Unix Underpinnings on The Mac
Volume Number: 22 (2006)
Issue Number: 1
Column Tag: Programming
Mac In The Shell
Unix Underpinnings on The Mac
by Edward Marczak
What To Use and What to Avoid
"Think Different" is a great campaign, however, it's nice to know - and downright important - that we share some things with others. Coincidentally, I'm sometimes reminded that I need to go back and cover the basics: the bare essentials. What better time to do that than the new year? (even though time is an abstract, it's a useful tool). So, while us Mac users like to run different, think different, be different, we can learn a lot by looking at what we have in common with other Unix systems.
Introduction
Although I don't hear it too much any more, when OS X first shipped, there was a, "OS X is not Unix" current from certain corners of the Web. While OS X certainly does some things differently than a traditional Unix, and continues to do so increasingly (especially under Tiger, which is all I refer to here), that doesn't make it "not Unix." As Apple "Applefies" more of the Unix that does underpin OS X, let's see what keeps us tied to our Unix brethren.
FreeBSD
The Unix conventions and utilities found in OS X are largely based on, and often taken straight from, FreeBSD. In Beta-vs-VHS thinking, perhaps the *BSDs are Beta to Linux's VHS: a loser in mindshare, but certainly technically superior. If you've used Linux, but not any of the BSDs, as a techie, you owe it to yourself to dive in and check it out. If you have a spare PC, or even an unused Mac, sitting around go download or purchase FreeBSD and give it a whirl. It'll also improve your OS X skills. Next time you're putting together a public facing web site on a budget, and are ready to reach for Linux, try FreeBSD instead.
cron
cron is the sub-system that is most likely completely ingrained in a sys-admin's skull. It would almost be impossible to be an effective admin without it. For the uninitiated, cron is a daemon that schedules jobs to run at certain times. You may have heard that cron no longer exists or runs as of Tiger. Nothing could be further from the truth. Apple's new subsystem, launchd, tries to take over all responsibilities for cron...and doesn't really succeed. A clean install of Tiger has no cron jobs installed by default. If you upgraded from Panther, you'll have your cron jobs carried over.
launchd is Apple's new system for managing daemons and 'agents' on a system-wide and per-user basis. It's a one-system-to-rule-them-all kind of thing that currently only half succeeds. I covered launchd in depth in the May 2005 Mac In The Shell column, pointing out both the advantages and disadvantages. If you're just joining us, I'll give you the top three reasons why launchd can't currently replace cron:
1. cron is way too engrained to go away anytime soon. This leads to...
2. launchd's reliance on plist files for configuration. As nice as the XML based plist is, there are enough tools out there that can easily update a crontab file thanks to it's plain-text based format.
3. Flexibility. While launchd can schedule a job to run at a certain time and date, it can't currently match cron's scheduling flexibility. As in "0 8-20/3 * * 1-5 root /path/to/program" which runs the given job every three hours, Monday through Friday only between 8am and 8pm.
In short, cron kicks butt! You certainly need to learn about launchd, but don't be afraid to schedule things with cron. It's not dead yet! If you're looking to learn a bit more about it, cron on OS X was covered in depth in the March 2005 MacTech.
xinetd
Much like cron, xinetd still exists, but is sitting idle. Also like cron, its features have been subsumed by launchd. Unlike the advice I gave for cron, this is a system to abandon on OS X.
xinetd, like inetd before it, and now launchd, all act as "superservers." Originally, every daemon on a system would launch itself, daemonize, deal with source IP checking (maybe), reserve their listening port, etc. Wietse Venema created "tcp-wrappers", inetd, to act as a master listening agent, which could be configured to enable, disable and restrict access to other daemons that needed to listen for outside requests. The request actually comes into the super-server and then, if appropriate, gets passed on to the real daemon to do the work.
Launchd really excels here: from it's deep integration into OS X, through its efficient use of resources, it's the way to go. Use xinetd if you need to wean yourself off due to use on another Unix. However, make sure it's only a transition. Switch to launchd as soon as possible for this!
Networking Tools
While the use of some of these CLI utilities are deprecated under OS X, they all still work. Certainly not deprecated is netstat. netstat shows information about various network related data structures. It's primarily used to show active network sockets. This is one way you can hunt down exactly what's listening to a port (http://www.radiotope.com/writing/?p=8). netstat will also display the routing table when used with the '-r' switch - an important troubleshooting tool.
ifconfig has been the traditional way to view and set information about a network interface. While ifconfig does work, it may not do precisely what you want. It does still work perfectly as a way to view information about an interface. However, to change or set up an interface, ifconfig has been superceded by networksetup. networksetup is as extensive as any other tool, including any GUI, and should be used over ifconfig.
Like other Unicies, OS X sports an /etc/resolve.conf file. The resolver file configures access to DNS servers for applications, including order of name server lookup, their ports and search domains. Unlike other Unicies, OS X will automatically fill in and adjust /etc/resolv.conf based on your network configuration. Other Unices use /etc/resolv.conf as the origin of this information, and you edit it manually there. OS X plops the sum of other sources into /etc/resolv.conf. Don't edit it manually!
ipfw, the IP FireWall, from FreeBSD has also been included in OS X. It's what handles the software firewall behind the scenes. Note, though, that ipfw is a FreeBSD creation. Linux uses iptables, OpenBSD uses pf, and other Unicies tend to have their own solution.
