MacOS
Postinstall
Disable Dashboard
Nobody ever uses the Dashboard, so let's disable it:
defaults write com.apple.dashboard mcx-disabled -boolean YES killall Dock
Disable Spotlight
Here's how to disable Spotlight[1] altogether:
mdutil -a -i off sudo chmod 0 /System/Library/CoreServices/Spotlight.app # MacOS 10.5 and earlier sudo killall Spotlight
Disable Spotlight's metadata service:
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.metadata.mds.plist
Disable Spotlight icon[2] in the menubar:
sudo chmod 0 /System/Library/CoreServices/Spotlight.app # MacOS 10.5 & 10.6 sudo chmod 0 /System/Library/CoreServices/Search.bundle/Contents/MacOS/Search # MacOS 10.7 sudo killall SystemUIServer
Login Screen Background
Replace login screen background image[3]:
sudo mv /System/Library/CoreServices/DefaultDesktop.jpg{,.old}
sudo ln -s /usr/local/share/images/foo.jpg /System/Library/CoreServices/DefaultDesktop.jpg
defaults write com.apple.appstore ShowDebugMenu -bool true
locate
Regularily update the locate database:
launchctl load -w /System/Library/LaunchDaemons/com.apple.locate.plist
Note: the MacOS version of locate is rather old and limited[4], one might want to install the MacPorts (slocate) or Homebrew (GNU/findutils) version.
newsyslog
MacOS uses newsyslog[5] to rotate its logfiles. In /etc/newsyslog.conf the rotation intervals are set to "size", let's change those to "monthly":
sed -i .bak 's/ 1000.*\*/ * $M1D0/;s/ J/-/' /etc/newsyslog.conf
One may want to repeat that for other files in /etc/newsyslog.d.
Note: on MacOS, the Apple System Log[6] is responsible for handling logging events, including system.log and kernel.log.[7]
Screen Sharing
Enable screen sharing[8]
sudo defaults write /var/db/launchd.db/com.apple.launchd/overrides.plist com.apple.screensharing -dict Disabled -bool false sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist
Now one can connect to network port 5900/tcp and login:
$ netstat -an | grep -F .5900 tcp6 0 0 *.5900 *.* LISTEN tcp4 0 0 *.5900 *.* LISTEN
Or, as a legacy way to start the Apple Remote Desktop[9] service (ARD):
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent
Activate Remote Desktop Sharing, enable access privileges for all users, restart ARD Agent:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -restart -agent -privs -all
We want to be able to send email. Being a desktop system, we'll use a smart host to deliver our email:
sudo postconf -e relayhost=mail.example.net:25
Adjust the aliases(5) file and run newaliases to initialize the alias database (/etc/aliases.db):
$ grep ^root /etc/aliases root: eve@example.net $ sudo newaliases
Fsck on boot
Short of setting a file system flag, one can use safe mode[10] to force fsck on the next boot:[11]
sudo nvram boot-args="-x -v" sudo shutdown -r now
The system will boot into safe mode and automatically execute an fsck run on the root file system, then boot into safe mode. Be sure to reset boot-args to something more sensible[12] again.
Misc
Show full path in Finder windows via defaults(1)[13]
defaults write com.apple.finder _FXShowPosixPathInTitle -bool YES && killall Finder
Change Dock to 2D:
defaults write com.apple.dock no-glass -boolean YES && killall Dock
Change format of screenshots:
defaults write com.apple.screencapture type png
Enable Time Machine to backup to unsupported devices, e.g. network drives:
defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
Prevent .DS_Store file creation[14] on network shares:[15]
$ defaults write com.apple.desktopservices DSDontWriteNetworkStores true
$ plutil -p ~/Library/Preferences/com.apple.desktopservices.plist
{
"DSDontWriteNetworkStores" => "true"
}
Disable the "Are you sure you want to open this file" warning[16]:
defaults write com.apple.LaunchServices LSQuarantine -bool NO && killall Finder
Temporarily remove all desktop icons:
defaults write com.apple.finder CreateDesktop -bool false && killall Finder # Use true to restore them!
