Professional Documents
Culture Documents
Nava H. The macOS User Administration Guide... 2021
Nava H. The macOS User Administration Guide... 2021
Administration Guide
Herta Nava
BIRMINGHAM - MUMBAI
The macOS User Administration Guide
Copyright © 2021 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means, without the prior written permission of the publisher, except in the case of brief
quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information
presented. However, the information contained in this book is sold without warranty, either express or
implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any
damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products
mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the
accuracy of this information.
ISBN 978-1-83864-365-2
www.packt.com
To my husband, Martin, and my children, Luis, Kenaya, Stephanie, and Angie, for their
immense love and support and for understanding that good things never come easy in
life. To my parents, Waldo and Karin, for loving us so much and working so hard for us
all these years, even today. To my sisters, Karen and Raquel, and my brother, Nelson, for
their love and friendship and for being an example of what it means to succeed. And to
my Father in Heaven, to whom I owe absolutely everything.
– Herta Nava
Contributors
I want to thank the Packt editorial team for their support during the process of
writing this book. I'm immensely grateful to my Content Development Editor,
Aamir Ahmed, for his continuous support and expertise. My sincere appreciation to
everyone in the Packt team who provided valuable feedback at various stages of the
book: Hayden Edwards, Divij Kotian, Govindan K, Mohammed Imaratwale, and
Smit Carvalho. I also want to thank Adam Tomczynski for the technical reviews.
I wish to acknowledge Apple for developing great products people like me can enjoy
and even write about.
About the reviewers
Alex Farnsworth is an Apple Certified Support Professional with over 7 years of
experience managing Apple devices. He first found his passion for working with
macOS/iOS devices while working at Apple in 2013. He has built upon that passion
by helping businesses architect and build solutions that focus on user experience
while ensuring that management is efficient and scalable.
Adam Tomczynski has over 20 years of technical experience and started his career in
information technology as a computer support technician. His interest in computers
began at a young age and continued through his high school and college years. In an
educational setting, he has supported Novell and Microsoft servers, centralized
storage, mail archiving and backup solutions, endpoint protection, and more. Adam
is Apple ACTC, ACSP, ACMT, and ACiT certified. He is a continuous learner.
[ ii ]
Table of Contents
Summary 114
Chapter 4: User Accounts Management 115
Technical requirements 116
Types of user accounts 116
Local user accounts 116
Standard user account 117
Administrator user account 118
Root user account 119
Guest user account 119
Sharing Only user account 120
Group user account 121
Other user accounts 122
Network user accounts 122
Mobile user accounts 122
Managing user accounts 123
Creating standard user accounts 125
Initial setup of a new user account 128
Using your Apple ID or iCloud account 130
Creating a new Apple ID 131
Turning a Standard account into an Administrator account 135
Configuring additional account preferences 136
What are account attributes? 141
Deleting user accounts 144
Restoring deleted user accounts from a disk image 146
Restoring deleted user accounts kept in the Users folder 150
Managing the root user 151
Enabling the root user 151
Logging in as the root user 154
Disabling the root user 156
Managing the Guest user 157
Adjusting the login options 159
Automatic login 159
What is fast user switching? 161
Using Screen Time (macOS Catalina and later) 162
Tracking usage 164
App Usage 164
Notifications 166
Pickups 166
Limiting usage 167
Downtime 168
App Limits 170
Always Allowed 172
Content & Privacy 172
Understanding user home folders 174
The user home folder structure 174
The Desktop folder 176
Using Stacks 176
Quick Actions 178
[ iii ]
Table of Contents
[ iv ]
Table of Contents
[v]
Table of Contents
Summary 294
Further reading 294
Chapter 7: Understanding Ownership and Permissions 295
Technical requirements 296
Understanding ownership and permissions 296
What are ownership and permissions in macOS? 296
Access Control Lists (ACLs) 299
Access hierarchical rules 299
Case 1 300
Case 2 300
File flags 301
macOS's filesystem security policy 303
