apply_ownership_policy() {
    local target_path="$1"
    local policy_name="$2"
    local recursive="${3:-false}"
    
    log_action "Applying ownership policy '$policy_name' to $target_path"
    
    if [[ -z "${OWNERSHIP_POLICIES[$policy_name]}" ]]; then
        log_action "ERROR: Unknown ownership policy: $policy_name"
        return 1
    fi
    
    # Parse policy
    IFS=',' read -ra POLICY_PARTS <<< "${OWNERSHIP_POLICIES[$policy_name]}"
    local file_perms="${POLICY_PARTS[0]}"
    local dir_perms="${POLICY_PARTS[1]}"
    local ownership="${POLICY_PARTS[2]}"
    local access_level="${POLICY_PARTS[3]}"
    
    # Extract user and group
    IFS=':' read -ra OWNER_PARTS <<< "$ownership"
    local user="${OWNER_PARTS[0]}"
    local group="${OWNER_PARTS[1]:-}"
    
    # Apply ownership
    change_ownership_advanced "$target_path" "$user" "$group" "$recursive" "true"
    
    # Apply permissions
    if [[ -d "$target_path" ]]; then
        chmod "$dir_perms" "$target_path"
    else
        chmod "$file_perms" "$target_path"
    fi
    
    if [[ "$recursive" == "true" ]]; then
        find "$target_path" -type f -exec chmod "$file_perms" {} \;
        find "$target_path" -type d -exec chmod "$dir_perms" {} \;
    fi
    
    log_action "Policy '$policy_name' applied successfully"
}

# Fleet ownership management
manage_fleet_ownership() {
    local action="$1"
    local target_pattern="$2"
    local ownership_spec="$3"
    
    log_action "Fleet ownership management: $action on $target_pattern"
    
    case "$action" in
        "audit")
            audit_fleet_ownership "$target_pattern"
            ;;
        "standardize")
            standardize_fleet_ownership "$target_pattern" "$ownership_spec"
            ;;
        "policy-apply")
            apply_fleet_policy "$target_pattern" "$ownership_spec"
            ;;
        "report")
            generate_fleet_ownership_report
            ;;
    esac
}

# Audit fleet ownership
audit_fleet_ownership() {
    local target_pattern="$1"
    
    echo "Auditing fleet ownership for pattern: $target_pattern"
    
    # Find files matching pattern
    local files=($(find / -path "$target_pattern" 2>/dev/null | head -100))
    
    local audit_report="$REPORT_DIR/fleet_ownership_audit_$(date +%Y%m%d_%H%M%S).json"
    
    cat > "$audit_report" << EOF
{
    "audit_info": {
        "pattern": "$target_pattern",
        "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
        "hostname": "$(hostname)",
        "files_found": ${#files[@]}
    },
    "ownership_summary": {},
    "security_findings": [],
    "recommendations": []
}
EOF
    
    # Analyze ownership patterns
    local owners=()
    local groups=()
    local permissions=()
    
    for file in "${files[@]}"; do
        if [[ -e "$file" ]]; then
            owners+=($(stat -f "%Su" "$file"))
            groups+=($(stat -f "%Sg" "$file"))
            permissions+=($(stat -f "%A" "$file"))
        fi
    done
    
    # Generate summary
    local unique_owners=($(printf '%s\n' "${owners[@]}" | sort -u))
    local unique_groups=($(printf '%s\n' "${groups[@]}" | sort -u))
    
    jq --argjson owners "$(printf '%s\n' "${unique_owners[@]}" | jq -R . | jq -s .)" \
       --argjson groups "$(printf '%s\n' "${unique_groups[@]}" | jq -R . | jq -s .)" \
       '.ownership_summary = {
           "unique_owners": $owners,
           "unique_groups": $groups,
           "total_files": '${#files[@]}'
       }' "$audit_report" > "${audit_report}.tmp" && mv "${audit_report}.tmp" "$audit_report"
    
    log_action "Fleet ownership audit completed: $audit_report"
    echo "$audit_report"
}

