Mac OS X

From HerzbubeWiki
Jump to: navigation, search

Contents

Tweaks & Customizations

Poof (animation when removing an icon from the Dock)

Replace the following file (first make a backup copy of the original):

/System/Library/CoreServices/Dock.app/Contents/Resources/poof.png
moria:~ --> ls -l /System/Library/CoreServices/Dock.app/Contents/Resources/poof.png
-rw-r--r--  1 root  wheel  57693 12 Okt  2007 /System/Library/CoreServices/Dock.app/Contents/Resources/poof.png

Note: This should still work on Mac OS X 10.5. On older versions of Mac OS X the file was poof.pdf


BootPanel

Replace the following file (first make a backup copy of the original):

/System/Library/CoreServices/SystemStarter/QuartzDisplay.bundle/Resources/BootPanel.pdf
moria:~ --> l /System/Library/CoreServices/SystemStarter/QuartzDisplay.bundle/Resources/BootPanel.pdf
-rw-r--r-- 1 root wheel 77887 Aug 2 2001 System/Library/CoreServices/SystemStarter/QuartzDisplay.bundle/Resources/BootPanel.pdf

Note: This no longer works on modern versions of Mac OS X (e.g. Mac OS X 10.5).


Login window

Replace the following file (first make a backup copy of the original):

/System/Library/CoreServices/loginwindow.app/Resources/loginpanel.tiff
moria:~ --> l /System/Library/CoreServices/loginwindow.app/Resources/loginpanel.tiff
-rw-r--r-- 1 root wheel 10694 Nov 9 2001 /System/Library/CoreServices/loginwindow.app/Resources/loginpanel.tiff

Note: This no longer works on modern versions of Mac OS X (e.g. Mac OS X 10.5). Login Window is still there (/System/Library/CoreServices/loginwindow.app/) but its resources are now structured differently.


Finder icons

Finder icons are located in the following path:

/System/Library/CoreServices/Finder.app/Contents/Resources


Replace icon of a Java application

  1. Open application folder ("show package contents")
  2. Open Info.plist in Property Editor
  3. Edit CFBundleIconFile to the name of the new icon
  4. Copy the .icns file to the Resources folder


New Standard-Finder

To use e.g. SNAX as the standard Finder application, enter the following within Terminal.app:

# defaults write com.apple.loginwindow Finder /xxx/yyy/SNAX.app

Afterwards log out, then log in again -> voilà.

To get back the original Finder, enter the following within Terminal.app:

# defaults delete com.apple.loginwindow Finder


Screensaver im Desktop Background

Der aktuell eingestellte Screensaver wird im Desktop Background laufen gelassen mit:

/System/Library/Frameworks/ScreenSaver.framework/Resources/ScreenSaverEngine.app/Contents/MacOS/ScreenSaverEngine -background


Focus follows mouse für Terminal.app

defaults write com.apple.Terminal FocusFollowsMouse -string NO

Update: This setting is supported by TinkerTool.


Modify Apple logo at startup

(Mac OS X 10.5 (PowerPC) and later only)

Instructions are here: http://www.macosxhints.com/article.php?story=20071028021722206


Change background image on login screen

This hint uses the "defaults" solution (which I prefer): http://www.macosxhints.com/article.php?story=20070610164328933

sudo defaults write /Library/Preferences/com.apple.loginwindow DesktopPicture '/Library/Desktop Pictures/Aqua Blue.jpg'

This hint uses the "replace file" solution: http://www.macosxhints.com/article.php?story=20071027002458808


Remove 3D look from Dock

(Mac OS X 10.5 and later only)

To remove the 3D look from the Dock - even when it is at the bottom position of the screen - issue this command:

defaults write com.apple.dock no-glass -boolean YES; killall Dock

Update: This setting is supported by TinkerTool.


No transparency on Menubar

Found on macosxhints.com: http://www.macosxhints.com/article.php?story=20071115135215262

sudo defaults write /System/Library/LaunchDaemons/com.apple.WindowServer 'EnvironmentVariables' -dict 'CI_NO_BACKGROUND_IMAGE' 1

Update: In newer versions of Mac OS X 10.5 (one source that I googled says since 10.5.2) there is now an official setting in "System Preferences -> Schreibtisch & Bildschirmschoner -> Schreibtisch" that lets you enable/disable menubar transparency.


Information & Tools

TYPE/CREATOR in Terminal.app

  • GetFileInfo displays type/creator and various other attributes
  • SetFile can be used to change type/creator, e.g. SetFile -c -t

Note: I think these utilities are from the Developer Tools.


Copy resource forks in Terminal.app

The following command copies an entire directory tree, including any resource forks and other HFS meta data:

ditto -rsrc /source-dir /dest-dir

Another possibility is:

/Developer/Tools/CpMac


Clear the immutable flag

On older versions of Mac OS X it often happened that there were files/directories in the Trash that prevented emptying the Trash. This was caused by these files/directories having set the so-called "user immutable" flag (or "uchg" flag).

