Provisioning OS X and Disabling Unnecessary Services
I've been messing with system provisioning quite a bit lately. i.e. How can I repeatably and consistently configure a system to a known state?
I've posted a script to Github that performs provisioning to free up as much RAM as possible on an OS X server system.
OS X is a hairy operating system though, since Apple provides little to no detail about the system services they enable on a freshly-installed machine. This is annoying.
Here are some techniques I use to determine which services can be disabled, and what subsystems they relate to.
First of all, you can get a sense of all of the services run at launch time by running
launchctl list:
$ launchctl list
PID Status Label
1874 - 0x7fbbebe2ec80.anonymous.diskimages-help
409 - 0x7fbbebe06c30.anonymous.installd
363 - [0x0-0x16016].com.apple.AppleSpell
191 - 0x7fbbebe2e9d0.anonymous.com.apple.dock.
84 - 0x7fbbebf00910.anonymous.WindowServer
- 0 org.openbsd.ssh-agent
- 0 com.apple.ZoomWindow
198 - com.apple.wifi.WiFiKeychainProxy
- 0 com.apple.WebKit.PluginAgent
- 0 com.apple.warmd_agent
- 0 com.apple.VoiceOver
- 0 com.apple.UserNotificationCenterAgent
181 - com.apple.usernoted
151 - com.apple.UserEventAgent-Aqua
- 0 com.apple.USBAgent
- 0 com.apple.unmountassistant.useragent
- 0 com.apple.universalaccessd
- 0 com.apple.universalaccesscontrol
- 0 com.apple.universalaccessAuthWarn
176 - com.apple.ubd
- 0 com.apple.TMHelperAgent.SetupOffer
- 0 com.apple.TMHelperAgent
- 0 com.apple.tiswitcher
- 0 com.apple.talagent
163 - com.apple.SystemUIServer.agent
- 0 com.apple.systemprofiler
- 0 com.apple.syncservices.uihandler
- 0 com.apple.syncservices.SyncServer
- 0 com.apple.SubmitDiagInfo
233 - com.apple.storeagent
- 0 com.apple.storehelper
- 0 com.apple.spindump_agent
- 0 com.apple.speech.synthesisserver
- 0 com.apple.speech.speechdatainstallerd
- 0 com.apple.speech.recognitionserver
- 0 com.apple.speech.feedbackservicesserver
- 0 com.apple.softwareupdate_notify_agent
199 - com.apple.SocialPushAgent
193 - com.apple.soagent
172 - com.apple.sharingd
- 0 com.apple.ServiceManagement.LoginItems
- 0 com.apple.security.keychain-circle-notification
556 - com.apple.security.DiskUnmountWatcher
- 0 com.apple.security.agentStub
- 0 com.apple.scrod
- 0 com.apple.screensharing.MessagesAgent
- 0 com.apple.screensharing.agent
- 0 com.apple.ScreenReaderUIServer
- 0 com.apple.scopedbookmarksagent.xpc
- 0 com.apple.SafariNotificationAgent
- 0 com.apple.safaridavclient
- 0 com.apple.ReportPanic
- 0 com.apple.ReportGPURestart
- 0 com.apple.ReportCrash.Self
- 0 com.apple.ReportCrash
- 0 com.apple.RemoteDesktop.agent
- 0 com.apple.reclaimspace
- 0 com.apple.recentsd
- 0 com.apple.rcd
- 0 com.apple.quicklook.ui.helper
- 0 com.apple.quicklook
- 0 com.apple.quicklook.config
- 0 com.apple.quicklook.32bit
- 0 com.apple.PubSub.Agent
- 0 com.apple.printuitool.agent
- 0 com.apple.printtool.agent
- 0 com.apple.pictd
- 0 com.apple.PCIESlotCheck
258 - com.apple.pbs
169 - com.apple.pboard
- 0 com.apple.parentalcontrols.check
- 0 com.apple.PackageKit.InstallStatus
- 0 com.apple.nsnetworkd
- 0 com.apple.NetworkDiagnostics
- 0 com.apple.netauth.user.gui
- 0 com.apple.midiserver
- 0 com.apple.metadata.mdwrite
- 0 com.apple.mdmclient.cloudconfig.agent
- 0 com.apple.mdmclient.agent
- 0 com.apple.maspushagent
- 0 com.apple.Maps.mapspushd
- 0 com.apple.ManagedClient.agent
- 0 com.apple.lookupd
- 0 com.apple.locationmenu
174 - com.apple.librariand
202 - com.apple.LaunchServices.lsboxd
1255 - com.apple.lateragent
- 0 com.apple.java.updateSharing
- 0 com.apple.java.InstallOnDemandAgent
- 0 com.apple.isst