# Main execution function
main() {
    local action="${1:-change}"
    local target="${2:-}"
    local owner="${3:-}"
    local group="${4:-}"
    local options="${5:-}"
    
    log_action "=== MacFleet Ownership Management Started ==="
    log_action "Action: $action, Target: $target, Owner: $owner, Group: $group"
    
    case "$action" in
        "change")
            if [[ -z "$target" || -z "$owner" ]]; then
                echo "Usage: $0 change <target_path> <owner> [group] [recursive]"
                exit 1
            fi
            change_ownership_advanced "$target" "$owner" "$group" "$options"
            ;;
        "policy")
            if [[ -z "$target" || -z "$owner" ]]; then
                echo "Usage: $0 policy <target_path> <policy_name> [recursive]"
                exit 1
            fi
            apply_ownership_policy "$target" "$owner" "$group"
            ;;
        "audit")
            audit_fleet_ownership "${target:-/Users/*}"
            ;;
        "fleet")
            manage_fleet_ownership "$owner" "$target" "$group"
            ;;
        "help")
            echo "Usage: $0 [action] [options...]"
            echo "Actions:"
            echo "  change <path> <owner> [group] [recursive] - Change ownership"
            echo "  policy <path> <policy> [recursive] - Apply ownership policy"
            echo "  audit [pattern] - Audit ownership across fleet"
            echo "  fleet <action> <pattern> <spec> - Fleet management"
            echo "  help - Show this help"
            echo ""
            echo "Available policies: ${!OWNERSHIP_POLICIES[*]}"
            ;;
        *)
            log_action "ERROR: Unknown action: $action"
            exit 1
            ;;
    esac
    
    log_action "=== Ownership management completed ==="
}

# Execute main function
main "$@"

Common Ownership Scenarios

Employee Role Change

#!/bin/bash

# Transfer ownership when employee changes roles
transfer_employee_files() {
    local old_user="$1"
    local new_user="$2"
    local base_path="$3"
    
    echo "Transferring files from $old_user to $new_user in $base_path"
    
    # Find all files owned by old user
    local files=($(find "$base_path" -user "$old_user" 2>/dev/null))
    
    echo "Found ${#files[@]} files owned by $old_user"
    
    for file in "${files[@]}"; do
        if chown "$new_user" "$file"; then
            echo "✓ Transferred: $file"
        else
            echo "✗ Failed: $file"
        fi
    done
    
    echo "Transfer completed"
}

# Usage
transfer_employee_files "john.doe" "jane.smith" "/Users/Shared/Projects"

Project Handover

#!/bin/bash

# Complete project handover with ownership and permissions
project_handover() {
    local project_path="$1"
    local new_owner="$2"
    local team_group="$3"
    
    echo "Starting project handover: $project_path"
    
    # Change ownership recursively
    chown -R "$new_owner:$team_group" "$project_path"
    
    # Set appropriate permissions
    find "$project_path" -type d -exec chmod 775 {} \;  # Directories
    find "$project_path" -type f -exec chmod 664 {} \;  # Files
    find "$project_path" -name "*.sh" -exec chmod 755 {} \;  # Scripts
    
    echo "Project handover completed"
    echo "New owner: $new_owner"
    echo "Team group: $team_group"
    ls -la "$project_path"
}

# Usage
project_handover "/Users/Shared/ProjectAlpha" "daniel" "developers"

Security Compliance Check

#!/bin/bash

# Check ownership compliance across critical directories
compliance_check() {
    local directories=("/etc" "/usr/local" "/Applications" "/Users/Shared")
    
    echo "=== Ownership Compliance Check ==="
    
    for dir in "${directories[@]}"; do
        if [[ -d "$dir" ]]; then
            echo -e "\nChecking: $dir"
            
            # Find world-writable files
            local world_writable=$(find "$dir" -type f -perm -002 2>/dev/null | head -5)
            if [[ -n "$world_writable" ]]; then
                echo "⚠️  World-writable files found:"
                echo "$world_writable"
            fi
            