Managing access and ownership 304
Verifying an item's ownership and permissions 304
Changing an item's ownership and permissions 306
Ownership in non-system volumes 310
Granting and changing permissions 311
Deleting permissions 313
Permission customization examples 314
Example 1: Restricting access to an item 314
Example 2: Propagating folder permissions 315
Using macOS shared folders 318
The Public and Drop Box folders 318
The Shared folder 321
Summary 323
Chapter 8: System Resources and Shortcuts 324
Technical requirements 325
Understanding system resources 325
Types of system resources in macOS 325
Extensions 326
Frameworks 327
Fonts 328
Preference files 329
LaunchAgents and LaunchDaemons 330
Logs 330
System resource domains 330
Sandboxing 331
Managing system resources 334
Uncovering hidden files and folders 334
Accessing the Library folder temporarily 335
Accessing the Library folder permanently 338
Managing font resources 339
Installing fonts 340
Font location preferences 342
Resolving duplicate fonts 343
[ vi ]
Table of Contents
[ vii ]
Table of Contents
[ viii ]
Table of Contents
[ ix ]
Table of Contents
ICMP 513
macOS network configurations 513
Initial network configuration 515
Connecting to Wi-Fi 516
Other types of networks 520
Ad hoc networks 521
Enterprise 524
What are network locations? 525
Configuring additional network services 531
VPN configuration 532
Bonjour 537
Advanced network configurations 538
Custom Wi-Fi configuration 538
Manual TCP/IP configuration 541
NetBIOS/WINS 543
802.1X configuration 544
Network proxies 544
Manual Ethernet configuration 546
Summary 547
Further reading 547
Chapter 13: Using macOS Network Services 548
Technical requirements 548
Using network services in macOS 549
Understanding network services in macOS 549
Types of network services in macOS 550
Network services accounts 550
Mail 551
Notes 552
Calendar 555
Network calendar services 555
Reminders 557
Contacts 558
Messages 559
FaceTime 559
Safari 560
Configuring network services and apps 561
Automatic configuration for essential apps 561
Manual configuration for essential apps 565
Adding additional email accounts 566
Configuring services with an iCloud account 567
Configuring Messages 569
Continuity 570
Sidecar 571
Continuity Markup and Sketch 571
Text Message Forwarding 571
Cellular Calls 572
[x]
Table of Contents
[ xi ]
Table of Contents
[ xii ]
Table of Contents
[ xiii ]
Preface
macOS is the current generation of operating systems running on all Apple Mac
computers. In this book, we will explore the capabilities and tools it offers for system
administration and support tasks. Although many features of the Mac's interface are
covered, this book is not intended to explain all the basic aspects of the hardware and
user interface, but rather the areas pertinent for a user acting as an administrator.
This book will walk you through the world of macOS from a system administration
and support point of view. You will be able to take advantage of the resources macOS
offers for a large variety of common administration tasks. In addition, you will be
empowered to configure key services and perform essential troubleshooting. More
importantly, you will have a good understanding of the macOS environment and its
tools for system administration tasks. For this reason, most of the examples provided
will be from an administrator's perspective. However, when relevant, a standard
user's perspective is also presented. The examples and illustrations we show in this
book are from a Mac running macOS 11 (Big Sur), and sometimes, when necessary,
we refer to other macOS versions, such as macOS 10.15 (Catalina).
On the other hand, we are all aware of the incredible pace at which technology is
changing today. In particular, Apple is implementing improvements and new
technologies at a rapid pace, and this includes its operating systems, such as macOS,
the subject of this book, and its Mac models, with the introduction of the M1 silicon
chip, which will introduce significant changes as its implementation across models
advances. In that respect, we have done our best to make this book useful for all the
most recent macOS versions, and we will do our best to update and review any topics
that are improved or changed over time. However, bear in mind that sometimes it is
not possible to do this as soon as changes or improvements are implemented.
Preface
We will start by understanding how macOS is different from other leading operating
systems, as well as exploring its main and most recent features. Then, we will move
on to installing and configuring macOS, including the use of the recovery system.
