NAME
notes_mac_setup - some recommendations for setting up Mac for running Antelope
SUPPORT
BRTT does not provide IT support. We include the notes in this
man-page to provide some Antelope-specific guidelines for IT personnel
setting up systems to run Antelope. We make no claims that these
notes are comprehensive, especially in regards to setting up IT
systems in general. Note that large, enterprise-class systems REQUIRE
an expert IT team to set up and administer their IT
capabilities. While BRTT does not provide such services, if you
contact us via
support@brtt.com we may be able to direct you
to other service providers for assistance.
DESCRIPTION
The default Macintosh
OS X installation benefits from several changes when running Antelope.
When you get a new mac (or when you reinstall from scratch), here are some things you may wish to consider:
Case Sensitive Filesystem
Traditional UNIX and Antelope in particular use capitalization to indicate important
information about files. So you must have a case sensitive partition where
you will install Antelope, and where you will run Antelope. Perhaps the easiest
way to accomplish this is to make every local partition HFS+: Mac
OS X Extended Case Sensitive.
Mac
OS X works fine with case sensitive partitions, but some programs, especially from Adobe,
may fail or may not install. For instance, Adobe Creative Suite installs but doesn't work.
You can create case sensitive partitions using Disk Utility (it's an option early in the install process).
Explicitly Mounting partitions at arbitrary points
Mac
OS X likes to just automatically mount partitions
in
/Volumes, usually with the name assigned to the partition. You may want to
override that with an entry in
/etc/fstab. Be sure to edit
fstab with vifs(1) -- as
the file typically says in the comments. Getting the right line there will take
some effort, however. Something like the following may work:
% diskutil info /dev/disk0s3 | grep UUID
Volume UUID: 03D9F6DF-FC9B-3D31-88C1-89231E70094B
% sudo vifs
% tail -1 /etc/fstab
UUID=03D9F6DF-FC9B-3D31-88C1-89231E70094B /opt/antelope hfs rw,auto,owners 1 0
% sudo defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin -bool true
% sudo reboot
Before the reboot but after editing /etc/fstab, you may want to run Disk Utility,
select the disk you want to mount and use the Mount button on the Disk Utility window to mount it.
Thereafter, it should get mounted automatically at boot time.
Mounting NFS partitions from other machines
Disk Utility somehow manages a list of NFS mounts; where it keeps this list is unknown, as is when
these mounts might happen (or not). I have sometimes had to force them manually by running
sudo mount <path>
after a reboot.
One issue seems to have to do with the order in which partitions are mounted:
/opt/antelope has to be mounted before you can
mount something under
/opt/antelope, but there's no obvious way to set the order in which mounts
happen. Probably something to do with
launchd.
Users and Groups
The Mac just automatically assigns user and group IDs, but if
you're working around other machines, you want to coordinate the
ids so that NFS works properly. Do this by using the
Users/Accounts preferences. Hold down the control key as you
press the mouse button over your account name in this window and
select advanced preferences.
Set the user and group ids that you want.
Also set your shell to be
tcsh.
Before rebooting, execute
% sudo chown -R your-userid /Users/your-userid
to fix the ownership of home directories (and other directories).
Then reboot the computer.
To add groups, look at a pulldown menu at the top of a dialog box for
adding a new user, and choose group. Then you should be able to add groups.
By hand, you can look at dseditgroup(1) or dscl(1), but these are pretty
obtuse.
Look at references below in the
SEE ALSO section for info about
Open Directory.
Disabling Spotlight
Spotlight should not be running anywhere that Antelope is creating files, because the
files Antelope creates and uses are regularly modified, triggering
Spotlight to uselessly re-scan them, since it can't really index them. Perhaps the best
thing is disable
Spotlight entirely.
First modify /etc/hostconfig to read:
SPOTLIGHT=-NO-
Then to get rid of the existing index, run these two commands from
Terminal:
% mdutil -i off /
% mdutil -E /
The first command disables indexing on the boot volume, and the second
erases the existing template. Then just reboot.
If you later change your mind and decide you
want
Spotlight after all, it's easy to reactivate.
Set
SPOTLIGHT=-YES- in
/etc/hostconfig, then
% mdutil -i on /
and reboot.
Alternatively, you can configure Spotlight to only index certain areas of the disks. Spotlight
can be quite useful for finding particular documents. Also, with OS X 10.8 and above, globally disabling
Spotlight may have undesirable consequences, such as breaking the Mac App Store and the system
software update process. There are two ways to disable Spotlight for specific directories, such as
waveforms directories and orbserver file directories. The first is by adding the directories in question to the
exclusion list in the the Spotlight->Privacy tab of the Mac System Preferences application. The
second method is to create an empty file called
.metadata_never_index
inside each directory to be ignored.
