macOS for Linux admins (2022 refresh)

+
Reading Time: 7 mins
Section: Blog Posts
Categories: blog
Tags: IT sysadmin Linux macOS UNIX

As I mentioned in my CompTIA blog post All About Linux and Linux+ ( https://www.comptia.org/blog/all-about-linux-and-linux ), Linux is essentially an open-source UNIX operating system. And since nearly all of the concepts, commands and files are identical between UNIX and Linux, anyone who works with Linux could easily administer a UNIX system.

The macOS operating system that runs on Apple computers is a flavor of UNIX. Thus, most of the concepts that you use when administering a Linux system are also applicable to macOS. It’s not uncommon to find Apple laptops running macOS within organizations today, or even Apple desktops within certain departments, such as Marketing, where they are often used for graphics and desktop publishing. Consequently, when applying for IT administration and support jobs that require a macOS skillset, Linux is a big benefit!

However, before supporting macOS within an organization, it’s important to understand the similarities and differences between Linux and macOS from an IT point-of-view. In this blog post, I’ll give you an overview of what macOS is, as well as the key similarities and differences between Linux and macOS.

macOS Basics

macOS is also ~80% open source software. The underlying operating system is an open source operating system called Darwin that is largely maintained by descendents of the BSD UNIX community. Apple adds the remaining ~20% closed source components that comprise the graphical desktop and frameworks.

The kernel that macOS uses is called XNU (X is not UNIX). XNU is part MACH 3.0 microkernel, part BSD UNIX kernel (filesystem & networking), and part I/O Kit (an Apple driver framework). The XNU kernel and Darwin system are directly evolved from NeXTSTEP UNIX. When Apple purchased NeXT from Steve Jobs in the late 1990s, they essentially rebranded NeXTSTEP UNIX as Mac OS X (now called macOS). When you develop for macOS/iOS, you still use programming objects that inherit from NSObject (NeXT Software Object).

As of May 2022, macOS Monterey (12.4) is the latest version of macOS. Prior to macOS Sierra (10.12), macOS was called Mac OS X (10.0 - 10.11). Mac OS 9 and earlier (1980s-1990s) were not based on NeXTSTEP UNIX.

Exploring macOS

As shown below, macOS seems very similar to Linux. However, the app shortcut bar (called the Dock) is at the bottom and visible by default (the GNOME Dock is at the left and you must click Activities to see it).

macOS Desktop

The leftmost icon shown on the Dock is the Finder (file browser app), and nearly all system configuration can be performed by opening the System Preferences app (cog wheel icon). In addition to configuring desktop, network and firewall settings, you can also start network services such as SSH, FTP file sharing, and the Apache Web server using System Preferences.

You can navigate to Finder > Applications > Utilities > Terminal to open a command line shell. macOS uses the Z shell by default, but you can change it to Bash using the chsh -s /bin/bash command.

Your macOS user account is a member of the admin group (equivalent to the wheel group in Linux) and has permission to run any command as root using sudo (via a line in /etc/sudoers). However, if you wish to switch to the root user using su – to perform system administration, you must first assign the root user a password using the dsenableroot command.

The directory structure is very similar to Linux systems with some noticeable differences (e.g. home directories are under /Users instead of /home). Following is a list of common macOS directories:

  • /Applications Stores most user programs
  • /bin Contains binary programs that any user may execute
  • /dev Contain device files used to reference system devices
  • /etc Contains most system configuration (symlink to /private/etc)
  • /Library Contains program libraries, documentation, and app settings
  • /Network Contains libraries and information from remote systems
  • /private Contains OS information that users should not normally view
  • /sbin Contains superuser (root) executables
  • /System Contains most system configuration & operating system files
  • /tmp Contains temporary files used by apps (symlink to /private/tmp)
  • /Users Default location for all regular user home directories
  • /User Information Contains system documentation (symlink to /Library/Documentation)
  • /usr Stores most executables (/usr/bin, /usr/sbin) and their documentation (/usr/share/man, /usr/share/doc)
  • /var Contains log files and spool/content directories
  • /Volumes Contains subdirectories used for mounting devices to

Only the /Applications, /Library, /System, /User Information, and /Users folders are shown in the graphical desktop by default. All other directories are hidden from normal view and may be viewed using a shell. Additionally, there is a Library folder in each home directory that stores user-specific program libraries, documentation, and app settings.

Each application in macOS is contained within a single directory called a bundle. Bundles are directories with an .app extension that appear as program icons in the Finder. When double-clicked, they launch the app contained within. You can use the open command to run a bundle from the command prompt. For example, open /Applications/Firefox.app will start the Firefox Web browser. Like a Flatpak or Snap package, bundles contains all executable files, configuration files, and dependencies needed by an app. If you drag a bundle to the Trash, you will remove all files associated with the app (other than user-specific files and settings stored in your home directory). To look inside a bundle, run the cd bundlename.app command, or right-click the bundle in the Finder and choose Show Package Contents.

To view system events, macOS provides a central graphical log file viewer (/Applications/Utilities/Console) that contains shortcuts to all major log files on the system. The /Applications/Utilities/Activity Monitor program is the macOS equivalent of the top command in Linux and the Task Manager in Windows. It displays system statistics process information but can also be used to kill processes. Alternatively, you can right-click an app icon on the Dock and choose Force Quit to kill a process or use the Cmd+Option+Esc key combination to do the same. The Cmd key on a Mac is the same as the Windows key on a PC. You can hold down the Cmd+R keys during startup to interact with the macOS Recovery Tool in the event you need to repair or reinstall macOS from across the Internet.

Storage devices in macOS contain a single partition that is sliced into file systems. By default, the block device file /dev/disk0 refers to the whole partition on the first storage device, /dev/disk0s1 refers to the first slice (which usually contains the boot loader) and /dev/disk0s3 refers to the third slice (which usually contains the / filesystem). macOS uses the Apple File System (APFS) to format slices. When you insert removable media (e.g. DVD or USB flash drive), the filesystem is automatically mounted to a subdirectory of /Volumes and a symlink to it is placed in your Finder.

Network devices also have different names in macOS compared to Linux. The first wired or wireless Ethernet network interface is called en0, the second is called en1, and so on.

macOS Commands

Nearly all commands (and command options) in Linux are identical in macOS. However, there are some notable additions and differences, as shown below in alphabetical order:

  • caffeinate Prevents a macOS system from entering power save / sleep mode
  • defaults Sets macOS system preferences
  • diskutil Creates, formats and checks macOS filesystems
  • ditto Same as the cp command (also in macOS)
  • dscl Manages users (and groups) on the system
  • dseditgroup Manages groups on the system
  • dsenableroot Enables the root user by setting a password for it
  • jobs Unlike the same command in Linux, it summons Steve Jobs ;-)
  • launchctl Starts and stops macOS daemons and system components (equivalent to systemctl on Linux)
  • networksetup Configures network interface settings
  • newfs_type Creates filesystems (type = exfat, apfs, and so on.)
  • nvram Modifies Macintosh boot firmware
  • open Executes a macOS application bundle
  • pdisk Create Apple disk partitions.
  • pkgutil Manages and queries macOS software packages
  • pmset Configures macOS power management settings
  • scutil Changes network locations (for firewall zones)
  • security Configures password storage and certificates
  • softwareupdate Updates macOS system software
  • spctl Modifies and displays macOS SecAssessment settings (the macOS equivalent to SELinux)
  • sw_vers Displays the version of macOS
  • sysctl Modifies system settings
  • system_profiler Displays macOS system hardware and software information
  • systemsetup Configures macOS system and graphical display information
  • vm_stat The macOS equivalent of vmstat