I’ve been messing with system provisioning quite a bit lately. i.e. How can I repeatably and consistently configure a system to a known state?
I’ve posted a script to Github that performs provisioning to free up as much RAM as possible on an OS X server system.
OS X is a hairy operating system though, since Apple provides little to no detail about the system services they enable on a freshly-installed machine. This is annoying.
Here are some techniques I use to determine which services can be disabled, and what subsystems they relate to.
First of all, you can get a sense of all of the services run at launch time by running launchctl list:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
$ launchctl list
PID Status Label
1874 - 0x7fbbebe2ec80.anonymous.diskimages-help
409 - 0x7fbbebe06c30.anonymous.installd
363 - [0x0-0x16016].com.apple.AppleSpell
191 - 0x7fbbebe2e9d0.anonymous.com.apple.dock.
84 - 0x7fbbebf00910.anonymous.WindowServer
- 0 org.openbsd.ssh-agent
- 0 com.apple.ZoomWindow
198 - com.apple.wifi.WiFiKeychainProxy
- 0 com.apple.WebKit.PluginAgent
- 0 com.apple.warmd_agent
- 0 com.apple.VoiceOver
- 0 com.apple.UserNotificationCenterAgent
181 - com.apple.usernoted
151 - com.apple.UserEventAgent-Aqua
- 0 com.apple.USBAgent
- 0 com.apple.unmountassistant.useragent
- 0 com.apple.universalaccessd
- 0 com.apple.universalaccesscontrol
- 0 com.apple.universalaccessAuthWarn
176 - com.apple.ubd
- 0 com.apple.TMHelperAgent.SetupOffer
- 0 com.apple.TMHelperAgent
- 0 com.apple.tiswitcher
- 0 com.apple.talagent
163 - com.apple.SystemUIServer.agent
- 0 com.apple.systemprofiler
- 0 com.apple.syncservices.uihandler
- 0 com.apple.syncservices.SyncServer
- 0 com.apple.SubmitDiagInfo
233 - com.apple.storeagent
- 0 com.apple.storehelper
- 0 com.apple.spindump_agent
- 0 com.apple.speech.synthesisserver
- 0 com.apple.speech.speechdatainstallerd
- 0 com.apple.speech.recognitionserver
- 0 com.apple.speech.feedbackservicesserver
- 0 com.apple.softwareupdate_notify_agent
199 - com.apple.SocialPushAgent
193 - com.apple.soagent
172 - com.apple.sharingd
- 0 com.apple.ServiceManagement.LoginItems
- 0 com.apple.security.keychain-circle-notification
556 - com.apple.security.DiskUnmountWatcher
- 0 com.apple.security.agentStub
- 0 com.apple.scrod
- 0 com.apple.screensharing.MessagesAgent
- 0 com.apple.screensharing.agent
- 0 com.apple.ScreenReaderUIServer
- 0 com.apple.scopedbookmarksagent.xpc
- 0 com.apple.SafariNotificationAgent
- 0 com.apple.safaridavclient
- 0 com.apple.ReportPanic
- 0 com.apple.ReportGPURestart
- 0 com.apple.ReportCrash.Self
- 0 com.apple.ReportCrash
- 0 com.apple.RemoteDesktop.agent
- 0 com.apple.reclaimspace
- 0 com.apple.recentsd
- 0 com.apple.rcd
- 0 com.apple.quicklook.ui.helper
- 0 com.apple.quicklook
- 0 com.apple.quicklook.config
- 0 com.apple.quicklook.32bit
- 0 com.apple.PubSub.Agent
- 0 com.apple.printuitool.agent
- 0 com.apple.printtool.agent
- 0 com.apple.pictd
- 0 com.apple.PCIESlotCheck
258 - com.apple.pbs
169 - com.apple.pboard
- 0 com.apple.parentalcontrols.check
- 0 com.apple.PackageKit.InstallStatus
- 0 com.apple.nsnetworkd
- 0 com.apple.NetworkDiagnostics
- 0 com.apple.netauth.user.gui
- 0 com.apple.midiserver
- 0 com.apple.metadata.mdwrite
- 0 com.apple.mdmclient.cloudconfig.agent
- 0 com.apple.mdmclient.agent
- 0 com.apple.maspushagent
- 0 com.apple.Maps.mapspushd
- 0 com.apple.ManagedClient.agent
- 0 com.apple.lookupd
- 0 com.apple.locationmenu
174 - com.apple.librariand
202 - com.apple.LaunchServices.lsboxd
1255 - com.apple.lateragent
- 0 com.apple.java.updateSharing
- 0 com.apple.java.InstallOnDemandAgent
- 0 com.apple.isst
- 0 com.apple.installd.user
