Mac OSX System Administration

# [[Mac OSX System Administration]] _Created: 2025-07-31_ | #osx #mac | [[010 System Administration MOC|System Administration]] ## Other pages - [[Mac diskutil|Using the diskutil utility from the commandline]] - [[Mac dscl|Using the Directory Service Command Line]] ## Turning off ACL for SMB shared folders Ref: https://support.apple.com/en-ca/HT203574 > When saving files on SMB shares, the permissions might be changed so that only the owner can read or write For atomic writes, the temp file created before the move will be created with the default ACL of the shared folder, and not the permissions of the old version being replaced. Enabling ACLs on the directory will preserve permissions. From https://apple.stackexchange.com/a/139762 1. Firstly enable ACL permissions for SMB shares with the following command. ``` sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AclsEnabled -bool YES ``` 2. Then set up inheritance permissions on the parent holder with the following command. This should recursively go through your share and apply the relevant permissions. ``` sudo chmod -R +a "group:REPLACE_WITH_YOURGROUP_NAME:allow readattr,writeattr,readextattr,writeextattr,readsecurity,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit" REPLACE_WITH_PATH_TO_PARENT_SHARED_FOLDER ``` ## Finder ### Entering the path in file open/save dialogs Press _Cmd+Shift+g_ ### Showing dot files _Cmd+Shift+._ ### Force resync of icloud drive `killall bird` ## Zip files without Mac special hidden files "Compress" from Finder will always add the hidden files. You have to zip from command line. ```shell-session $ zip -r "all.zip" sandip dipika -x "*/.DS_Store" -x "__MACOSX" ``` ## Fix browser opening wrong version of Firefox ```shell-session /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -R -f -u /Applications/Firefox\ Personal.app ``` Ignore the error. This should remove all registrations from the plist files in that app. Ref: https://eclecticlight.co/2019/03/25/lsregister-a-valuable-undocumented-command-for-launchservices/ ## Uniform Type Identifier [Wikipedia - Uniform Type Identifier](https://en.wikipedia.org/wiki/Uniform_Type_Identifier) > A **Uniform Type Identifier** (**UTI**) is a text string used on software provided by [Apple Inc.](https://en.wikipedia.org/wiki/Apple_Inc. "Apple Inc.") to uniquely identify a given class or type of item. Apple provides built-in UTIs to identify common system objects – document or image file types, folders and application bundles, streaming data, clipping data, movie data – and allows third party developers to add their own UTIs for application-specific or proprietary uses. Support for UTIs was added in the [Mac OS X](https://en.wikipedia.org/wiki/Mac_OS_X "Mac OS X") [10.4](https://en.wikipedia.org/wiki/Mac_OS_X_v10.4 "Mac OS X v10.4") operating system, integrated into the [Spotlight](https://en.wikipedia.org/wiki/Spotlight_(software) "Spotlight (software)") desktop search technology, which uses UTIs to categorize documents. One of the primary design goals of UTIs was to eliminate the ambiguities and problems associated with inferring a file's content from its [MIME type](https://en.wikipedia.org/wiki/MIME_type "MIME type"), [filename extension](https://en.wikipedia.org/wiki/Filename_extension "Filename extension"), or [type](https://en.wikipedia.org/wiki/Type_code "Type code") or [creator code](https://en.wikipedia.org/wiki/Creator_code "Creator code"). > ## Launch services TBD ## Using mdls to find UTI for a file [stack overflow q](https://superuser.com/q/323599) ```shell-session $ mdls -name kMDItemContentType -name kMDItemContentTypeTree a.html kMDItemContentType = "public.html" kMDItemContentTypeTree = ( "public.html", "public.text", "public.data", "public.item", "public.content" ) ``` ## Edit plist on the fly Converts the plist format