Reset the DNS cache[17]:
sudo pkill -HUP -f mDNSResponder
Or, for MacOS 10.6:
sudo dscacheutil -flushcache
To force eject a CD/DVD[18], use one of the following options:
- Reboot while holding the left mouse button
- Reboot while holding the eject key on the keyboard
- Use
drutil tray ejectin the Terminal
Get battery status:
$ pmset -g batt Now drawing from 'Battery Power' -InternalBattery-0 24%; discharging; 0:47 remaining present: true
defaults write org.macosforge.xquartz.X11 enable_iglx -bool true
Disable Bluetooth Autoconnect:[20]
sudo defaults write /Library/Preferences/com.apple.Bluetooth.plist DontPageAudioDevices 1
Set audio volume from command line via osascript:
osascript -e "set Volume 5" # 0..10
Say something:
say Something
Sometimes the keyboard shortcut file gets corrupted and has to be regenerated:[21]
mv ~/Library/Preferences/com.apple.symbolichotkeys.plist ~/trash/ pkill Dock
Enter System Preferences and adjust the keyboard shortcuts again. There isn't much to go by from the diff:
plutil -convert xml1 -o s.pre ~/trash/com.apple.symbolichotkeys.plist plutil -convert xml1 -o s.post ~/Library/Preferences/com.apple.symbolichotkeys.plist diff -u s.pre s.post
Check for FileVault encryption progress:
diskutil cs list
Enable TRIM:
trimforce enable
After a reboot, TRIM should be enabled:
$ system_profiler SPSerialATADataType
[...]
BSD Name: disk0
Medium Type: Solid State
TRIM Support: Yes
As macOS isn't linked against glibc we usually have no ldd available to examine shared objects a binary might use. But we can use otool[22] to get similar information:
$ otool -L `which ls` /bin/ls: /usr/lib/libutil.dylib (compatibility version 1.0.0, current version 1.0.0) /usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0, current version 5.4.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)
And, similarily with dyldinfo:
$ /Library/Developer/CommandLineTools/usr/bin/dyldinfo -dylibs `which ls`
attributes dependent dylibs
/usr/lib/libutil.dylib
/usr/lib/libncurses.5.4.dylib
/usr/lib/libSystem.B.dylib
Autostart
Starting services automatically upon system start or user login can be via Launch Daemons resp. Launch Agents[23][24]:
$ COLUMNS=100 man launchctl | grep -A4 \~
~/Library/LaunchAgents Per-user agents provided by the user.
/Library/LaunchAgents Per-user agents provided by the administrator.
/Library/LaunchDaemons System wide daemons provided by the administrator.
/System/Library/LaunchAgents OS X Per-user agents.
/System/Library/LaunchDaemons OS X System wide daemons.
Example:
$ brew list nrpe | grep plist /usr/local/Cellar/nrpe/3.2.1/homebrew.mxcl.nrpe.plist $ sudo cp /usr/local/Cellar/nrpe/3.2.1/homebrew.mxcl.nrpe.plist /Library/LaunchDaemons/
Adjust the new .plist file as needed, verify for syntax errors and load:
$ plutil -lint /Library/LaunchDaemons/homebrew.mxcl.nrpe.plist /Library/LaunchDaemons/homebrew.mxcl.nrpe.plist: OK $ sudo launchctl load -w /Library/LaunchDaemons/homebrew.mxcl.nrpe.plist
User Management
Create a new user with its own group:[25]
user=foobar && group=foobar
dscl . -create /Groups/$group
dscl . -create /Groups/$group PrimaryGroupID 2345 # Use dscl /Local/Default -list /Groups PrimaryGroupID to
# check for existing GIDs
dscl . -create /Groups/$group Password \*
dscl . -create /Users/$user
dscl . -create /Users/$user UserShell /bin/bash
dscl . -create /Users/$user RealName "Foo Bar"
dscl . -create /Users/$user UniqueID 1234 # Use dscl /Local/Default -list /Users UniqueID to
# check for existing UIDs
dscl . -create /Users/$user PrimaryGroupID 2345
dscl . -create /Users/$user Password \*
dscl . -create /Users/$user NFSHomeDirectory /Users/$user
dscl . -passwd /Users/$user s3cr3t
After the user has been created, create the $HOME directory too:
mkdir -m0700 /Users/$user chown $user:$group /Users/$user
To remove the same user, use:
dscl . -delete /Users/$user
dscl . -delete /Groups/$group
rm -r /Users/$user # This will remove the user's $HOME directory.