- 0 com.apple.IMLoggingAgent
- 0 com.apple.imklaunchagent
196 - com.apple.imagent
204 - com.apple.identityservicesd
- 0 com.apple.icloud.AOSNotificationAgent
- 0 com.apple.icbaccountsd
205 - com.apple.helpd
- 0 com.apple.FTCleanup
- 0 com.apple.FontWorker
- 0 com.apple.ATS.FontValidatorConduit
- 0 com.apple.ATS.FontValidator
- 0 com.apple.FontRegistryUIAgent
173 - com.apple.fontd
- 0 com.apple.findmymacmessenger
165 - com.apple.Finder
- 0 com.apple.FilesystemUI
- 0 com.apple.FileStatsAgent
- 0 com.apple.familycontrols.useragent
2003 - com.apple.EscrowSecurityAlert
- 0 com.apple.dt.CommandLineTools.installondemand
162 - com.apple.Dock.agent
- 0 com.apple.DiskArbitrationAgent
- 0 com.apple.DiagnosticReportCleanUpAgent
- 0 com.apple.csuseragent
- 0 com.apple.coreservices.uiagent
207 - com.apple.coreservices.appleid.authentication
- 0 com.apple.CoreRAIDAgent
- 0 com.apple.CoreLocationAgent
- 0 com.apple.coredata.externalrecordswriter
- 0 com.apple.cookied
- 0 com.apple.ContainerRepairAgent
- 0 com.apple.cmfsyncagent
- 0 com.apple.cfnetwork.cfnetworkagent
- 0 com.apple.cfnetwork.AuthBrokerAgent
- 0 com.apple.btsa
- 0 com.apple.bookstoreagent
- 0 com.apple.bluetoothUIServer
- 0 com.apple.BezelUIServer
- 0 com.apple.avrcpAgent
- 0 com.apple.AssistiveControl
- 0 com.apple.assistantd
- 0 com.apple.assistant_service
- 0 com.apple.apsctl
- 0 com.apple.appstoreupdateagent
- 0 com.apple.appsleep
- 0 com.apple.AOSPushRelay
- 0 com.apple.aos.migrate
- 0 com.apple.alf.useragent
- 0 com.apple.AirPortBaseStationAgent
- 0 com.apple.AddressBook.SourceSync
- 0 com.apple.AddressBook.AssistantService
- 0 com.apple.AddressBook.abd
211 - com.apple.accountsd
56 - 0x7fbbebc04070.anonymous.loginwindow
- 0 com.apple.launchctl.Aqua
3808 - 0x7fbbebe2c910.anonymous.launchctl
3798 - 0x7fbbebc08ce0.anonymous.bash
3797 - 0x7fbbebc08a40.anonymous.sshd
3077 - 0x7fbbebc08790.anonymous.launchproxy
3786 - 0x7fbbebc05150.anonymous.sshd
28 - 0x7fbbebe06700.anonymous.authd
18 - 0x7fbbebc084e0.anonymous.diskarbitration
365 - 0x7fbbebc06e50.anonymous.com.apple.Input
197 - 0x7fbbebc05460.anonymous.IMDPersistenceA
182 - 0x7fbbebe2d3e0.anonymous.com.apple.IconS
95 - 0x7fbbebe2d110.anonymous.CVMServer
84 - 0x7fbbebc04810.anonymous.WindowServer
30 - 0x7fbbebe2cbd0.anonymous.coreservicesd
56 - 0x7fbbebd0a1b0.anonymous.loginwindow
- 0 com.apple.xmigrationhelper.user
- 0 com.apple.TrustEvaluationAgent
190 - com.apple.tccd
- 0 com.apple.syncdefaultsd
- 0 com.apple.speech.speechsynthesisd
218 - com.apple.security.cloudkeychainproxy3
216 - com.apple.secd
- 0 com.apple.sbd
- 0 com.apple.pluginkit.pkd
- 0 com.apple.netauth.user.auth
- 0 com.apple.metadata.mdflagwriter
- 0 com.apple.mdworker.sizing
- 0 com.apple.mdworker.single
- 0 com.apple.mdworker.shared
- 0 com.apple.mdworker.mail
- 0 com.apple.mdworker.lsb
- 0 com.apple.mdworker.isolation
- 0 com.apple.mdworker.bundles
- 0 com.apple.mdworker.32bit
- 0 com.apple.mbpluginhost.user
- 0 com.apple.mbloginhelper.user
- 0 com.apple.KerberosHelper.LKDCHelper
- 0 com.apple.FileSyncAgent.PHD
152 - com.apple.distnoted.xpc.agent
- 0 com.apple.cvmsCompAgentLegacy_x86_64_1
- 0 com.apple.cvmsCompAgentLegacy_x86_64
- 0 com.apple.cvmsCompAgentLegacy_i386_1
- 0 com.apple.cvmsCompAgentLegacy_i386
- 0 com.apple.cvmsCompAgent_x86_64_1
- 0 com.apple.cvmsCompAgent_x86_64
- 0 com.apple.cvmsCompAgent_i386_1
- 0 com.apple.cvmsCompAgent_i386
155 - com.apple.cfprefsd.xpc.agent
- 0 com.apple.launchctl.Background
|
I’ve already disabled a number of services using the Github script, but maybe there are more to be disabled in the launchctl list.
For example: soagent, what is it and what does it do?