Next, we will examine the start up process. After that, we will learn how to manage
users, including important information on user security and privacy. Following that,
we will describe the filesystem to understand the logic behind it, including managing
disks, volumes, and partitions. Next, we will cover ownership and permissions in
macOS and how to manage them. Then, we will jump into managing system
resources, apps, and documents, including backups with Time Machine. In the final
part of the book, we will touch on more advanced topics, such as network
configuration, network services, and sharing services. There is also a chapter
dedicated to the tools available for securing the system. And, finally, we will look at
examples of how to use the command-line tool for administration tasks. An Appendix
that includes troubleshooting steps designed to help you solve various potential
issues and common scenarios is also included.
Chapter 3, The Start Up Process, covers the different stages of the macOS start up
process. It describes the audio and visual cues that happen during the process.
Chapter 4, User Accounts Management, describes the types of users available in macOS
and how to manage them.
[2]
Preface
Chapter 5, Managing User Security and Privacy, includes key aspects of managing user
security and privacy.
Chapter 6, The macOS File System: Disks, Volumes, and Partitions, describes the macOS
filesystem, and this includes managing disks, volumes, and partitions.
Chapter 8, System Resources and Shortcuts, explores what system resources are and
how macOS uses them to optimize the system.
Chapter 9, Understanding Metadata and Searching, examines the tools macOS provides
for the effective use of metadata (such as tags) and searching (with tools such as
Spotlight).
Chapter 10, Managing Apps and Documents, shows the resources that macOS provides
for managing apps and documents efficiently.
Chapter 11, Backups and Archiving, describes the methods available in macOS for
creating backups, more specifically, through the Time Machine app, and archiving.
Chapter 13, Using macOS Network Services, explains how to take advantage of the
network services macOS provides for key services such as mail, as well as features
such as Continuity for seamless work across Apple devices.
Chapter 14, Using macOS Sharing Services, explores the sharing services macOS
provides for useful tasks, such as file sharing, remote controlling, and screen sharing.
Chapter 15, Managing Security in macOS, covers system, hardware, application, and
user security topics. It discusses measures and suggestions to improve security in all
these areas.
Chapter 16, Using the Command Line, describes the macOS command-line tool called
Terminal and includes several examples of how to use it for advanced administration.
[3]
Preface
Since this is not a Mac or a macOS user guide, it would be very helpful to be familiar
with the Mac hardware and the macOS environment. If you are new to the world of
Mac and macOS, it might be helpful first to check out a Getting Started guide. There
are many good examples available on the internet that will walk you through the
basics of using a Mac for the first time.
Conventions used
There are a number of text conventions used throughout this book.
CodeInText: Indicates code fragments, folder names, filenames, file extensions, and
pathnames. Here are two examples:
Bold: Indicates a tool, an app, or an important word that you see on screen. For
example, words in menus or dialog boxes appear in the text like this. Here is an
example: "Select Edit from the File menu."
[4]
Preface
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, mention the
book title in the subject of your message and email us at
customercare@packtpub.com.
Errata: Although we have taken every care to ensure our content's accuracy, mistakes
do happen. If you have found a mistake in this book, we would be grateful if you
would report this to us. Please visit www.packtpub.com/support/errata, selecting
your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the internet,
we would be grateful if you would provide us with the location address or website
name. Please contact us at copyright@packt.com with a link to the material.
If you are interested in becoming an author: If there is a topic that you have
expertise in, and you are interested in either writing or contributing to a book, please
visit authors.packtpub.com.
Reviews
Please leave a review. Once you have read and used this book, why not leave a
review on the site that you purchased it from? Potential readers can then see and use
your unbiased opinion to make purchase decisions, we at Packt can understand what
you think about our products, and our authors can see your feedback on their book.
Thank you!
