Provisioning OS X and Disabling Unnecessary Services

I’ve been messing with system provisioning quite a bit lately. i.e. How can I repeatably and consistently configure a system to a known state?

I’ve posted a script to Github that performs provisioning to free up as much RAM as possible on an OS X server system.

OS X is a hairy operating system though, since Apple provides little to no detail about the system services they enable on a freshly-installed machine. This is annoying.

Here are some techniques I use to determine which services can be disabled, and what subsystems they relate to.

First of all, you can get a sense of all of the services run at launch time by running launchctl list:

I’ve already disabled a number of services using the Github script, but maybe there are more to be disabled in the launchctl list.

For example: soagent, what is it and what does it do?

The find out, read the com.apple.soagent.plist file in /System/Library/LaunchAgents.

The launchd.plist manpage explains some of these settings.

The process has something to do with iChat. Since I don’t care whether iChat is running on my provisioned machine, I can try disabling this process:

launchctl -w /System/Library/LaunchAgents/com.apple.soagent.plist

If the system is stable with soagent disabled, then everything’s fine. Same thing goes for the CalendarAgent, the SocialPushAgent, and sharingd.

Another example: What is tccd?

So tccd appears to be the little popup that appears when application wants to dig into your more personal information. If the provisioned machine is being used as a server w/no logged in UI user, this can also be disabled.

The same pattern of analysis, reading plist files, and looking into the application bundles themselves if necessary, can be applied to all of the launched services.

11 thoughts on “Provisioning OS X and Disabling Unnecessary Services”

  1. Launchctl seems to have been updated for Yosemite.
    This is what worked for me:
    launchctl unload /System/Library/LaunchAgents/com.apple.soagent.plist
    Big difference, as SOAGENT was hogging CPU and MEMORY, and all I had was a spinning ball since I upgraded to Yosemite.

    1. Probably due to whatever additional protections they’ve added to the System folder (System Integrity Protection).

  2. Thanks for writing this. It looks useful and I’m thinking about delving into it. I just wonder if it’s time to learn Linux instead. This crap seems to defeat the object of using OS X. Well, for me at least. I mean, why fight against a hostile system dev who obviously doesn’t want me to have any control, when there’s a system that actually wants me to?

  3. Your post got me to dig a little for mojave. Thank you for the inspiration!
    Since i have a old-fashion HDD i wanted to stop warmd from “caching” all the stuff, so, for Mojave:

    Read up: man launchctl

    See system services: launchctl print system

    Kill warmd: launchctl kill -9 system/com.apple.warmd

    Disable warmd: launchctl disable system/com.apple.warmd

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.