Config Files
Traditionally, Unix has been a system configured by text files. While Apple has introduced non-plain text config systems, such as NetInfo, OS X does tend to respect the traditional text files for compatibility reasons.
/etc/passwd, traditionally the user authentication database, is still present on OS X. /etc/group, used for group association is also present. Both files are ignored by default, but programs that may not know any better are free to read them. You can have the system reference these files normally by selecting the "BSD and Flat Files" option in Directory Access.
/etc/hosts is present and active by default. This is actually really good news. /etc/hosts is a host to IP database that is consulted ahead of DNS. I use hosts on a daily basis as I test web sites that I'm developing on my local machine. This way, each entry can be set up as a name-based virtual host in Apache. Very handy.
Text Processing Utilities
Due to the number of text files used to configure a traditional system, Unix is awash with programming languages and utilities that manipulate text. Thankfully, Apple saw fit to include all of the current choices out of the box.
perl version 5.8.6 is ready for use under OS 10.4.3. This is an especially nice treat seeing Apple listen closely to their developer audience. During the Jaguar days, perl tended to languish a few revisions behind the current release. Additionally, due to some non-standard choices made for 10.1 and 10.2, updating perl was not easy. Thankfully, version 5.8.6 is close to current - close enough that most utilities won't gripe about it. (Current is 5.8.7, but there's always some script that relies on the latest!).
sed, awk and grep are all where you expect them to be. Last month's column introduced sed, and will have a part 2 next month. These three form the triumvirate of power tools for text processing. Additionally, OS X includes 'tr', the translation utility and, of course, sort - one of the oldest text utilities for Unix platforms.
To round out the programming camp, OS X includes, out of the box, Python, ruby and PHP. Kudos to Apple for keeping this diverse base of utilities on the system, developers happy, and switchers comfortable.
Development
You may have noticed that many of the aforementioned utilities, and other products on OS X are open source that started life elsewhere (including Apache, sendmail, Postfix, Cyrus and others). What makes all of this possible, aside from the source code, is having development tools loaded up. Like some other Unicies, OS X sports gcc, the GNU C compiler. There's a link from 'cc' to the current 'gcc' that acts as a compatibility layer - most Unicies had run their C compiler simply as 'cc'. Most open source software that I've had the pleasure of working with compiles cleanly on OS X. This includes the recently released MySQL 5.
Additionally, the GNU Debugger, gdb, is on the system and ready for use. Interestingly, XCode is partially just a big, convenient front-end to gcc and gdb. Choosing to use these development tools certainly makes switchers feel right at home. Of course, once you get deep into OS X development, there are some great utilities that let you get deeper into the system (like CHUD and Shark).
Mail Systems
Thanks to the open development tools and open source software mentioned in the previous section, the mail systems bundled with OS X are the same ones you can find running on many other Unix platforms. The first huge win is Postfix. Up through OS X 10.2, sendmail was the default MTA. 10.3 brought the switch to Postfix. Written from the ground up with security in mind, Postfix is also an incredible performer. While there are many MTAs in use, including the venerable sendmail (and exim and qmail...) they all operate the same no matter the platform - save Apple's extensions that hook into OS X's authentication methods, which you can find the changes of on Apple's developer site (http://developer.apple.com/darwin).
A popular and powerful POP and IMAP server is Cyrus, from Carnegie Mellon University. Also introduced to OS X as of 10.3, Cyrus has been modified by Apple to work with their custom authentication schemes.
I covered troubleshooting Cyrus/Postfix and DNS as it relates to e-mail in the July and August Mac in the Shell MacTech columns. An upcoming column will get into the details of administering a Tiger based mail system.
Permissions
Yes, Tiger brings us ACLs, however, I find that most people don't know about them, or don't feel comfortable using them (even though I covered them in the May 2005 issue of MacTech!). This keeps us relying on POSIX permissions. Well, welcome to the club! Every Unix out there uses the same set of permissions - even though they may also have something that is more flexible. Of course, sometime with flexibility comes complexity, so, the more basic POSIX permissions will be around for a good long time. Like cron, they're ingrained in the brains of sysadmins everywhere (and, of course, you can find an in-depth tutorial in a prepubescent Mac in the Shell dating February 2005).
Number 1
The number one thing we have in common with other Unix users is Love! OK, maybe not love....but community! Mac culture really is a perfect fit into the Unix world where people tend to be passionate about the tools they use and the platforms they run them on.
Fin
Apple is adding a lot with the systems they've created for OS X. Of course, it's also fantastic to be able to leverage the history that Unix brings. While I wish everyone a very happy New Year, I'll remind you again: it's a great time to assess what you know, what you want to know, and what you need to learn. When you're summing that up, don't forget one of the best systems that OS X inherits from Unix: man.
Enjoy!
Ed Marczak owns and operates Radiotope, a technology consulting company. If you're reading this while at MacWorld Expo, and it's Wednesday, come see Ed present, "From the Chime to the Desktop" and learn all about launchd and the Mac boot sequence. Always more tech tips at http://www.radiotope.com