[5]
1
Overview of the macOS
System, Architecture, and
Features
Exploring the macOS operating system, its architecture and features, and the industry
standards it uses is essential to understanding what sets macOS apart from other
leading operating systems, and places you in a better position to help users with their
support questions or problems.
In this first chapter, you will explore the fundamentals of the macOS system and
architecture. Also, you will see the general features, as well as the newest features,
apps, and enhancements, introduced to macOS in the latest version releases at the
time of the publication of this book.
Before we start, let's see the technical requirements for this chapter.
Overview of the macOS System, Architecture, and Features Chapter 1
Technical requirements
To proceed with this chapter, you will need the following:
So, let's jump right into the technical aspects of the system.
macOS is built on the foundation of the 64-bit Mach kernel, which manages processor
resources, memory, and other low-level processes. There is a modified version of the
BSD (Berkeley Software Distribution) operating system on top of the kernel, which
provides interfaces to interact with the lower-level processes. In general, the higher
layers include lower-level technologies for app behavior, and the lower layers include
more specialized technologies.
Perhaps the best way to visualize this is through a graphic. In Figure 1.1, you can see a
representation of this layered architecture and the scope of each layer:
[7]
Overview of the macOS System, Architecture, and Features Chapter 1
Cocoa application layer: This layer is where the macOS appearance, user
interface, and behavior components are located, including all the features
related to the user experience, such as notifications, Siri, Spotlight, and
many more.
Graphics and Media layer: Here are the technologies responsible for 2D
and 3D graphics, animations, image effects, and audio and video
functionalities. Most recently, advanced 3D graphics are possible, thanks to
the introduction of the Metal framework and API. The Metal framework is
an advanced technology designed for the highest performance of graphics
and computation from GPUs and eGPUs (external GPUs) for amazingly
realistic 3D rendering (even live). This technology works great with
development platforms such as Unity, for example.
Core Services layer: This layer provides the essential services required by
apps not related to the user interface. It's where you will find iCloud
storage services, MapKit for embedding maps into your views and
windows, speech recognition technologies, and much more. More recently,
machine learning and model training functionalities have been added
through a new Apple technology called Create ML, which works best in
combination with Swift to create powerful apps.
[8]
Overview of the macOS System, Architecture, and Features Chapter 1
In Figure 1.2, you can see the specific features each layer is responsible for in more
detail:
[9]
Overview of the macOS System, Architecture, and Features Chapter 1
If you would like to learn more about the Mac technologies behind
macOS, you can visit the Developer site's archive (https://
developer.apple.com/library/archive) and also the new API
reference documentation (https://developer.apple.com/
documentation).
Now that you have a general idea of what lies behind the macOS architecture, let's see
what this means in terms of features and capabilities.
Mac App Store: It is one of the largest marketplaces for apps specifically
designed for the Mac computers. Most of the apps you will ever need can
be found here. It is a safe and convenient way to download apps without
the need for passwords or activation procedures. Apple's team recently
redesigned it, and we will be covering it in more detail in Chapter 10,
Managing Apps and Documents.
Built-in apps: These are essential apps that allow you to be productive
from day one. They are built into macOS, bundled with the installer, and
require no additional licenses. Examples of these apps are Mail, Messages,
Reminders, Safari, Notes, and Contacts. We discuss many of the new and
advanced features of these apps in Chapter 13, Using macOS Network
Services.
[ 10 ]
Overview of the macOS System, Architecture, and Features Chapter 1
In the next section, we will see the newest features introduced in the latest macOS
releases.
[ 11 ]
Overview of the macOS System, Architecture, and Features Chapter 1
Let's start with the latest version launched as of the publication of this book: macOS
Big Sur.
These are some of the features presented by Apple at the WWDC 2020:
Optimized for the M1 chip: macOS Big Sur is designed for the advanced
power, efficiency, and performance that are offered with the new Macs
with the M1 chip, including hardware-verified secure boot and high-
performance encryption. Apple will be transitioning all its new Mac
machines to this new chip, specifically designed by Apple for Mac. If you
want to learn more about the M1 chip, as well as details of which Mac
computers include it currently, follow this link: https://www.apple.com/
mac/m1/.