/usr/bin/chflags can be used to clear the user immutable flag, and manipulate other flags as well, in Terminal.app:

# cd ~/.Trash
# sudo /usr/bin/chflags -R nouchg *


Save QuickTime movies to disk

  1. In QuickTime Preferences, set "save movies in browser's cache" = true
  2. Download a movie
  3. When download is finished, the movie file can be copied with ditto from the folder /tmp//Temporary\ Items (names of QuickTime files use the prefix "QT")


Trashes

  • Jedes Volume hat einen eigenen Ordner .Trashes. Der Ordner .Trashes des System-Volumes scheint dabei aber nicht benutzt zu werden, statt dessen wird der Ordner .Trash im Home-Verzeichnis des gerade eingeloggten Users verwendet (bei root: /private/var/root/.Trash)
  • in den Ordnern .Trashes wird fuer jeden User ein Unterverzeichnis mit seiner User-ID als Namen angelegt. Fuer das Startvolume ist dies nicht noetig, da hier fuer jeden User ein eigener Ordner $HOME/.Trash verwendet wird (entweder in /Users fuer normale User, oder in /private/var/root fuer root)
  • falls eine Datei gleichen Namens mehrmals auf dem gleichen Volume geloescht wird, wird die zweite geloeschte Datei dagegen mit dem Anhaengsel "Kopie" versehen und in $HOME/.Trash verschoben; die dritte geloeschte Datei erhaelt das Anhaengsel "Kopie 2"; etc.. Beim Rueckgaengig-Machen des Loeschens ab der zweiten Datei geraet MacOS? X ins Schleudern und erzeugt am Original-Ort 2 Dateien: die Datei mit dem richtigen Original-Namen ist leer (!!!) vorhanden, die Datei mit dem Anhaengsel existiert jetzt aber ebenfalls am Original-Ort und hat den richtigen Inhalt.Offenbar wird hier die Datei mit dem Anhaengsel zuerst aus dem Trash an den Original-Ort zurueckverschoben und soll dann auf den Original-Namen umkopiert werden. Das Umkopieren schlaegt aber aus irgendeinem Grund fehl, es bleibt einzig eine leere Datei mit dem Original-Namen zurueck. Diese Datei kann nun uebrigens auch nicht mehr geloescht werden, es wird eine Fehlermeldung ausgegeben! (dies geschieht nicht, wenn man eine normal erzeugte, leere Datei zu loeschen versucht, die den gleichen Namen wie eine Datei im Trash hat)


Deutsche Tastaturbelegung auf der Shell

Damit Umlaute der deutschen Tastaturbelegung auf der Shell (bash) funktionieren, müssen folgende Einstellungen gemacht werden:

  1. Terminal Preferences ("Fenstereinstellungen"):
    • Im Bereich "Monitor" die Zeichensatz-Kodierung auf UTF-8 setzen
  2. In $DIRETC/setenv folgende Einstellung vornehmen (Kommentar stammen von der man Page von stty):
# cs8: set character size
# -istrip: do not strip input characters to 7 bits
# -parenb: disable parity generation and detection
stty cs8 -istrip -parenb
  1. In $DIRETC/linked.inputrc folgende Einstellungen vornehmen (Kommentare stammen aus der man Page von bash). Hinweis: in Tat und Wahrheit sind nicht alle 3 Settings nötig, aber ich weiss nicht wirklich, welches Setting welche Auswirkung hat. Wenn alle 3 Settings gemacht werden, dann funktioniert's jedenfalls:
# If set to "on", readline converts 8-bit characters
# to 7-bit characters (i.e. remove the 8th bit) and
# prefix the character with an escacpe character
set convert-meta off
# If set to "on", readline enables 8-bit input
# (i.e. it doesn't strip the 8th bit from the input)
# regardless of what the terminal claims it can
# support
set input-meta on
# If set to "on", readline displays 8-bit characters
# directly instead of as an escape sequence
set output-meta on
  1. In $HOME/.vimrc folgende Einstellung machen:
set encoding=utf-8


Shell-Kommandos auf dem GUI ausführen

(von macosxhints.com)

  1. Ein beliebiges offenes Terminal-Fenster mit Sichern-unter abspeichern
  2. Das resultierende File mit Endung .term in einem Text-Editor laden und so anpassen Shell mycommand
  3. Weitere Kommandos können unter dem Key ExecutionString angegeben werden. Mehrere Kommandos müssen mit einem Return voneinander getrennt werden


Maximale Anzahl Prozesse

(von fink-users Mailing List)

Irgendwo in /System/Library/StartupItems/SystemTuning/SystemTuning steht:

if [ -f /System/Library/CoreServices/ServerVersion.plist -o "${SERVER:=-NO-}" = "-YES-" ]; then sysctl -w kern.maxproc=2048 fi

Einfach die Bedingung entfernen und voilà - es sind 2048 (oder die Anzahl, die man selber reinschreibt) Prozesse erlaubt.


Probleme mit Disks

Als root:

pdisk /dev/rdisk[012...] -dump

gibt die Partitions-Tabelle der "raw disk" 0, 1, 2, ... aus. Nummer 0 ist dabei die eingebaute Disk, 1 das interne DVD, 2 z.B. die externe FireWire Disk. Um vom Output auf das effektive raw device zu kommen, einfach die in Spalte "#" aufgelistete Nummer für die gewünschte Partition verwenden, also z.B. /dev/rdisk0s2

/sbin/fsck_hfs


Umgebungsvariablen für alle Prozesse eines Users

(http://developer.apple.com/qa/qa2001/qa1067.html)

There is a special environment file which loginwindow searches for each time a user logs in. The environment file is:

~/.MacOSX/environment.plist

For each environment variable add a sibling to the plist file with a key of class string.