Examine a single user:
$ dscl . -read /Users/$user [...] AppleMetaNodeLocation: /Local/Default GeneratedUID: 2EE2C394-C6BC-482A-9709-3432F31D45E0 NFSHomeDirectory: /Users/foobar Password: ******** PrimaryGroupID: 2345 RealName: Foo Bar RecordName: foobar RecordType: dsRecTypeStandard:Users UniqueID: 1234 UserShell: /bin/bash
Software
In most cases, 3rd party software repositories will need the Xcode Commandline Tools[26] installed:
xcode-select --install
...will open a GUI prompt and install the command line tools, w/o the whole Xcode package.
$ xcode-select -p /Library/Developer/CommandLineTools
Fink
The Fink project provides precompile binaries or installs packages from source. Its default install location is /sw, which can be changed of course:
curl -LO http://downloads.sourceforge.net/fink/fink-0.42.0.tar.gz tar -xzf fink*tar.gz
If a local compiler has not already been set:
sudo xcode-select -switch /Applications/Xcode.app/Contents/Developer sudo xcodebuild -license
Install Fink:
cd fink* ./bootstrap /opt/fink
Update package sources & index:
fink selfupdate-rsync fink index -f
With that in place, packages can be installed:
$ fink list | wc -l 4572
GPG Tools
GPG Tools (or "GPG Suite"[27]) is PGP, integrated into MacOS X, mainly Mail.app. It consists of the following parts:
- GPG for Mail - PGP for
Mail.app - GPG Keychain - GUI for your PGP keychain
- GPG Services - Provide PGP functionality to other applications
- MacGPG -
gnupgbinary, providing all of the above.
Installation should be self-explanatory, uninstallation not so much:
- If you still have the installer image, run the "Uninstall" application.
- If not, download the uninstaller, extract it and run the "Uninstall GPG Suite" application.
Homebrew
→ Homebrew
Java
Apple has stopped delivering Java with MacOS with OS X 10.7 (Lion)[28]. Since then, Java should be installed directly from Oracle.
Uninstall with:
sudo rm -rf /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin sudo rm -f /Library/PreferencePanes/JavaControlPanel.prefpane sudo rm -rf /Library/Java
MacPorts
→ see MacPorts
Links
- How to set up and maintain a FIPS-enabled OS X Lion system
- AppStore: You have updates available for other accounts
- Wireless Sniffing using a Mac with OS X 10.6 and above
- Titanium OnyX
- How to Create a Time Machine Backup to a Network Drive in Lion
- macOS Catalina Patcher
- Use ioreg command to get battery cycle count
- About the screens you see when your Mac starts up (including the Prohibitory symbol)
- macOS Shutdown Causes
References
- ↑ How to Disable (or Enable) Spotlight in Mac OS X Mavericks & Mountain Lion
- ↑ How do I hide the Spotlight icon on Yosemite, but keep the Spotlight functionality?
- ↑ Customize the Mac OS X Login Screen
- ↑ Limitations of the Mac OSX 'locate' Utility
- ↑ newsyslog(8)
- ↑ Mac OS X Server: The System Log
- ↑ Where is the log file generated by a verbose start-up in OS X Lion?
- ↑ Enabling OS X Screen Sharing from the Command Line
- ↑ Apple Remote Desktop: Configuring remotely via command line (kickstart)
- ↑ How to use safe mode on your Mac
- ↑ Force fsck on headless servers and remote macs
- ↑ Is there a list of available boot-args for darwin / OS X
- ↑ defaults(1)
- ↑ On the origins of .DS_Store
- ↑ Mac OS X v10.4 and later: How to prevent .DS_Store file creation over network connections
- ↑ Disable the “Are you sure you want to open this file?” warning dialogue in Mac OS X
- ↑ OS X: How to reset the DNS cache
- ↑ Mac OS X - Force Ejecting a CD
- ↑ XQuartz 2.7.10
- ↑ macOS switches to Bluetooth headphones automatically
- ↑ Q: Mission Control Shortcut Keys not Working. Help Please!
- ↑ jtool - Taking the O out of otool(1), and so much more
- ↑ Creating Launch Daemons and Agents
- ↑ What are the differences between LaunchAgents and LaunchDaemons?
- ↑ What is an equivalent of the adduser command on Mac OS X?
- ↑ Xcode 4.4 and later install Command Line Tools
- ↑ Consider renaming app to "GPG Tools"
- ↑ How do I know if I have Java installed on my Mac?