OSX ISO Quarantine
Modern versions of OSX quarantine ISO images and executables downloaded via web-browser from the internet. The way
to remove this quarantine bit, at least in OSX
Mojave and
Catalina, is via
% xattr -d com.apple.quarantine Antelope.iso
Enabling the locate command
After disabling spotlight, you may want to
run the
locate daemon, so you can easily locate files by their name (not the content).
To start the
locate daemon:
% sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.locate.plist
Sleep mode and rebooting
Turn off sleep mode so the machine doesn't shut down automatically, at least for desktops.
Be sure to set the Restart after power failure checkbox in the System
Preferences Energy Saver panel.
The System Preferences Energy Saver and it's command line equivalent pmset may not be
100% effective at preventing sleep. An alternative to this is to add the caffeinate(1)
command to an rtexec.pf file with the command-line
caffeinate caffeinate -i
Passing the
-i option prevents the system itself from sleeping, but still allows the display
to go to sleep.
limits
For process and memory statistics, also look at sysctl(8). Older versions of
OS X
(e.g.
Leopard era) had
kern.maxproc and
kern.maxprocperuid which were often too low (532 and 265).
In those systems an approach was to use
launchctl or
sysctl to set new limits dynamically,
or
/etc/launchd.conf to set the limits at reboot.
% launchctl limit
% sudo /bin/tcsh
# cat >> /etc/launchd.conf
limit maxfiles 10000 50000
limit maxproc 2048 2068
^D
# ^D
More modern operating systems such as
OS X El Capitan may require entries in
/Library/LaunchDaemons
such as
% cat /Library/LaunchDaemons/limit.maxfiles.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd " >
<plist version="1.0">
<dict>
<key>Label</key>
<string>limit.maxfiles</string>
<key>ProgramArguments</key>
<array>
<string>launchctl</string>
<string>limit</string>
<string>maxfiles</string>
<string>10000</string>
<string>50000</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>
and
% cat /Library/LaunchDaemons/limit.maxproc.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd " >
<plist version="1.0">
<dict>
<key>Label</key>
<string>limit.maxproc</string>
<key>ProgramArguments</key>
<array>
<string>launchctl</string>
<string>limit</string>
<string>maxproc</string>
<string>2048</string>
<string>2068</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>
System Integrity Protection on OS X El Capitan (10.11) and above
Starting with
OS X El Capitan, Apple introduced a feature called
System Integrity Protection (SIP)
which prevents changes to directories like
/System/Library/LaunchDaemons, even as the root user. This
can be quite inconvenient if you wish, for example, to add the
KeepAlive parameter to
org.postfix.master.plist, or make any other similar startup change. The procedure to change files under
SIP is as follows:
-
Boot to recovery mode (Hold Command-R during startup)
-
Open Utilities->Terminal
-
Execute
% csrutil disable
to turn off SIP
-
Reboot to normal OS
-
Make necessary changes to files that were under SIP protection
-
Boot back to recovery mode
-
Open Utilities->Terminal
-
Execute
% csrutil enable
to re-enable SIP
-
Reboot to normal OS
Postfix
If you simply wish to turn off the
postfix mail service:
% sudo launchctl unload -w /System/Library/LaunchDaemons/ org.postfix.master.plist
Alternatively you may need to configure
postfix so a user can send email from the command
line. A useful tutorial is located at
http://www.developerfiles.com/how-to-send-emails-from-localhost-mac-os-x-el-capitan/
Miscellaneous
-
Edit /etc/sshconfig and /etc/sshdconfig to set X11Forwarding to yes; be sure to remove the leading pound sign (#)
from these lines:
X11Forwarding yes
-
Change the mouse settings in System Preferences to get a 3 button mouse; the Apple magic mouse
does not offer a 3 button setting. Another solution is to buy a third party mouse.
-
Turn on remote logon, and disk sharing.
-
Turn on fast user switching
-
Turn off automatic login
-
Put Terminal, Console, and Activity Monitor in the dock (from the Applications/Utilities folder).
-
Add Quick Look, Delete, Get info, New Folder, and Path to the finder toolbars (under View->Customize Toolbar).
-
Block pop-up windows in safari
-
Set Terminal default to return backspace for delete: Terminal->Preferences->Settings->Advanced->Delete sends Ctrl-H
-
Edit /usr/X11/lib/X11/app-defaults/XTerm to add
*geometry: 80x48
*scrollBar: on
*saveLines: 500
-
Add other local users
-
Add all local non-nameserved hosts to /etc/hosts
SEE ALSO
notes_mac_bookshelf(5)
notes_mac_development(5)
notes_mac_extras(5)
notes_mac_unix_anomalies(5)
notes_mac_mavericks(5)
For Open Birectory:
AUTHOR
Daniel Quinlan
Modified by Kent Lindquist