Update: This can be comfortably managed with the RCEnvironment preference pane.


Eject CD-ROM in Terminal.app

To eject a disk (replace "#" with the correct disk number for the CD-ROM drive):

disktool -e disk#


To list all disks currently mounted:

disktool -l


Start MySQL as system daemon

To create a StartupItem:

daemonic enable mysql

Note: daemonic is provided by Fink.


Manage DNS cache

In Mac OS X 10.5 and later the utility is dscacheutil, in Mac OS X 10.4 and earlier the utility is lookupd.

For instance, to flush the cache:

dscacheutil -flushcache   # 10.5 and later
lookupd -flushcache       # 10.4 and earlier


Manipulate firmware NVRAM variables

Note: See the man page of the nvram utility for more details.

Print all firmware NVRAM variables:

nvram -p

See the value of a specific variable:

nvram variable-name
nvram boot-args   # displays boot arguments

Set the value of a variable:

nvram variable-name = value
nvram boot-args = "-v"   # always boot in verbose mode

Remove a variable:

nvram -d variable-name


Known variables and values:

  • TODO
  • SystemAudioVolume


Execute AppleScripts from the command line

Use osascript to execute an AppleScript from the command line in a fashion similar to how you would run an awk program:

osascript -e 'return "hello world"'
osascript helloworld.scpt
cat helloworld.scpt | osascript

Use osacompile to generate a compiled version of a script:

osacompile -o helloworld.app helloworld.scpt

See each command's man page for more details.


Applications

HVSC

If a new HVSC update is available, just launch SIDPLAY and it will download the update


VICE

Folgendes Vorgehen stimmt für VICE 1.14:

  • Neueste Libraries durch fink installieren
  • export CPPFLAGS=-I$FINKDIR/include
  • export LDFLAGS=-L$FINKDIR/lib
  • ./configure
  • make
  • nachdem make mit Fehler abgebrochen ist, das letzte g++ Kommando in ein Shell Script kopieren
  • Shell Script anpassen durch Anhängen von -L$FINKDIR/lib
  • in Verzeichnis src wechseln und Shell Script ausführen
  • zurück in Hauptverzeichnis und make erneut ausführen. Falls wieder Abbruch mit Fehler, die letzten Schritte solange wiederholen, bis kein Fehler mehr auftritt
  • make install


Xounds

Xounds legt einen Unterordner ~/Library/Xounds an, sobald man den ersten Import macht (die Platinum Klänge z.B. befinden sich im OS9 Systemordner -> Erscheinungsbild).

Um die verschiedenen xoundsets nur 1x ablegen zu müssen, kann man den Ordner Xounds durch einen Link auf den Ordner ersetzen, der die .xoundset Verzeichnisse enthält.

!!! Dabei ist es wichtig, dass es sich dabei um einen Unix Symlink (ln -s im Terminal) handelt, ein Finder Alias funktioniert nicht !!!


Change location of iPhoto library

Open iPhoto 6 while holding the Option (Alt) key. A dialog appears that lets you specify the location of your iPhoto Library.

iPhoto 4 to iPhoto 6 Update: When starting iPhoto 6 for the first time, use the above trick and specify the location of the iPhoto 4 library. iPhoto 6 will now offer to update the library.


Mac OS X 10.3: Creating an Install DVD from a Restore DVD

This is a short walkthrough for that explains how a new G5 restore DVD can be modified so that it functions as a normal install DVD. These instructions assume you are currently using Mac OS X 10.3.

Note: These instructions have been copied almost verbatim from some no-longer-remembered Internet source. Credits go to the Unknown...

  1. Pop DVD #1 in your DVD drive. We don't need Disc 2. That has the extra bundled software which we're not concerned with anyway.
  2. Open Disk Utility and click on the volume labeled "Mac OS X Install Disc 1"
  3. From the Images menu, choose the "New" option and select "Image from Mac OS X Install Disc 1"
  4. Name it whatever you want. I chose test.dmg. Make sure to chose "read/write" as the image format as we will be making changes to it. Do not use "DVD/CD Master". Click save, grab some coffee and wait until it finishes.
  5. Once we have our image, go ahead and mount it.
  6. The more astute of you have noticed at this point that there doesn't seem to be any folder containing the install packages like previous OS X install Discs. That crafty Apple hid them on you. The "go" menu is your friend. In the finder click the "go" menu and select "go to folder".
  7. Type in "/Volumes/Mac OS X Install Disc 1/System/Installation/Packages/OSInstall.mpkg/Contents/" with no quotes. Feel free to copy and paste.
  8. Info.plist is the one we're interested in here. Open this file in your favorite text editor. I recommend BBedit.
  9. find the section that says
<dict>
<key>IFPkgFlagPackageLocation</key>
<string>Bundled Software.mpkg</string>
<key>IFPkgFlagPackageSelection</key>
<string>selected</string>
</dict>
  1. Delete it and save the file.
  2. Unmount the image by hitting the eject symbol next to it in the sidebar or by dragging to the trash.
  3. Launch Disk Utility. Your image should still be in it¹s sidebar. Click on the image and then click on the burn symbol. You obviously need a DVD burner for this.