            # Find files with unusual ownership
            local unusual_owners=$(find "$dir" -maxdepth 2 ! -user root ! -user "$(whoami)" 2>/dev/null | head -5)
            if [[ -n "$unusual_owners" ]]; then
                echo "ℹ️  Non-standard ownership:"
                echo "$unusual_owners" | xargs ls -la
            fi
        fi
    done
}

# Run compliance check
compliance_check

Important Notes

  • Admin privileges required for changing ownership of files not owned by current user
  • User validation - Always verify target user exists before changing ownership
  • Backup metadata before making bulk ownership changes
  • Test scripts on sample files before production deployment
  • Monitor permissions after ownership changes to ensure proper access
  • Use recursive options carefully to avoid unintended changes
  • Group membership affects file access even with proper ownership

Tutorial

Nuevas actualizaciones y mejoras para Macfleet.
Síguenos en X.com

Configurando un Runner de GitHub Actions en un Mac Mini (Apple Silicon)

Runner de GitHub Actions

GitHub Actions es una plataforma poderosa de CI/CD que te permite automatizar tus flujos de trabajo de desarrollo de software. Aunque GitHub ofrece runners hospedados, los runners auto-hospedados proporcionan mayor control y personalización para tu configuración de CI/CD. Este tutorial te guía a través de la configuración y conexión de un runner auto-hospedado en un Mac mini para ejecutar pipelines de macOS.

Prerrequisitos

Antes de comenzar, asegúrate de tener:

  • Un Mac mini (regístrate en Macfleet)
  • Un repositorio de GitHub con derechos de administrador
  • Un gestor de paquetes instalado (preferiblemente Homebrew)
  • Git instalado en tu sistema

Paso 1: Crear una Cuenta de Usuario Dedicada

Primero, crea una cuenta de usuario dedicada para el runner de GitHub Actions:

# Crear la cuenta de usuario 'gh-runner'
sudo dscl . -create /Users/gh-runner
sudo dscl . -create /Users/gh-runner UserShell /bin/bash
sudo dscl . -create /Users/gh-runner RealName "GitHub runner"
sudo dscl . -create /Users/gh-runner UniqueID "1001"
sudo dscl . -create /Users/gh-runner PrimaryGroupID 20
sudo dscl . -create /Users/gh-runner NFSHomeDirectory /Users/gh-runner

# Establecer la contraseña para el usuario
sudo dscl . -passwd /Users/gh-runner tu_contraseña

# Agregar 'gh-runner' al grupo 'admin'
sudo dscl . -append /Groups/admin GroupMembership gh-runner

Cambia a la nueva cuenta de usuario:

su gh-runner

Paso 2: Instalar Software Requerido

Instala Git y Rosetta 2 (si usas Apple Silicon):

# Instalar Git si no está ya instalado
brew install git

# Instalar Rosetta 2 para Macs Apple Silicon
softwareupdate --install-rosetta

Paso 3: Configurar el Runner de GitHub Actions

  1. Ve a tu repositorio de GitHub
  2. Navega a Configuración > Actions > Runners

Runner de GitHub Actions

  1. Haz clic en "New self-hosted runner" (https://github.com/<username>/<repository>/settings/actions/runners/new)
  2. Selecciona macOS como imagen del runner y ARM64 como arquitectura
  3. Sigue los comandos proporcionados para descargar y configurar el runner

Runner de GitHub Actions

Crea un archivo .env en el directorio _work del runner:

# archivo _work/.env
ImageOS=macos15
XCODE_15_DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer
  1. Ejecuta el script run.sh en tu directorio del runner para completar la configuración.
  2. Verifica que el runner esté activo y escuchando trabajos en la terminal y revisa la configuración del repositorio de GitHub para la asociación del runner y el estado Idle.

