In addition to those on its well-known list of 200+ new features, OS X Mountain Lion also brings along a handful of new UNIX commands and binaries. Most are probably outside the scope of Ask Different (e.g. commands concerning Radius Authentication, Kerberos or Berkeley DB maintainance) but some of them may prove valuable to (aspiring) power users out there. As always, you will find more information in the corresponding man pages.
Administrator commands (/usr/sbin)
sharing – create share points for afp, ftp and smb services
This is a great addition to the UNIX shell level: a tool to create, modify and delete share points (aka shared directories). In its most basic form it can be used like this to add a share for a specific directory on afp, ftp and smb/Samba:
sudo sharing -a /Users/bob/bobs-toolbox
To turn off guest access to the newly-created share, use
sudo sharing -e /Users/bob/bobs-toolbox -g 000
Removing the share entirely is as easy as
sudo sharing -r /Users/bob/bobs-toolbox
In addition, sharing
allows for individual names and access rights for all three sharing protocols and access to protocol-specific details.
The only drawback is that the command must always be run as root, but that’s probably only a minor issue for most users and uses.
serverinfo – determine server status
This is intended primarily to be used in shell scripts to determine whether the script is running on an OS X server and whether specific server features are enabled:
if serverinfo -q --hardware; then echo Running on server hardware; fi
There is no man page for this command, but running serverinfo -h
prints a bunch of options.
Common commands (/usr/bin)
caffeinate – prevent the system from sleeping on behalf of a utility
This allows you to either directly prevent your Mac from falling asleep for a specific period of time (e.g. an hour):
caffeinate -u -t 3600
or allows a command to run for a prolonged period without the automatic (and, since 10.8, rather aggressive) sleep function kicking in
caffeinate -s any-long-running-command -with arguments
It doesn’t have anything to do with Java(TM) though…
fdesetup – FileVault enabling tool
FileVault full disk encryption is one of the things you enable once and then forget about, it just works (TM). So why have a UNIX command to support this process? Right now I see two usage scenarios here:
After turning on FileVault every user must log in once to enable his/her account again. There is no obvious way to find out which users haven’t done so yet, only a rather unhelpful message in the Preferences pane. Using
fdesetup
you can list all enabled users withsudo fdesetup list
and also help indivdual users enable their account withsudo fdesetup add -usertoadd bob
.In a network environment (e.g. a computer lab in a school) the administrator is now able to force enable FileVault on all computers on the network with a clever combination of
ssh
andfdesetup
, including integration with Open Directory and Keychains where needed.
Interestingly enough this command only supports the main hard drive right now; encryption of any attached storage devices needs to be done with hdiutil
.
pgrep, pkill – find or signal processes by name
A lot of people probably installed these two utilites via homebrew or MacPorts in the past because it’s easier to use pgrep
instead of ps options | grep what.*ever
(which usually also returns the grep
command itself). With 10.8 both pgrep
and the potentially dangerous pkill
are available in every standard installation. So if you wanted to know how many processes are running for Chrome a simple pgrep Chrome | wc -l
will give you the answer (33 on my iMac right now).
For the more daring minds pkill
can act like a machine gun for processes. If you want to kill all Chrome instances for user bob you can now easily run sudo pkill -U bob Chrome
without impacting other users. For more specific stuff (especially involving elaborate regular expressions) confirmation before each kill can be enforced with -I
.
tccutil – manage the privacy database
This command manages the privacy database, which stores decisions the user has made about whether apps may access personal data. In its current form it only allows one to remove/reset the decisions for a specific service (tccutil reset AddressBook
), as in the Privay preference pane. The command doesn’t look like much yet but might be helpful when doing remote support because it’s much easier to reset the privacy database this way than navigating to the corresponding preference pane.
Filed under OS X
Tagged: Mountain Lion, utilities
Thanks for the tips! How did you discover al these?
Basically I compared the content of /usr/sbin and /usr/bin between my Mountain Lion installation and the last Lion backup.
Really glad to see pkill added to core OS. Previously had to install it via brew. Thanks for the tips!
