In addition to those on its well-known list of 200+ new features, OS X Mountain Lion also brings along a handful of new UNIX commands and binaries. Most are probably outside the scope of Ask Different (e.g. commands concerning Radius Authentication, Kerberos or Berkeley DB maintainance) but some of them may prove valuable to (aspiring) power users out there. As always, you will find more information in the corresponding man pages.
Administrator commands (/usr/sbin)
sharing – create share points for afp, ftp and smb services
This is a great addition to the UNIX shell level: a tool to create, modify and delete share points (aka shared directories). In its most basic form it can be used like this to add a share for a specific directory on afp, ftp and smb/Samba:
sudo sharing -a /Users/bob/bobs-toolbox
To turn off guest access to the newly-created share, use
sudo sharing -e /Users/bob/bobs-toolbox -g 000
Removing the share entirely is as easy as
sudo sharing -r /Users/bob/bobs-toolbox
sharing allows for individual names and access rights for all three sharing protocols and access to protocol-specific details.
The only drawback is that the command must always be run as root, but that’s probably only a minor issue for most users and uses.
serverinfo – determine server status
This is intended primarily to be used in shell scripts to determine whether the script is running on an OS X server and whether specific server features are enabled:
if serverinfo -q --hardware; then echo Running on server hardware; fi
There is no man page for this command, but running
serverinfo -h prints a bunch of options.
Common commands (/usr/bin)
caffeinate – prevent the system from sleeping on behalf of a utility
This allows you to either directly prevent your Mac from falling asleep for a specific period of time (e.g. an hour):
caffeinate -u -t 3600
or allows a command to run for a prolonged period without the automatic (and, since 10.8, rather aggressive) sleep function kicking in
caffeinate -s any-long-running-command -with arguments
It doesn’t have anything to do with Java(TM) though…
fdesetup – FileVault enabling tool
FileVault full disk encryption is one of the things you enable once and then forget about, it just works (TM). So why have a UNIX command to support this process? Right now I see two usage scenarios here:
After turning on FileVault every user must log in once to enable his/her account again. There is no obvious way to find out which users haven’t done so yet, only a rather unhelpful message in the Preferences pane. Using
fdesetupyou can list all enabled users with
sudo fdesetup listand also help indivdual users enable their account with
sudo fdesetup add -usertoadd bob.
In a network environment (e.g. a computer lab in a school) the administrator is now able to force enable FileVault on all computers on the network with a clever combination of
fdesetup, including integration with Open Directory and Keychains where needed.
Interestingly enough this command only supports the main hard drive right now; encryption of any attached storage devices needs to be done with
pgrep, pkill – find or signal processes by name
A lot of people probably installed these two utilites via homebrew or MacPorts in the past because it’s easier to use
pgrep instead of
ps options | grep what.*ever (which usually also returns the
grep command itself). With 10.8 both
pgrep and the potentially dangerous
pkill are available in every standard installation. So if you wanted to know how many processes are running for Chrome a simple
pgrep Chrome | wc -l will give you the answer (33 on my iMac right now).
For the more daring minds
pkill can act like a machine gun for processes. If you want to kill all Chrome instances for user bob you can now easily run
sudo pkill -U bob Chrome without impacting other users. For more specific stuff (especially involving elaborate regular expressions) confirmation before each kill can be enforced with
tccutil – manage the privacy database
This command manages the privacy database, which stores decisions the user has made about whether apps may access personal data. In its current form it only allows one to remove/reset the decisions for a specific service (
tccutil reset AddressBook), as in the Privay preference pane. The command doesn’t look like much yet but might be helpful when doing remote support because it’s much easier to reset the privacy database this way than navigating to the corresponding preference pane.