Runner de GitHub Actions

Paso 4: Configurar Sudoers (Opcional)

Si tus acciones requieren privilegios de root, configura el archivo sudoers:

sudo visudo

Agrega la siguiente línea:

gh-runner ALL=(ALL) NOPASSWD: ALL

Paso 5: Usar el Runner en Flujos de Trabajo

Configura tu flujo de trabajo de GitHub Actions para usar el runner auto-hospedado:

name: Flujo de trabajo de muestra

on:
  workflow_dispatch:

jobs:
  build:
    runs-on: [self-hosted, macOS, ARM64]
    steps:
      - name: Instalar NodeJS
        run: brew install node

El runner está autenticado en tu repositorio y etiquetado con self-hosted, macOS, y ARM64. Úsalo en tus flujos de trabajo especificando estas etiquetas en el campo runs-on:

runs-on: [self-hosted, macOS, ARM64]

Mejores Prácticas

  • Mantén tu software del runner actualizado
  • Monitorea regularmente los logs del runner para problemas
  • Usa etiquetas específicas para diferentes tipos de runners
  • Implementa medidas de seguridad apropiadas
  • Considera usar múltiples runners para balanceo de carga

Solución de Problemas

Problemas comunes y soluciones:

  1. Runner no conectando:

    • Verifica conectividad de red
    • Verifica validez del token de GitHub
    • Asegúrate de permisos apropiados

  2. Fallas de construcción:

    • Verifica instalación de Xcode
    • Verifica dependencias requeridas
    • Revisa logs del flujo de trabajo

  3. Problemas de permisos:

    • Verifica permisos de usuario
    • Verifica configuración de sudoers
    • Revisa permisos del sistema de archivos

Conclusión

Ahora tienes un runner auto-hospedado de GitHub Actions configurado en tu Mac mini. Esta configuración te proporciona más control sobre tu entorno de CI/CD y te permite ejecutar flujos de trabajo específicos de macOS de manera eficiente.

Recuerda mantener regularmente tu runner y mantenerlo actualizado con los últimos parches de seguridad y versiones de software.

Aplicación Nativa

Aplicación nativa de Macfleet

Guía de Instalación de Macfleet

Macfleet es una solución poderosa de gestión de flota diseñada específicamente para entornos de Mac Mini alojados en la nube. Como proveedor de hosting en la nube de Mac Mini, puedes usar Macfleet para monitorear, gestionar y optimizar toda tu flota de instancias Mac virtualizadas.

Esta guía de instalación te llevará a través de la configuración del monitoreo de Macfleet en sistemas macOS, Windows y Linux para asegurar una supervisión integral de tu infraestructura en la nube.

🍎 macOS

  • Descarga el archivo .dmg para Mac aquí
  • Haz doble clic en el archivo .dmg descargado
  • Arrastra la aplicación Macfleet a la carpeta Aplicaciones
  • Expulsa el archivo .dmg
  • Abre Preferencias del Sistema > Seguridad y Privacidad
    • Pestaña Privacidad > Accesibilidad
    • Marca Macfleet para permitir el monitoreo
  • Inicia Macfleet desde Aplicaciones
  • El seguimiento comienza automáticamente

🪟 Windows

  • Descarga el archivo .exe para Windows aquí
  • Haz clic derecho en el archivo .exe > "Ejecutar como administrador"
  • Sigue el asistente de instalación
  • Acepta los términos y condiciones
  • Permite en Windows Defender si se solicita
  • Concede permisos de monitoreo de aplicaciones
  • Inicia Macfleet desde el Menú Inicio
  • La aplicación comienza el seguimiento automáticamente

🐧 Linux

  • Descarga el paquete .deb (Ubuntu/Debian) o .rpm (CentOS/RHEL) aquí
  • Instala usando tu gestor de paquetes
    • Ubuntu/Debian: sudo dpkg -i Macfleet-linux.deb
    • CentOS/RHEL: sudo rpm -ivh Macfleet-linux.rpm
  • Permite permisos de acceso X11 si se solicita
  • Agrega el usuario a los grupos apropiados si es necesario
  • Inicia Macfleet desde el menú de Aplicaciones
  • La aplicación comienza el seguimiento automáticamente

Nota: Después de la instalación en todos los sistemas, inicia sesión con tus credenciales de Macfleet para sincronizar datos con tu panel de control.