From Segfault
(Redirected from MacOS X)
Jump to navigation Jump to search


Disable Dashboard

Nobody ever uses the Dashboard, so let's disable it:

defaults write mcx-disabled -boolean YES
killall Dock

Disable Spotlight

Here's how to disable Spotlight[1] altogether:

mdutil -a -i off
sudo chmod 0 /System/Library/CoreServices/                          # MacOS 10.5 and earlier
sudo killall Spotlight

Disable Spotlight's metadata service:

sudo launchctl unload -w /System/Library/LaunchDaemons/

Disable Spotlight icon[2] in the menubar:

sudo chmod 0 /System/Library/CoreServices/                          # MacOS 10.5 & 10.6
sudo chmod 0 /System/Library/CoreServices/Search.bundle/Contents/MacOS/Search    # MacOS 10.7
sudo killall SystemUIServer

Login Screen Background

Replace login screen background image[3]:

sudo mv /System/Library/CoreServices/DefaultDesktop.jpg{,.old}
sudo ln -s /usr/local/share/images/foo.jpg /System/Library/CoreServices/DefaultDesktop.jpg

Enable debug menu in AppStore

defaults write ShowDebugMenu -bool true


Regularily update the locate database:

launchctl load -w /System/Library/LaunchDaemons/

Note: the MacOS version of locate is rather old and limited[4], one might want to install the MacPorts (slocate) or Homebrew (GNU/findutils) version.


MacOS uses newsyslog[5] to rotate its logfiles. In /etc/newsyslog.conf the rotation intervals are set to "size", let's change those to "monthly":

sed -i .bak 's/ 1000.*\*/ *    $M1D0/;s/ J/-/' /etc/newsyslog.conf

One may want to repeat that for other files in /etc/newsyslog.d.

Note: on MacOS, the Apple System Log[6] is responsible for handling logging events, including system.log and kernel.log.[7]

Screen Sharing

Enable screen sharing[8]

sudo defaults write /var/db/launchd.db/ -dict Disabled -bool false
sudo launchctl load -w /System/Library/LaunchDaemons/

Now one can connect to network port 5900/tcp and login:

$ netstat -an | fgrep .5900
tcp6       0      0  *.5900                 *.*                    LISTEN
tcp4       0      0  *.5900                 *.*                    LISTEN

Or, as a legacy way to start the Apple Remote Desktop[9] service (ARD):

sudo /System/Library/CoreServices/RemoteManagement/ -restart -agent

Activate Remote Desktop Sharing, enable access privileges for all users, restart ARD Agent:

sudo /System/Library/CoreServices/RemoteManagement/ -activate -configure -access -on -restart -agent -privs -all


We want to be able to send email. Being a desktop system, we'll use a smart host to deliver our email:

sudo postconf -e

Adjust the aliases(5) file and run newaliases to initialize the alias database (/etc/aliases.db):

$ grep ^root /etc/aliases

$ sudo newaliases

Fsck on boot

Short of setting a file system flag, one can use safe mode[10] to force fsck on the next boot:[11]

sudo nvram boot-args="-x -v"
sudo shutdown -r now

The system will boot into safe mode and automatically execute an fsck run on the root file system, then boot into safe mode. Be sure to reset boot-args to something more sensible[12] again.


Show full path in Finder windows via defaults(1)[13]

defaults write _FXShowPosixPathInTitle -bool YES && killall Finder 

Change Dock to 2D:

defaults write no-glass -boolean YES && killall Dock

Change format of screenshots:

defaults write type png

Enable Time Machine to backup to unsupported devices, e.g. network drives:

defaults write TMShowUnsupportedNetworkVolumes 1 

Prevent .DS_Store file creation[14] on network shares:[15]

$ defaults write DSDontWriteNetworkStores true

$ plutil -p ~/Library/Preferences/
  "DSDontWriteNetworkStores" => "true"

Disable the "Are you sure you want to open this file" warning[16]:

defaults write LSQuarantine -bool NO && killall Finder

Temporarily remove all desktop icons:

defaults write CreateDesktop -bool false && killall Finder    # Use true to restore them!

Reset the DNS cache[17]:

sudo pkill -HUP -f mDNSResponder

Or, for MacOS 10.6:

sudo dscacheutil -flushcache

To force eject a CD/DVD[18], use one of the following options:

  1. Reboot while holding the left mouse button
  2. Reboot while holding the eject key on the keyboard
  3. Use drutil tray eject in the Terminal

Get battery status:

$ pmset -g batt
Now drawing from 'Battery Power'
 -InternalBattery-0     24%; discharging; 0:47 remaining present: true

Enable GLX in X11:[19]

defaults write org.macosforge.xquartz.X11 enable_iglx -bool true

Disable Bluetooth Autoconnect:[20]

sudo defaults write /Library/Preferences/ DontPageAudioDevices 1

Set audio volume from command line via osascript:

osascript -e "set Volume 5"                                                                            # 0..10