The find out, read the com.apple.soagent.plist file in /System/Library/LaunchAgents.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
$ defaults read /System/Library/LaunchAgents/com.apple.soagent.plist
{
EnvironmentVariables = {
NSRunningFromLaunchd = 1;
};
KeepAlive = {
SuccessfulExit = 0;
};
Label = "com.apple.soagent";
LaunchEvents = {
ichat = {
bundleid = "com.apple.ichat";
events = (
didDeliverNotification,
didActivateNotification,
didDismissAlert,
didSnoozeAlert,
didRemoveDeliveredNotifications,
didExpireNotifications
);
};
};
MachServices = {
"com.apple.soagent" = {
ResetAtClose = 1;
};
};
POSIXSpawnType = Adaptive;
ProgramArguments = (
"/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/Contents/MacOS/soagent"
);
RunAtLoad = 1;
}
|
The launchd.plist manpage explains some of these settings.
The process has something to do with iChat. Since I don’t care whether iChat is running on my provisioned machine, I can try disabling this process:
launchctl -w /System/Library/LaunchAgents/com.apple.soagent.plist
If the system is stable with soagent disabled, then everything’s fine. Same thing goes for the CalendarAgent, the SocialPushAgent, and sharingd.
Another example: What is tccd?
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
$ cat /System/Library/LaunchAgents/com.apple.tccd.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.tccd</string>
<key>Program</key>
<string>/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd</string>
<key>MachServices</key>
<dict>
<key>com.apple.tccd</key>
<true/>
</dict>
<key>LimitLoadToSessionType</key>
<string>Background</string>
<key>POSIXSpawnType</key>
<string>Adaptive</string>
</dict>
</plist>
|
|
1
2
3
4
5
6
|
$ ls /System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/
Info.plist de.lproj/ fr.lproj/ it.lproj/ ko.lproj/ pt.lproj/ sv.lproj/ version.plist
ar.lproj/ el.lproj/ he.lproj/ ja.lproj/ ms.lproj/ pt_PT.lproj/ tccd vi.lproj/
ca.lproj/ en.lproj/ hr.lproj/ kTCCServiceAddressBook.tiff nl.lproj/ ro.lproj/ th.lproj/ zh_CN.lproj/
cs.lproj/ es.lproj/ hu.lproj/ kTCCServiceCalendar.tiff no.lproj/ ru.lproj/ tr.lproj/ zh_TW.lproj/
da.lproj/ fi.lproj/ id.lproj/ kTCCServiceReminders.tiff pl.lproj/ sk.lproj/ uk.lproj/
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
$ plutil -convert xml1 -o - /System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/en.lproj/Localizable.strings
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>REQUEST_ACCESS_ALLOW</key>
<string>OK</string>
<key>REQUEST_ACCESS_DENY</key>
<string>Don’t Allow</string>
<key>REQUEST_ACCESS_SERVICE_kTCCServiceAddressBook</key>
<string>“%@” would like to access your contacts.</string>
<key>REQUEST_ACCESS_SERVICE_kTCCServiceCalendar</key>
<string>“%@” would like to access your calendar.</string>
<key>REQUEST_ACCESS_SERVICE_kTCCServiceLocation</key>
<string>“%@” would like to use your current location.</string>
<key>REQUEST_ACCESS_SERVICE_kTCCServiceReminders</key>
<string>“%@” would like to access your reminders.</string>
</dict>
</plist>
|
So tccd appears to be the little popup that appears when application wants to dig into your more personal information. If the provisioned machine is being used as a server w/no logged in UI user, this can also be disabled.
The same pattern of analysis, reading plist files, and looking into the application bundles themselves if necessary, can be applied to all of the launched services.
Nice explanation. Thank you very much !!
checkout this useful site on launchd and launchctl:
http://launchd.info
thank you for this informative, easy to understand post. much appreciation.
Launchctl seems to have been updated for Yosemite.
This is what worked for me:
launchctl unload /System/Library/LaunchAgents/com.apple.soagent.plist
Big difference, as SOAGENT was hogging CPU and MEMORY, and all I had was a spinning ball since I upgraded to Yosemite.
Not for EL Capitan 🙁
Probably due to whatever additional protections they’ve added to the System folder (System Integrity Protection).
Thanks for writing this. It looks useful and I’m thinking about delving into it. I just wonder if it’s time to learn Linux instead. This crap seems to defeat the object of using OS X. Well, for me at least. I mean, why fight against a hostile system dev who obviously doesn’t want me to have any control, when there’s a system that actually wants me to?
Your post got me to dig a little for mojave. Thank you for the inspiration!
Since i have a old-fashion HDD i wanted to stop warmd from “caching” all the stuff, so, for Mojave:
Read up: man launchctl
See system services: launchctl print system
Kill warmd: launchctl kill -9 system/com.apple.warmd
Disable warmd: launchctl disable system/com.apple.warmd
Any chance you’ve done more on this since 2014? Would live to shut down a lot of useless processes on my aging Mac.
Unfortunately no, I haven’t been using macOS regularly in recent years.