Classic

QuickTime 6.0.3

QuickTime 6.0.3 is the latest version of QuickTime available for users of Mac OS 8.6 and Mac OS 9.x. When I tried to install this update into Classic, I got the error

Access denied

The solution: Launch "Disk Utility.app", then run the "Repair Disk Permissions" tool on the startup volume ("Volume Zugriffsrechte reparieren"). Possibly, you also have to run the "Fix OS 9 permissions" function ("Zugriffsrechte fuer Mac OS 9 reparieren").

The installer places QuickTime into a folder in the root of the startup volume. Simply copy the folder to the location of your Classic environment and you are set.


Deus Ex

  • Minimal install, plus textures, maps and speech files.
  • do not install any of the sprockets (!) unless the currently installed sprochets are veeeery old
  • on the command line (in Mac OS X), change the following permissions
    • Users.ini = 666 (so that users can be created in the game)
    • DeusEx.ini = 666 (so that the initial game configuration can be saved)
    • Game directory = 777 (so that log file can be created)
    • System folder -> Preferences -> DeusEx Preferences = 666 (so that all users can play)


Apache configuration

The information in this chapter was collected on Mac OS X 10.4.10.

Update: Nowadays I prefer to install MAMP, it's much easier than doing all the following stuff!


Basics

The Apache web server is of the old 1.3 variant (1.3.33, at the time of writing). To launch the Apache web server, go to System Preferences and activate "Personal Web Sharing".

The Apache configuration is located in

/etc/httpd

The document root is located in

/Library/WebServer/Documents

User's web space is located in

/Users/<username>/Sites


PHP applications

By default, PHP is disabled. There are 2 choices how to enable PHP:

  • either enable PHP provided by Apple (currently version 4.4.7)
  • or install PHP from an external source (usually you will do this because your PHP application requires PHP 5)


Enable PHP provided by Apple

  • create a symlink in the document root, e.g. sudo ln -s /sw/share/phpmyadmin/ /Library/WebServer/Documents/phpmyadmin
    • note that it is useless to create the symlink in the user's web space because the configuration provided by Apple has rather strict rules what is allowed in the user web space: one limit is that symlinks are not followed, another limit is that .htaccess files cannot override anything; see /etc/httpd/users/<username> for details
  • edit /etc/httpd/httpd.conf and activate the PHP module by uncommenting these lines:
#LoadModule php4_module        libexec/httpd/libphp4.so
#AddModule mod_php4.c
    • note: index.php is already added to DirectoryIndex by default, and the .php extension has already assigned a MIME type by default
  • enable PHP by placing the following statements in /etc/httpd/users/fink.conf
  • make the Apache daemon re-read the changed configuration by issuing this statement
sudo apachectl graceful


Install PHP from external source

Initially I intended to install PHP 5 through fink, but when I saw that they require you to install Apache 2 I was discouraged. I did not want to tamper too much with the system, esp. I did not want too much headache if something went wrong. The promising solution is the PHP package for Apache 1.3 provided by Marc Liyanage here:

http://www.entropy.ch/software/macosx/php/

Doubtless, there are other sources where you can get your PHP package, but since the package by Marc Liyanage is so convenient, I did not investigate any further.

Installation is straightforward:

  • if you enabled PHP provided by Apple, you must disable it again
  • I stopped Apache before installing the package, but maybe this is not necessary
  • unpack the .tar.gz, it seems you should not use StuffIt for that
  • double-click the installer and boldly go forward :-)

The PHP files are installed in

/usr/local/php5

PHP is enabled through the configuration file

/usr/local/php5/entropy-php5.conf

which is symlinked into

/etc/httpd/users/+entropy-php.conf


phpmyadmin

  • install the phpmyadmin package through fink
  • if you have enabled PHP provided by Apple, you need to the following stuff; if you have installed Marc Liyanage's PHP package, you can skip this
    • create /etc/php.ini if it does not exist yet
sudo cp /etc/php.ini.default /etc/php.ini
    • edit php.ini so that the MySQL socket option now looks like this
mysql.default_socket = /tmp/mysql.sock
    • make sure that changed configuration is activated
sudo apachectl graceful
  • create /sw/share/phpmyadmin/config.inc.php if it does not exist yet
sudo cp /sw/share/phpmyadmin/config.sample.inc.php /sw/share/phpmyadmin/config.inc.php
  • edit config.inc.php so that the "blowfish_secret" option now looks like this (the actual option value can be any random string)
$cfg['blowfish_secret'] = 'beiz5buPEeyai7ci';
  • create a symlink in the document root
sudo ln -s /sw/share/phpmyadmin/ /Library/WebServer/Documents/phpmyadmin
  • make sure that the MySQL daemon is running
sudo mysqld_safe
  • finally, point your browser to the right place
http://localhost/phpmyadmin/index.php