Say something:

say Something

Sometimes the keyboard shortcut file gets corrupted and has to be regenerated:[21]

mv ~/Library/Preferences/ ~/trash/
pkill Dock

Enter System Preferences and adjust the keyboard shortcuts again. There isn't much to go by from the diff:

plutil -convert xml1 -o s.pre ~/trash/
plutil -convert xml1 -o ~/Library/Preferences/
diff -u s.pre

Check for FileVault encryption progress:

diskutil cs list

Enable TRIM:

trimforce enable

After a reboot, TRIM should be enabled:

$ system_profiler SPSerialATADataType
         BSD Name: disk0
         Medium Type: Solid State
         TRIM Support: Yes

As macOS isn't linked against glibc we usually have no ldd available to examine shared objects a binary might use. But we can use otool[22] to get similar information:

$ otool -L `which ls`
	/usr/lib/libutil.dylib (compatibility version 1.0.0, current version 1.0.0)
	/usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0, current version 5.4.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)

And, similarily with dyldinfo:

$ /Library/Developer/CommandLineTools/usr/bin/dyldinfo -dylibs `which ls`
attributes     dependent dylibs


Starting services automatically upon system start or user login can be via Launch Daemons resp. Launch Agents[23][24]:

$ COLUMNS=100 man launchctl | fgrep -A4 \~
    ~/Library/LaunchAgents         Per-user agents provided by the user.
    /Library/LaunchAgents          Per-user agents provided by the administrator.
    /Library/LaunchDaemons         System wide daemons provided by the administrator.
    /System/Library/LaunchAgents   OS X Per-user agents.
    /System/Library/LaunchDaemons  OS X System wide daemons.


$ brew list nrpe | grep plist

$ sudo cp /usr/local/Cellar/nrpe/3.2.1/homebrew.mxcl.nrpe.plist /Library/LaunchDaemons/

Adjust the new .plist file as needed, verify for syntax errors and load:

$ plutil -lint /Library/LaunchDaemons/homebrew.mxcl.nrpe.plist 
/Library/LaunchDaemons/homebrew.mxcl.nrpe.plist: OK

$ sudo launchctl load -w /Library/LaunchDaemons/homebrew.mxcl.nrpe.plist

User Management

Create a new user with its own group:[25]

user=foobar && group=foobar
dscl . -create /Groups/$group
dscl . -create /Groups/$group PrimaryGroupID 2345    # Use dscl /Local/Default -list /Groups PrimaryGroupID to
                                                     # check for existing GIDs
dscl . -create /Groups/$group Password \*

dscl . -create /Users/$user
dscl . -create /Users/$user UserShell /bin/bash
dscl . -create /Users/$user RealName "Foo Bar"
dscl . -create /Users/$user UniqueID 1234             # Use dscl /Local/Default -list /Users UniqueID to 
                                                      # check for existing UIDs

dscl . -create /Users/$user PrimaryGroupID 2345
dscl . -create /Users/$user Password \*
dscl . -create /Users/$user NFSHomeDirectory /Users/$user
dscl . -passwd /Users/$user s3cr3t

After the user has been created, create the $HOME directory too:

mkdir -m0700 /Users/$user
chown $user:$group /Users/$user

To remove the same user, use:

dscl . -delete /Users/$user
dscl . -delete /Groups/$group
rm -r /Users/$user                                    # This will remove the user's $HOME directory.

Examine a single user:

$ dscl . -read /Users/$user
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 2EE2C394-C6BC-482A-9709-3432F31D45E0
NFSHomeDirectory: /Users/foobar
Password: ********
PrimaryGroupID: 2345
RealName: Foo Bar
RecordName: foobar
RecordType: dsRecTypeStandard:Users
UniqueID: 1234
UserShell: /bin/bash


In most cases, 3rd party software repositories will need the Xcode Commandline Tools[26] installed:

xcode-select --install

...will open a GUI prompt and install the command line tools, w/o the whole Xcode package.

$ xcode-select -p


The Fink project provides precompile binaries or installs packages from source. Its default install location is /sw, which can be changed of course:

curl -LO
tar -xzf fink*tar.gz

If a local compiler has not already been set:

sudo xcode-select -switch /Applications/
sudo xcodebuild -license

Install Fink:

cd fink*
./bootstrap /opt/fink

Update package sources & index:

fink selfupdate-rsync
fink index -f

With that in place, packages can be installed:

$ fink list | wc -l

GPG Tools

GPG Tools (or "GPG Suite"[27]) is PGP, integrated into MacOS X, mainly It consists of the following parts:

  • GPG for Mail - PGP for
  • GPG Keychain - GUI for your PGP keychain
  • GPG Services - Provide PGP functionality to other applications
  • MacGPG - gnupg binary, providing all of the above.

Installation should be self-explanatory, uninstallation not so much:

  • If you still have the installer image, run the "Uninstall" application.
  • If not, download the uninstaller, extract it and run the "Uninstall GPG Suite" application.




Apple has stopped delivering Java with MacOS with OS X 10.7 (Lion)[28]. Since then, Java should be installed directly from Oracle.

Uninstall with:

sudo rm -rf /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin
sudo rm -f  /Library/PreferencePanes/JavaControlPanel.prefpane
sudo rm -rf /Library/Java


→ see MacPorts