In addition to those on its well-known list of 200+ new features, OS X Mountain Lion also brings along a handful of new UNIX commands and binaries. Most are probably outside the scope of Ask Different (e.g. commands concerning Radius Authentication, Kerberos or Berkeley DB maintainance) but some of them may prove valuable to (aspiring) power users out there. As always, you will find more information in the corresponding man pages.

Administrator commands (/usr/sbin)

sharing – create share points for afp, ftp and smb services

This is a great addition to the UNIX shell level: a tool to create, modify and delete share points (aka shared directories). In its most basic form it can be used like this to add a share for a specific directory on afp, ftp and smb/Samba:

sudo sharing -a /Users/bob/bobs-toolbox

To turn off guest access to the newly-created share, use

sudo sharing -e /Users/bob/bobs-toolbox -g 000

Removing the share entirely is as easy as

sudo sharing -r /Users/bob/bobs-toolbox

In addition, sharing allows for individual names and access rights for all three sharing protocols and access to protocol-specific details.

The only drawback is that the command must always be run as root, but that’s probably only a minor issue for most users and uses.

serverinfo – determine server status

This is intended primarily to be used in shell scripts to determine whether the script is running on an OS X server and whether specific server features are enabled:

if serverinfo -q --hardware; then echo Running on server hardware; fi

There is no man page for this command, but running serverinfo -h prints a bunch of options.

Common commands (/usr/bin)

caffeinate – prevent the system from sleeping on behalf of a utility

This allows you to either directly prevent your Mac from falling asleep for a specific period of time (e.g. an hour):

caffeinate -u -t 3600

or allows a command to run for a prolonged period without the automatic (and, since 10.8, rather aggressive) sleep function kicking in

caffeinate -s any-long-running-command -with arguments

It doesn’t have anything to do with Java(TM) though…

fdesetup – FileVault enabling tool

FileVault full disk encryption is one of the things you enable once and then forget about, it just works (TM). So why have a UNIX command to support this process? Right now I see two usage scenarios here:

After turning on FileVault every user must log in once to enable his/her account again. There is no obvious way to find out which users haven’t done so yet, only a rather unhelpful message in the Preferences pane. Using fdesetup you can list all enabled users with sudo fdesetup list and also help indivdual users enable their account with sudo fdesetup add -usertoadd bob .

In a network environment (e.g. a computer lab in a school) the administrator is now able to force enable FileVault on all computers on the network with a clever combination of ssh and fdesetup , including integration with Open Directory and Keychains where needed.

Interestingly enough this command only supports the main hard drive right now; encryption of any attached storage devices needs to be done with hdiutil .

pgrep, pkill – find or signal processes by name

A lot of people probably installed these two utilites via homebrew or MacPorts in the past because it’s easier to use pgrep instead of ps options | grep what.*ever (which usually also returns the grep command itself). With 10.8 both pgrep and the potentially dangerous pkill are available in every standard installation. So if you wanted to know how many processes are running for Chrome a simple pgrep Chrome | wc -l will give you the answer (33 on my iMac right now).

For the more daring minds pkill can act like a machine gun for processes. If you want to kill all Chrome instances for user bob you can now easily run sudo pkill -U bob Chrome without impacting other users. For more specific stuff (especially involving elaborate regular expressions) confirmation before each kill can be enforced with -I .

tccutil – manage the privacy database