Mediawiki

  • make sure to have MySQL and PHP5 installed
  • get a current version of the Mediawiki sources; these instructions are the product of installing Mediawiki 1.11.0
  • unpack the tar ball into ~/Sites
  • rename the directory to something nice (usually I prefer to do this with symlinks, but Apple's Apache configuration prohibits following symlinks, and I don't want to touch Apple's configuration file if I can help it)
mv mediawiki-1.11.0 mediawiki
  • make the config sub-directory writable by the web server
chmod a+w mediawiki/config
  • point your browser to the following URL and follow setup instructions
http://192.168.1.9/~<username>/mediawiki/
  • install information
    • wiki name = NargleWiki
    • contact email = none
    • language = en
    • copyright/license = GNU Free Documentation License 1.2
    • admin username = Admin
    • admin password = <secret>
    • shared memory caching = no caching
    • email features = disabled
    • user-to-user email = disabled
    • email notifications = disabled
    • email address authentication = disabled
    • database = mysql
    • db host = localhost
    • db name = mediawiki
    • db user = mediawiki
    • db user password = <secret>
    • use super user = yes
    • super user name = root
    • super user password = <secret>
  • move the LocalSettings.php file up one folder
mv config/LocalSettings.php .
  • remove permissions on the config directory
chmod 755 config
  • change file permissions on LocalSettings.php to protect passwords (we must use sudo because the file is owned by user www, i.e. the user that the web server runs as)
sudo chmod 400 LocalSettings.php
  • point your browser to
http://192.168.1.9/~<username>/mediawiki/index.php


Running things automatically

Overview

I have started writing this chapter out of irritation with the multitude of options there are on Mac OS X when something should be made to run in an automated way. Startup Items, Login Items, Login Hooks, launchd, cron? On one hand, it is always good to have options, on the other hand, having too many options just makes the world more confusing. This is especially true if one needs to remember which options are valid on which versions of the operation system.


References

[1] TN2083 
Technical Note TN2083 - Daemons and Agents.
[2] Introduction to System Startup Programming Topics 
Interesting document for writing software that needs to be launched at boot time or at user login time. Also contains a detailed description of the boot process.
[3] Introduction to Multiple User Environments 
Background information about the multiple user environment of Mac OS X. Especially interesting is the "Root and Login Sessions" chapter.


Glossary

mach_init 
The Mach initialization process. mach_init on 10.3 and earlier, launchd on 10.4 and later.
Session 
Created and managed by mach_init. mach_init assigns each new process to a session. The main types are root session and login session.
Background program 
A program that runs in the background, without presenting any significant GUI. There are two types of background programs: Daemons and Agents.
Daemon 
A system wide background program that is not associated with a specific user. Note that a daemon process is not necessarily a "daemonized" process.
Agent 
A background program that works on behalf of a specific user. As opposed to a daemon, an agent can connect to the window server and has access to the user's home directory.
Daemonization, daemonize 
A process that is daemonized has been detached from its parent process and the environment it provides (e.g. it is no longer attached to a tty). The daemonized process is now a child of the top-level launchd process. The process is still owned by whoever started it (unless the process itself changes its uid).
launchd daemon 
A daemon launched by launchd (yeah, I know...).
launchd agent 
An agent launched by launchd on behalf of a specific user.
Login Item 
A program that is launched when a user logs in using the GUI. There are global login items (deprecated, see System Login Item) and per-user login items.
Startup Item 
A daemon launched during system startup by the SystemStarter program. Deprecated in favour of launchd.
mach_init daemon 
A daemon launched by mach_init from the /etc/mach_init.d. Deprecated in favour of launchd, and unsupported by Apple in the first place.
mach_init agent 
An agent launched on behalf of a specific user by loginwindow from the /etc/mach_init_per_user.d. Deprecated in favour of launchd, and unsupported by Apple in the first place.
inetd/xinetd daemon 
A daemon launched by the "Internet Super Server" (originally inetd and later xinetd). Deprecated in favour of launchd.
System Login Item 
A global login item that is launched in each GUI login session before the user logs in. Deprecated in favour of launchd.


mach_init

[1] and also [2]: mach_init refers to the Mach initialization process. This has been the mach_init process on 10.3 and earlier, and is now the launchd process on 10.4 and later.

[3] "mach_init program": Although I have not found a definitive statement, I assume that references to the "mach_init program" once were meant to talk about the actual mach_init process, but nowadays should be read as references to launchd.

[1] "mach_init daemon": A mach_init daemon is launched by the Mach initialization process. A mach_init daemon is installed by placing a property list file in the /etc/mach_init.d directory. Apple does not support third party development of mach_init daemons. Starting with 10.5, mach_init daemons are deprecated in favor of launchd daemons.


Sessions

Overview

Information in this section comes from [3].

Processes are associated with either the root session or a login session. mach_init assigns each new process to an appropriate session based on factors such as who created the process and when.


Root session

The root session is the first session to be created and the last to be destroyed. Only one root session ever exists on the system, and it is where most boot-time processes and daemons live. Processes in the root session are allowed to provide services to all users of the system. For example, lookupd and the mDNSResponder process both run in the root session.

As the window server does not live in the root session, a daemon or other program that runs in the root session does not have access to the window server. For this reason, no system frameworks that rely on the window server can be used to implement a program that is intended to run in the root session.


Login sessions

A new login session is created when a user logs in, either locally through the login window (a so-called "console login") or remotely through ssh. Processes launched by a user or for a user's benefit live in a login session. Each login session is associated with an authenticated user. The system may have multiple login sessions active at any given time. Console login sessions include processes such as the Finder and Dock, while remote login sessions contain only shell-level processes. Most of the communication between different login sessions is restricted by mach_init. Communication is still possible but generally requires creating an explicit, and trusted, connection.