- 0 com.apple.installd.user
- 0 com.apple.IMLoggingAgent
- 0 com.apple.imklaunchagent
196 - com.apple.imagent
204 - com.apple.identityservicesd
- 0 com.apple.icloud.AOSNotificationAgent
- 0 com.apple.icbaccountsd
205 - com.apple.helpd
- 0 com.apple.FTCleanup
- 0 com.apple.FontWorker
- 0 com.apple.ATS.FontValidatorConduit
- 0 com.apple.ATS.FontValidator
- 0 com.apple.FontRegistryUIAgent
173 - com.apple.fontd
- 0 com.apple.findmymacmessenger
165 - com.apple.Finder
- 0 com.apple.FilesystemUI
- 0 com.apple.FileStatsAgent
- 0 com.apple.familycontrols.useragent
2003 - com.apple.EscrowSecurityAlert
- 0 com.apple.dt.CommandLineTools.installondemand
162 - com.apple.Dock.agent
- 0 com.apple.DiskArbitrationAgent
- 0 com.apple.DiagnosticReportCleanUpAgent
- 0 com.apple.csuseragent
- 0 com.apple.coreservices.uiagent
207 - com.apple.coreservices.appleid.authentication
- 0 com.apple.CoreRAIDAgent
- 0 com.apple.CoreLocationAgent
- 0 com.apple.coredata.externalrecordswriter
- 0 com.apple.cookied
- 0 com.apple.ContainerRepairAgent
- 0 com.apple.cmfsyncagent
- 0 com.apple.cfnetwork.cfnetworkagent
- 0 com.apple.cfnetwork.AuthBrokerAgent
- 0 com.apple.btsa
- 0 com.apple.bookstoreagent
- 0 com.apple.bluetoothUIServer
- 0 com.apple.BezelUIServer
- 0 com.apple.avrcpAgent
- 0 com.apple.AssistiveControl
- 0 com.apple.assistantd
- 0 com.apple.assistant_service
- 0 com.apple.apsctl
- 0 com.apple.appstoreupdateagent
- 0 com.apple.appsleep
- 0 com.apple.AOSPushRelay
- 0 com.apple.aos.migrate
- 0 com.apple.alf.useragent
- 0 com.apple.AirPortBaseStationAgent
- 0 com.apple.AddressBook.SourceSync
- 0 com.apple.AddressBook.AssistantService
- 0 com.apple.AddressBook.abd
211 - com.apple.accountsd
56 - 0x7fbbebc04070.anonymous.loginwindow
- 0 com.apple.launchctl.Aqua
3808 - 0x7fbbebe2c910.anonymous.launchctl
3798 - 0x7fbbebc08ce0.anonymous.bash
3797 - 0x7fbbebc08a40.anonymous.sshd
3077 - 0x7fbbebc08790.anonymous.launchproxy
3786 - 0x7fbbebc05150.anonymous.sshd
28 - 0x7fbbebe06700.anonymous.authd
18 - 0x7fbbebc084e0.anonymous.diskarbitration
365 - 0x7fbbebc06e50.anonymous.com.apple.Input
197 - 0x7fbbebc05460.anonymous.IMDPersistenceA
182 - 0x7fbbebe2d3e0.anonymous.com.apple.IconS
95 - 0x7fbbebe2d110.anonymous.CVMServer
84 - 0x7fbbebc04810.anonymous.WindowServer
30 - 0x7fbbebe2cbd0.anonymous.coreservicesd
56 - 0x7fbbebd0a1b0.anonymous.loginwindow
- 0 com.apple.xmigrationhelper.user
- 0 com.apple.TrustEvaluationAgent
190 - com.apple.tccd
- 0 com.apple.syncdefaultsd
- 0 com.apple.speech.speechsynthesisd
218 - com.apple.security.cloudkeychainproxy3
216 - com.apple.secd
- 0 com.apple.sbd
- 0 com.apple.pluginkit.pkd
- 0 com.apple.netauth.user.auth
- 0 com.apple.metadata.mdflagwriter
- 0 com.apple.mdworker.sizing
- 0 com.apple.mdworker.single
- 0 com.apple.mdworker.shared
- 0 com.apple.mdworker.mail
- 0 com.apple.mdworker.lsb
- 0 com.apple.mdworker.isolation
- 0 com.apple.mdworker.bundles
- 0 com.apple.mdworker.32bit
- 0 com.apple.mbpluginhost.user
- 0 com.apple.mbloginhelper.user
- 0 com.apple.KerberosHelper.LKDCHelper
- 0 com.apple.FileSyncAgent.PHD
152 - com.apple.distnoted.xpc.agent
- 0 com.apple.cvmsCompAgentLegacy_x86_64_1
- 0 com.apple.cvmsCompAgentLegacy_x86_64
- 0 com.apple.cvmsCompAgentLegacy_i386_1
- 0 com.apple.cvmsCompAgentLegacy_i386
- 0 com.apple.cvmsCompAgent_x86_64_1
- 0 com.apple.cvmsCompAgent_x86_64
- 0 com.apple.cvmsCompAgent_i386_1
- 0 com.apple.cvmsCompAgent_i386
155 - com.apple.cfprefsd.xpc.agent
- 0 com.apple.launchctl.BackgroundI've already disabled a number of services using the Github script, but maybe there are more to be disabled in the launchctl list.