to json so that jq can edit it, and then converts it back. ```shell-session cat /Applications/Firefox\ Personal.app/Contents/Info.plist | plutil -convert json -o - - | jq 'del(.CFBundleURLTypes)' | plutil -convert xml1 -o info.plist ``` ## Entering symbols like Euro - € : Option+Shift+2 (https://www.eurosymbol.eu/mac-keyboard) - £: Option+3 - °: Option+Shift+8 - ˚: Option+k - º: Option+0 - ©: Option+g - •: Option+8 ## Find process listening on a port ```shell-session $ lsof -i :5000 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ControlCe 1607 sandipb 7u IPv4 0x338c6b4b4de21523 0t0 TCP *:commplex-main (LISTEN) ControlCe 1607 sandipb 8u IPv6 0x338c6b59b2ebd9a3 0t0 TCP *:commplex-main (LISTEN) ``` One line for IPv4 and one for IPv6. If you want to only see ipv4: ``` $ lsof -i4:5000 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ControlCe 1607 sandipbh 7u IPv4 0x338c6b4b4de21523 0t0 TCP *:commplex-main (LISTEN) ``` If you want to even further restrict to TCP: ``` $ lsof -i4TCP:5000 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ControlCe 1607 sandipb 7u IPv4 0x338c6b4b4de21523 0t0 TCP *:commplex-main (LISTEN) ``` To see all processes listening to any port. ``` $ lsof -i4TCP -sTCP:LISTEN | head COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ARDAgent 1225 sandipb 10u IPv6 0x338c6b59b2ec41a3 0t0 TCP *:net-assistant (LISTEN) node 1314 sandipb 22u IPv4 0x338c6b4b4e125523 0t0 TCP localhost:56237 (LISTEN) ControlCe 1607 sandipb 5u IPv4 0x338c6b4b4dc27e33 0t0 TCP *:afs3-fileserver (LISTEN) ControlCe 1607 sandipb 7u IPv4 0x338c6b4b4de21523 0t0 TCP *:commplex-main (LISTEN) ``` You can filter to a specific binding address. ``` $ lsof -i4TCP@localhost -sTCP:LISTEN COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME node 1314 sandipb 22u IPv4 0x338c6b4b4e125523 0t0 TCP localhost:56237 (LISTEN) Photo\x20 2137 sandipb 15u IPv4 0x338c6b4b4ddfe09b 0t0 TCP localhost:49686 (LISTEN) Obsidian 2735 sandipb 41u IPv4 0x338c6b4b4e2a0303 0t0 TCP localhost:4200 (LISTEN) Code\x20H 2825 sandipb 39u IPv4 0x338c6b4b4e13b78b 0t0 TCP localhost:49333 (LISTEN) ``` >[!note] Inhibiting port and IP address resolutions >Use `-n` to not convert IP addresses, and `-P` to not convert port numbers. ## Display a notification from the command line ```bash osascript -e 'display notification "PR Ready for Review" with title "GitHub Notification"' ``` ## Add spacer to Dock [Use Terminal to Add a Spacer to the Application Side of Your Dock](https://www.lifewire.com/add-custom-and-standard-doc-spacers-to-mac-2260861) (lifewire.com) ```shell-session $ defaults write com.apple.dock persistent-apps -array-add '{tile-type="spacer-tile";}' $ killall Dock ``` ## Find display hardware on system Run `system_profiler SPDisplaysDataType` ```shell-session $ system_profiler SPDisplaysDataType Graphics/Displays: Apple M3 Pro: Chipset Model: Apple M3 Pro Type: GPU Bus: Built-In Total Number of Cores: 18 Vendor: Apple (0x106b) Metal Support: Metal 3 Displays: DELL U2723QE: Resolution: 3840 x 2160 (2160p/4K UHD 1 - Ultra High Definition) UI Looks like: 1920 x 1080 @ 60.00Hz Main Display: Yes Mirror: Off Online: Yes Rotation: Supported LG HDR 4K: Resolution: 3840 x 2160 (2160p/4K UHD 1 - Ultra High Definition) UI Looks like: 1920 x 1080 @ 60.00Hz Mirror: Off Online: Yes Rotation: Supported ``` ## Permission error executing scripts in Shortcuts - Make sure that the shell used in the system bash and not homebrew bash. - If homebrew bash is to be used, make sure it has Full Disk Access in System-Settings->Security and Privacy. ## User Information on Mac On macOS, the user database is managed by [Directory Service](Mac%20dscl.md) rather than `/etc/passwd`. ## Viewing logs ```bash log stream --predicate 'process == "smtp"' --info ``` Viewing smtp traffic here. ## References - https://github.com/drduh/macOS-Security-and-Privacy-Guide