A login session remains in existence until all processes that belong to it are terminated. When a user logs out, the system attempts to terminate the processes in that user's login session. When the last process in a login session dies, the system closes out the login session and reclaims its memory. If a user process daemonizes itself prior to logout, it can live past the end of the user logout and prolong the existence of the login session. Some system services, such as the Apache web server, do this to avoid being shut down during a logout. Processes that survive the user logout continue to run in the login session. However, they must be able to run without the existence of the window server, which is terminated when the user logs out.

A login session is identified by a unique ID. This ID is the security session ID, often referred to simply as the session ID. Applications can use the session ID to distinguish among resources allocated in different login sessions. Session IDs are not persistent between user logins. Each session ID is valid only for the duration of the current login session, and it is valid for all processes in that login session. If a user logs out and logs back in, a different session ID is asssigned to the new login session. Session information is available from the Security framework (e.g. session ID) and the Core Graphics framework.


Execution Contexts

Overview

Information in this section comes from [1].

The execution context of a process determines the "capabilities" of the process, or, in other words: What the process is allowed to do. The execution context consists of several parts that affect the process in different ways:

  • UIDs and GUIDs : Determines, for instance, what files a process can open.
  • Bootstrap Namespace : Determines what services (e.g. the Dock) a process can use because it restricts how Mach messages can be sent.
  • Security Context : It appears that this is the "session" discussed in the previous chapter. Usually (but not always) for every bootstrap namespace there is also a session.


UIDs and GIDs

TODO


Bootstrap Namespace

TODO


Security Context

TODO


From boot to shutdown

This section describes the general sequence of events starting with the boot process from the time when launchd takes over, through a user login and logout, to the final system shutdown. The information comes from [2].

  1. The system boots
    1. launchd does mystical and unknown stuff
    2. launchd starts SystemStarter, which in turn starts any non-launch-on-demand daemons (i.e. StartupItems).
    3. launchd starts loginwindow
  2. The user logs in
    1. loginwindow authenticates the user and begins setting up the user environment as follows
    2. loginwindow does a lot of complicated and, in the current context, uninteresting stuff
    3. loginwindow sets up user preferences, environment variables, keychain access, etc.
    4. loginwindow launches Dock, Finder and SystemUIServer
    5. loginwindow launches Login Items (experimentally confirmed order: Login Hook, Global Login Item, per-user Login Item)
  3. The user logs out
    1. loginwindow terminates all foreground processes (i.e. GUI applications) in an orderly manner; background processes are given a courtesy warning so that they may shutdown themselves gracefully, but if they do not respond promptly are then brutally killed by sending the SIGKILL signal
    2. loginwindow launches the Logout Hook program
  4. The system shuts down
    1. Services provided by SystemStarter startup items are shut down
    2. All processes are sent the SIGTERM signal
    3. All processes that are still around after a few seconds are sent the SIGKILL signal


Startup Item

Note: Startup Items are deprecated since 10.4 in favour of launchd (launchd daemon).

Startup Items are defined in

/Library/StartupItems

Startup Items are launched by the SystemStarter utility (/sbin/SystemStarter, also read its man page man SystemStarter) when the system starts up.

Startup Items have the following execution context:

  • UID = root
  • bootstrap namespace = global
  • security context = global (i.e. the root session)


Login/Logout Hook

Information in this section comes from [2].

loginwindow can be configured to execute a program each time any user logs in or logs out. Only one of these hooks can be installed at a time. For this reason, login/logout scripts are not recommended for deployment and should be used only by a local system administrator who has control over the environment.


When creating your script file, keep the following in mind:

  • Place the file in a location that is accessible to all users (e.g. /Library/Management/LoginHooks)
  • The permissions for your script file should include execute privileges for the appropriate users.
  • Scripts launched by loginwindow are run as root.
  • In your script, the variable $1 returns the short name of the user who is logging in.
  • Other login/logout actions wait until your hook finishes executing. Therefore, have your script do what it needs to do quickly and then exit.


To activate the hook, issue the following command in Terminal.app

sudo defaults write com.apple.loginwindow LoginHook /path/to/script
sudo defaults write com.apple.loginwindow LogoutHook /path/to/script

To activate the hook, issue the following command in Terminal.app

sudo defaults delete com.apple.loginwindow LoginHook
sudo defaults delete com.apple.loginwindow LogoutHook

The hooks are written to / removed from the preferences file

/private/var/root/Library/Preferences/com.apple.loginwindow.plist

Note: If no such plist file, this method will not work. The file notably does not exist on a fresh installation of Mac OS X, until the user changes a login window setting (such as turning on fast user switching).


Login/Logout Hooks have the following execution context:

  • UID = root
  • bootstrap namespace = ?
  • security context = ?


System Login Item

Note: System Login Items are deprecated since 10.5 in favour of launchd (pre-login agent).

Note: System Login Items are not documented [very well]. They are mentioned in [1], but there is no hint about how they are installed. One of the better threads on the subject can be found here. The thread also quotes an email from Apple Support that says that System Login Items have been entirely removed from 10.6.

A System Login Item is a Global Login Item that is launched in each GUI login session before the user logs in. A System Login Item is useful if you need to use the window server while the login screen is displayed. While the loginwindow displays, the program is run with UID 0 (root), however when the user logs in the program is terminated and then re-launched with the user's UID.


