Interesting new UNIX commands/binaries in OS X Mountain Lion

Post to Twitter

In addition to those on its well-known list of 200+ new features, OS X Mountain Lion also brings along a handful of new UNIX commands and binaries. Most are probably outside the scope of Ask Different (e.g. commands concerning Radius Authentication, Kerberos or Berkeley DB maintainance) but some of them may prove valuable to (aspiring) power users out there. As always, you will find more information in the corresponding man pages.

Administrator commands (/usr/sbin)

sharing – create share points for afp, ftp and smb services

This is a great addition to the UNIX shell level: a tool to create, modify and delete share points (aka shared directories). In its most basic form it can be used like this to add a share for a specific directory on afp, ftp and smb/Samba:

sudo sharing -a /Users/bob/bobs-toolbox

To turn off guest access to the newly-created share, use

sudo sharing -e /Users/bob/bobs-toolbox -g 000

Removing the share entirely is as easy as

sudo sharing -r /Users/bob/bobs-toolbox

In addition, sharing allows for individual names and access rights for all three sharing protocols and access to protocol-specific details.

The only drawback is that the command must always be run as root, but that’s probably only a minor issue for most users and uses.

serverinfo – determine server status

This is intended primarily to be used in shell scripts to determine whether the script is running on an OS X server and whether specific server features are enabled:

if serverinfo -q --hardware; then echo Running on server hardware; fi

There is no man page for this command, but running serverinfo -h prints a bunch of options.

Common commands (/usr/bin)

caffeinate – prevent the system from sleeping on behalf of a utility

This allows you to either directly prevent your Mac from falling asleep for a specific period of time (e.g. an hour):

caffeinate -u -t 3600

or allows a command to run for a prolonged period without the automatic (and, since 10.8, rather aggressive) sleep function kicking in

caffeinate -s any-long-running-command -with arguments

It doesn’t have anything to do with Java(TM) though…

fdesetup – FileVault enabling tool

FileVault full disk encryption is one of the things you enable once and then forget about, it just works (TM). So why have a UNIX command to support this process? Right now I see two usage scenarios here:

  • After turning on FileVault every user must log in once to enable his/her account again. There is no obvious way to find out which users haven’t done so yet, only a rather unhelpful message in the Preferences pane. Using fdesetup you can list all enabled users with sudo fdesetup list and also help indivdual users enable their account with sudo fdesetup add -usertoadd bob.

  • In a network environment (e.g. a computer lab in a school) the administrator is now able to force enable FileVault on all computers on the network with a clever combination of ssh and fdesetup, including integration with Open Directory and Keychains where needed.

Interestingly enough this command only supports the main hard drive right now; encryption of any attached storage devices needs to be done with hdiutil.

pgrep, pkill – find or signal processes by name

A lot of people probably installed these two utilites via homebrew or MacPorts in the past because it’s easier to use pgrep instead of ps options | grep what.*ever (which usually also returns the grep command itself). With 10.8 both pgrep and the potentially dangerous pkill are available in every standard installation. So if you wanted to know how many processes are running for Chrome a simple pgrep Chrome | wc -l will give you the answer (33 on my iMac right now).

For the more daring minds pkill can act like a machine gun for processes. If you want to kill all Chrome instances for user bob you can now easily run sudo pkill -U bob Chrome without impacting other users. For more specific stuff (especially involving elaborate regular expressions) confirmation before each kill can be enforced with -I.

tccutil – manage the privacy database

This command manages the privacy database, which stores decisions the user has made about whether apps may access personal data. In its current form it only allows one to remove/reset the decisions for a specific service (tccutil reset AddressBook), as in the Privay preference pane. The command doesn’t look like much yet but might be helpful when doing remote support because it’s much easier to reset the privacy database this way than navigating to the corresponding preference pane.

Filed under OS X

34 Comments

Subscribe to comments with RSS.

  • jtbandes says:

    Thanks for the tips! How did you discover al these?

  • Basically I compared the content of /usr/sbin and /usr/bin between my Mountain Lion installation and the last Lion backup.

  • Steve Levine says:

    Really glad to see pkill added to core OS. Previously had to install it via brew. Thanks for the tips!

  • matt says:

    Caffeinate is a stupid name. Awake would have made more sense

  • dan says:

    “amphetaminate” does the same thing but it also overlocks your CPU.

    • Nate says:

      @Dan Yeah, but over time it causes your keyboard to lose key caps, your gpu or audio to stutter or produce noise and the GUI gets paranoid, constantly asking for your password! 😉

  • Rob says:

    Are these really Unix commands or OSX commands? If they really are Unix, I should be able to find them on any Unix and Unix-like machines. I have a feeling I won’t.

    • Jason Salaz says:

      You can find pkill and pgrep on UNIX-like machines. I think the title is intended to be:

      Interesting new UNIX commands, Interesting new Binaries, in OS X Mountain Lion.

    • Lewy says:

      Yes, there are unix commands on OSX. That’s because the Mac OS is unix darwin, with an elaborate UI overlaid. Open a terminal and you’re in unix. Some things are missing; some extras are added, but if you like unix, you’ll feel right at home.

  • Randy says:

    pgrep is interesting. I’ve been using a one-line Bash script I wrote up years ago when I got tired of remembering the ps syntax:

    !/bin/bash

    ps auxww | grep -i $1 | fgrep -v “grep -i $1” | fgrep -v “fgrep” | fgrep -v “pfind”

    (I know I could improve the script by replacing $1 with $* and other tweaks, but it always does what I need.)

    • Scott says:

      You can also filter a grep out of a standard pipe like so:

      ps aux | grep [m]yprocess

      The brackets are interpreted as a set, so the grep no longer matches itself.

  • Jean-Daniel says:

    Out of curiosity, what the main difference between pkill and killall which is available since day one ?

    • Lawrence says:

      Two examples I can see:

      pkill treats the pattern argument as a regex by default, and with “-f” it matches the command’s arguments, not just its name. killall treats the pattern as a full name match by default (which is generally less useful and requires more typing), and has no way to search the whole command.

  • Actually I really like the name caffeinate 🙂

    Interestingly the man page for it is already installed in Lion and the source seems to be here: http://opensource.apple.com/source/PowerManagement/PowerManagement-271.25.8/

  • Why would I use pkill instead of killall?

    • Mel Boyce says:

      pkill and pgrep match on regexp; killall by process name.

    • Lawrence says:

      killall can handle regexp with “-m”, but it can’t search the entire command, only the name. pkill can do so with “-f”.

    • Gordo says:

      killall can be dangerous, as it does different things on *BSD (incl Mac OS X) than on Solaris. (Not sure about Linux, guessing same as *BSD)

      killall on *BSD kills by name. killall on Solaris kills all running processes, just like the name says.

      As I work on both *BSD (incl Mac OS X) and Solaris, I don’t ever use that command. Running killall accidentally on a prod Sun box will present the opportunity to explore career opportunities elsewhere.

      pgrep & pkill are very welcome additions.

  • Andrew says:

    Only problem with caffeinate is going to be remembering how to spell it. Should have gone for “nodoze”.

    • gentux says:

      The Tab Key is your friend. “caf + ” you should be able to type even if the active brain units tend to go to zero.

    • gentux says:

      sorry meant the “caf” + tab but it didn’t get through.

  • dioioib says:

    for caffeinate why not just make a symbolic link like caf_? That should solve everyones problem with the spelling.

  • Richard says:

    I think Caffeinate makes perfect sense in my opinion.

  • Comments have been closed for this post