Caffeinate is a stupid name. Awake would have made more sense
Matt -> Caffeinate implies that the machine is awake and you want it to stay that way.
Awake is what you do when you are already sleeping.
Caffeinate implies you want to use something to keep yourself awake, so it makes perfect sense in my opinon.
Plus it’s a command that you can use to run other commands, i.e. caffeinate -u
Caffeinate is a ridiculous name, I thought Apple people were smart? How can they expect international users to easily grasp that intended context for the name?
I think the name is fine. caffeinate is similar to the menubar utility Caffeine that prevents your computer from sleeping (see http://lightheadsw.com/caffeine ). If you prefer another name, ln -s /usr/bin/caffeinate /usr/bin/your_better_name
I bet it’s in homage of the uber-useful and ubiquitous clutter-bar app.
http://lightheadsw.com/caffeine/
@Matt Johnson: as opposed to all the other Unix commands out there with names which are immediately obvious to everyone.
@Matt Johnson,
Really? Does caffeine not work the same way in other countries?
@Nathan
Below the equator caffeine makes you sleepy. 🙂
@gtcaz Sounds more like theft rather than homage.
“amphetaminate” does the same thing but it also overlocks your CPU.
@Dan Yeah, but over time it causes your keyboard to lose key caps, your gpu or audio to stutter or produce noise and the GUI gets paranoid, constantly asking for your password! 😉
Are these really Unix commands or OSX commands? If they really are Unix, I should be able to find them on any Unix and Unix-like machines. I have a feeling I won’t.
You can find pkill and pgrep on UNIX-like machines. I think the title is intended to be:
Interesting new UNIX commands, Interesting new Binaries, in OS X Mountain Lion.
Yes, there are unix commands on OSX. That’s because the Mac OS is unix darwin, with an elaborate UI overlaid. Open a terminal and you’re in unix. Some things are missing; some extras are added, but if you like unix, you’ll feel right at home.
pgrep is interesting. I’ve been using a one-line Bash script I wrote up years ago when I got tired of remembering the ps syntax:
!/bin/bash
ps auxww | grep -i $1 | fgrep -v “grep -i $1” | fgrep -v “fgrep” | fgrep -v “pfind”
(I know I could improve the script by replacing $1 with $* and other tweaks, but it always does what I need.)
You can also filter a grep out of a standard pipe like so:
ps aux | grep [m]yprocess
The brackets are interpreted as a set, so the grep no longer matches itself.
Out of curiosity, what the main difference between pkill and killall which is available since day one ?
Two examples I can see:
pkill treats the pattern argument as a regex by default, and with “-f” it matches the command’s arguments, not just its name. killall treats the pattern as a full name match by default (which is generally less useful and requires more typing), and has no way to search the whole command.
Actually I really like the name caffeinate 🙂
Interestingly the man page for it is already installed in Lion and the source seems to be here: http://opensource.apple.com/source/PowerManagement/PowerManagement-271.25.8/
Why would I use pkill instead of killall?
pkill and pgrep match on regexp; killall by process name.
killall can handle regexp with “-m”, but it can’t search the entire command, only the name. pkill can do so with “-f”.
killall can be dangerous, as it does different things on *BSD (incl Mac OS X) than on Solaris. (Not sure about Linux, guessing same as *BSD)
killall on *BSD kills by name. killall on Solaris kills all running processes, just like the name says.
As I work on both *BSD (incl Mac OS X) and Solaris, I don’t ever use that command. Running killall accidentally on a prod Sun box will present the opportunity to explore career opportunities elsewhere.
pgrep & pkill are very welcome additions.
Only problem with caffeinate is going to be remembering how to spell it. Should have gone for “nodoze”.
The Tab Key is your friend. “caf + ” you should be able to type even if the active brain units tend to go to zero.
sorry meant the “caf” + tab but it didn’t get through.
for caffeinate why not just make a symbolic link like caf_? That should solve everyones problem with the spelling.
I think Caffeinate makes perfect sense in my opinion.
[…] [Link%5D […]
[…] [Link] […]