System Login Items are installed in an array named "AutoLaunchedApplicationDictionary" inside the file:

/Library/Preferences/com.apple.SystemLoginItems.plist

The following command lists all System Login Items (note that we use the file name without the .plist extension):

defaults read /Library/Preferences/com.apple.SystemLoginItems

The following command installs a single System Login Item (note that we use the file name without the .plist extension). Warning: If other items exist they are overwritten by the command.

defaults write /Library/Preferences/com.apple.SystemLoginItems AutoLaunchedApplicationDictionary -array-add '{ "Path" = "/path/to/script"; "Hide" = 0; }'


System Login Items have the following execution context:

  • UID = root
  • bootstrap namespace = pre-login
  • security context = pre-login


Global and per-user Login Items

Note: Global Login Items have officially become available with 10.5. Prior versions may also have had such a feature, but if so it was kept under the hood. Looking at how Global Login Items work, it is reasonable to assume that System Login Items were their predecessor.

A Login Item is a program that is launched when a user logs in. Installing a Global Login Item is roughly equivalent to installing it as a per-user Login Item for all users on the system. Every time a user logs in, loginwindow launches that user's Login Items and all Global Login Items.

Global Login Items and per-user Login items are installed in an array named "AutoLaunchedApplicationDictionary" inside one of the files:

/Library/Preferences/loginwindow.plist    # global
~/Library/Preferences/loginwindow.plist   # per-user

The following command lists all Global or per-user Login Items (note that we use the file name without the .plist extension):

defaults read /Library/Preferences/loginwindow AutoLaunchedApplicationDictionary    # global
defaults read ~/Library/Preferences/loginwindow AutoLaunchedApplicationDictionary   # per-user

The following command installs a single Global or per-user Login Item (note that we use the file name without the .plist extension). Warning: If other items exist they are overwritten by the command.

# global
defaults write /Library/Preferences/loginwindow AutoLaunchedApplicationDictionary -array-add '{ "Path" = "/path/to/script"; "Hide" = 0; }'
# per-user
defaults write ~/Library/Preferences/loginwindow AutoLaunchedApplicationDictionary -array-add '{ "Path" = "/path/to/script"; "Hide" = 0; }'


Login Items have the following execution context:

  • UID = ?
  • bootstrap namespace = ?
  • security context = ? login session ?


/etc/rc*

[1]: "[...] modifying /etc/rc* is not a supported way of launching a daemon on Mac OS X. Rather, you should launch your daemon via launchd."


launchd

launchctl

Command line utility that can be used to control launchd:

launchctl

Load an agent after placing its .plist file into /Library/LaunchAgents

sudo launchctl load -D local -S Background


.plist File Examples

TODO man launchd.plist


System Integrity Protection (SIP)

Beginning with Mac OS X 10.11 (El Capitan), a new feature called "System Integrity Protection" (SIP, Wikipedia article) prevents even the root user from tampering with certain system-level files and folders. Notably, SIP prevents me from replacing the NTFS mount utility /sbin/mount_ntfs with my own version that uses a modified NTFS driver for providing write support.

The following file lists all files and folders that are protected by SIP:

/System/Library/Sandbox/rootless.conf

The command line utility csrutil can be used to view and/or modify the SIP status. Modifying the SIP status only works while the system is booted in recovery mode. Disabling / enabling SIP modifies the NVRAM and affects the entire machine, i.e. all Mac OS X installations on that machine!

csrutil status
csrutil disable
csrutil enable

To modify the SIP status:

  • Restart the system
  • Press CMD + R while the system reboots
  • After the system has booted into the recovery environment, select the "Utilities > Terminal" menu item to launch a command line window
  • Now you can disable or enable SIP

I assume that while you are in recovery mode it would also be possible to modify rootless.conf, but I have not tested this.


NTFS write support

Simple solution

Important: Also read the next section about FUSE for OS X.

The simple solution looks like this: Install Homebrew, then execute these commands:

brew install ntfs-3g
sudo mv /sbin/mount_ntfs /sbin/mount_ntfs.original
sudo ln -s /usr/local/sbin/mount_ntfs /sbin/mount_ntfs

The mount_ntfs script that we are activating here is a simplified version of the script that appears in the next section. The Homebrew script mounts volumes with the ID of the user that is active at the time the device is plugged in.

Note: The ntfs-3g package includes a couple of useful NTFS command line utilities (the names all start with "ntfs").


FUSE for OS X

At the time of writing this, the default Homebrew installation of ntfs-3g installs the deprecated Fuse4X as a dependency. Fuse4X is no longer developed or supported, its official successor is FUSE for OS X. Although FUSE for OS X can be installed via Homebrew Cask, the version installed at the time of writing this is 2.8.3, and that's too old because it has the following bugs:

  • A mounted NTFS volume does not show up in the sidebar of the Finder (or on the Desktop)
  • Dismounting an NTFS volume leaves a dangling mount point in /Volumes. See issue 119.