For example: soagent, what is it and what does it do?
The find out, read the com.apple.soagent.plist file in /System/Library/LaunchAgents.
$ defaults read /System/Library/LaunchAgents/com.apple.soagent.plist
{
EnvironmentVariables = {
NSRunningFromLaunchd = 1;
};
KeepAlive = {
SuccessfulExit = 0;
};
Label = "com.apple.soagent";
LaunchEvents = {
ichat = {
bundleid = "com.apple.ichat";
events = (
didDeliverNotification,
didActivateNotification,
didDismissAlert,
didSnoozeAlert,
didRemoveDeliveredNotifications,
didExpireNotifications
);
};
};
MachServices = {
"com.apple.soagent" = {
ResetAtClose = 1;
};
};
POSIXSpawnType = Adaptive;
ProgramArguments = (
"/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/Contents/MacOS/soagent"
);
RunAtLoad = 1;
}The
launchd.plist manpage (broken link)
explains some of these settings.
The process has something to do with iChat. Since I don't care whether iChat is running on my provisioned machine, I can try disabling this process:
launchctl -w /System/Library/LaunchAgents/com.apple.soagent.plistIf the system is stable with soagent disabled, then everything's fine. Same thing goes for the
CalendarAgent, the SocialPushAgent, and sharingd.
Another example: What is tccd?
$ cat /System/Library/LaunchAgents/com.apple.tccd.plist
Label
com.apple.tccd
Program
/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd
MachServices
com.apple.tccd
LimitLoadToSessionType
Background
POSIXSpawnType
Adaptive
$ ls /System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/
Info.plist de.lproj/ fr.lproj/ it.lproj/ ko.lproj/ pt.lproj/ sv.lproj/ version.plist
ar.lproj/ el.lproj/ he.lproj/ ja.lproj/ ms.lproj/ pt_PT.lproj/ tccd vi.lproj/
ca.lproj/ en.lproj/ hr.lproj/ kTCCServiceAddressBook.tiff nl.lproj/ ro.lproj/ th.lproj/ zh_CN.lproj/
cs.lproj/ es.lproj/ hu.lproj/ kTCCServiceCalendar.tiff no.lproj/ ru.lproj/ tr.lproj/ zh_TW.lproj/
da.lproj/ fi.lproj/ id.lproj/ kTCCServiceReminders.tiff pl.lproj/ sk.lproj/ uk.lproj/
$ plutil -convert xml1 -o - /System/Library/PrivateFrameworks/TCC.framework/Versions/A/Resources/en.lproj/Localizable.strings
REQUEST_ACCESS_ALLOW
OK
REQUEST_ACCESS_DENY
Don’t Allow
REQUEST_ACCESS_SERVICE_kTCCServiceAddressBook
“%@” would like to access your contacts.
REQUEST_ACCESS_SERVICE_kTCCServiceCalendar
“%@” would like to access your calendar.
REQUEST_ACCESS_SERVICE_kTCCServiceLocation
“%@” would like to use your current location.
REQUEST_ACCESS_SERVICE_kTCCServiceReminders
“%@” would like to access your reminders.
So tccd appears to be the little popup that appears when application wants to dig into your more
personal information. If the provisioned machine is being used as a server w/no logged in UI user,
this can also be disabled.
The same pattern of analysis, reading plist files, and looking into the application bundles themselves if necessary, can be applied to all of the launched services.
- ← Previous
Things Noticed - Next →
Not Bothering