The solution is to manually install FUSE for OS X, version 3.2.0 or later, which fixes the two bugs. It's probably best to install this after ntfs-3g is installed via Homebrew. The sequence is this:

  • On the command line:
brew install ntfs-3g
brew uninstall fuse4x
  • Download and install the latest FUSE for OS X
  • Reboot


Complicated solution

Similar to the simple solution: Install Homebrew, then execute these commands:

brew install ntfs-3g
sudo mv /sbin/mount_ntfs /sbin/mount_ntfs.original
sudo touch /sbin/mount_ntfs
sudo chmod 0755 /sbin/mount_ntfs
sudo chown 0:0 /sbin/mount_ntfs
sudo vi /sbin/mount_ntfs

In this case we provide our own custom mount script. Copy & paste the following script into the editor:

#!/bin/bash
VOLUME_NAME="${@:$#}"
VOLUME_NAME=${VOLUME_NAME#/Volumes/}
USER_ID=502  # patrick
GROUP_ID=20  # staff
TIMEOUT=20
LOGFILE=/var/log/ntfsmnt.log
DATE_FORMAT="+%d.%m.%Y-%H:%M:%S"

# stat returns the user ID of the owner of /dev/console
# - If this is user ID 0 (i.e. root), then all the complicated
#   stuff is executed to determine the user/group ID to be used
#   for the mount operation.
#   - If auto-login was used, then the auto-login user/group is
#     used for the mount operation
#   - If auto-login was not used, the script waits for a maximum
#     of TIMEOUT seconds and checks after every second if
#     /dev/console is owned by someone else than user ID 0. If
#     the owner is found, it is used for the mount operation.
#   - If after 20 seconds /dev/console is still owned by user ID 0,
#     the script falls back on a hard-coded default user/group ID
# - If /dev/console is owned not by user ID 0, then it is
#   assumed that the owner/group of /dev/console can be used for
#   the mount operation
if [ `/usr/bin/stat -f "%u" /dev/console` -eq 0 ]; then
        # First check if autologin was used. If so, then that
        # user/group is 
        USERNAME=`/usr/bin/defaults read /library/preferences/com.apple.loginwindow | /usr/bin/grep autoLoginUser | /usr/bin/awk '{ print $3 }' | /usr/bin/sed 's/;//'`
        if [ "$USERNAME" = "" ]; then
                until [ `stat -f "%u" /dev/console` -ne 0 ] || [ $TIMEOUT -eq 0 ]; do
                        sleep 1
                        let TIMEOUT--
                done
                if [ $TIMEOUT -ne 0 ]; then
                        USER_ID=`/usr/bin/stat -f "%u" /dev/console`
                        GROUP_ID=`/usr/bin/stat -f "%g" /dev/console`
                fi
        else
                USER_ID=`/usr/bin/id -u $USERNAME`
                GROUP_ID=`/usr/bin/id -g $USERNAME`
        fi
else
        USER_ID=`/usr/bin/stat -f "%u" /dev/console`
        GROUP_ID=`/usr/bin/stat -f "%g" /dev/console`
fi

echo "$(date $DATE_FORMAT) Attempting to mount ${VOLUME_NAME} with user $USER_ID, group $GROUP_ID" >>$LOGFILE
/opt/local/bin/ntfs-3g \
         -o volname="${VOLUME_NAME}" \
         -o local \
         -o negative_vncache \
         -o auto_xattr \
         -o auto_cache \
         -o noatime \
         -o windows_names \
         -o user_xattr \
         -o inherit \
         -o uid=$USER_ID \
         -o gid=$GROUP_ID \
         -o allow_other \
         "$@" >>$LOGFILE 2>&1
ntfs3gExitCode=$?
echo "$(date $DATE_FORMAT) ntfs-3g exit code = $ntfs3gExitCode" >>$LOGFILE
exit $ntfs3gExitCode

The script comes from this blog post (scroll down to the part that is titled "Fuse4x + NTFS-3G from MacPorts"). I added a few things to the original script:

  • Define LOGFILE variable and use that in various places instead of a hardcoded path
  • Define DATE_FORMAT variable to output a date/time prefix into the logfile
  • Print some diagnostics before and after ntfs-3g is invoked
  • Changed the redirection of stdout/stderr of ntfs-3g from &>$LOGFILE to >>$LOGFILE 2>&1 because I wanted to append to the logfile instead of clobbering it each time ntfs-3g is invoked


Apparently someone else found a way how to add write permission for all users, not just the one that triggered the mount. The comment by Michele De Pascalis contains a script that has the following 5 lines added to the ntfs-3g invocation. I have not yet tested this.

-o fmask=0111 \
-o dmask=0000 \
-o rw \
-o auto \
-o user \


Virtualizing Mac OS X

From what I've read on the net, Mac OS X 10.7 was the first version of the OS that allowed to run it as a guest OS within a virtualizer software - provided the virtualizer runs on Apple hardware, and the virtualized OS is used for personal, non-commercial use. I'm not sure which virtualizers support Mac OS X these days, here I am going to cover VirtualBox because it's easy to use and OSS.

I have tried out the following stuff for an installation of Mac OS X 10.11 (El Capitan), but I think the instructions should also work for older versions of the OS, because the InstallESD.dmg image file has been present in Mac OS X installer bundles since Mac OS X 10.8.

TODO: Complete the writeup

http://www.jesseweb.com/tech/creating-an-os-x-el-capitan-vm-in-virtualbox/

cites this as its source:

http://apple.stackexchange.com/questions/198737/install-el-capitan-in-virtual-box-for-testing-purposes

cites this as its source:

http://anadoxin.org/blog/creating-a-bootable-el-capitan-iso-image.html

cites this as its source:

http://forums.macrumors.com/threads/how-to-create-el-capitan-os-x-bootable-dvd.1923894/page-2#post-22048507