Improved look: The user interface has been fully improved with a more
modern and refined look with more features at the tips of your fingers. The
Dock has a new floating and translucent design, the top menu bar is also
translucent instead of the typical gray, there's a Control Center that offers
quick access to frequently accessed features, and notifications now appear
grouped.
[ 12 ]
Overview of the macOS System, Architecture, and Features Chapter 1
Control Center: This is a new feature accessible through the top menu bar,
which by default includes quick access to Wi-Fi, Bluetooth, AirDrop, Do
Not Disturb, Keyboard Brightness, Display, volume settings, and more
(Figure 1.3). You can customize it to include or exclude settings appropriate
to your activities:
[ 13 ]
Overview of the macOS System, Architecture, and Features Chapter 1
Battery preferences: This new preferences pane replaces the Energy Saver
preferences, and it includes a section on battery usage history, optimized
charging settings, and even scheduling in Mac laptops (Figure 1.4):
[ 14 ]
Overview of the macOS System, Architecture, and Features Chapter 1
Safari: macOS' web browser also has lots of new features. The start page
has been improved to be customizable and to show what you want to
show, and you are now able to set custom background images. A new
privacy button in the toolbar allows you to see what information the
websites you are visiting are tracking and collecting. There is also a new
translation button in the address bar that allows you to translate a web
page to seven major languages easily. Safari tabs now show you a preview
of the open pages in those tabs when you hover over them. Also important
is that Safari extensions are now available through the App Store:
App Store: The App Store now includes a dedicated category for Safari
extensions. It also provides information on the privacy practices of the apps
you want to download so that you know exactly what to expect.
App improvements: Apps such as Messages, Maps, Weather, Reminders,
and Notes have also been significantly improved in look and added
functionalities, such as effects in Messages (Figure 1.6):
[ 15 ]
Overview of the macOS System, Architecture, and Features Chapter 1
These are just some of the new features introduced by Apple in macOS 11, Big Sur.
There are many more improvements that you can explore at your own pace.
For a full list of new features in macOS Big Sur, you can visit
this link: https://www.apple.com/macos/big-sur/.
In the next section, we will explore the features introduced in the previous version of
macOS: Catalina.
[ 16 ]
Overview of the macOS System, Architecture, and Features Chapter 1
New music, TV, and podcast apps: Perhaps the most significant change in
macOS Catalina was that now there are three dedicated apps specifically
for all the user's entertainment needs: Apple Music, Apple TV, and Apple
Podcasts (Figure 1.7). They replace the well-known iTunes, so it was a big
change. If you would like to see how the switch from iTunes to the new
apps impacts users, you can check out the following article about the
changes to iTunes (https://support.apple.com/en-us/HT210200):
The Apple Music app is where you can now organize the music you had in
iTunes by artist, album, and song, as well as other useful categories. You
can subscribe to the paid service to access the entire music catalog, or you
can use it for free to listen to your previously purchased music. You can
also listen to Apple's free radio station, Music 1, or tune in to local radio
stations. You can check which countries the service is available in at this
link: https://support.apple.com/en-us/HT204956.
The Apple TV app is where you can watch, buy, or rent movies and TV
shows. Here, you will also find popular streaming services and cable TV
providers.
In the Podcasts app, you can listen to your favorite podcasts, subscribe to
shows, download episodes, and more.
Apple Arcade: This an "all-you-can-play" subscription service with access
to up to six family members through Family Sharing (covered in Chapter
10, Managing Apps and Documents).
Photos: This app was redesigned to bring you a smarter experience for
browsing, highlighting important milestones, and showing your best shots.
[ 17 ]
Overview of the macOS System, Architecture, and Features Chapter 1
Notes: The gallery view was redesigned to help you find your notes
quicker and more easily. You can use folders to share your notes with
others, and a checklist option lets you mark notes as completed, as well as
move those you don't need anymore to the end of the list.
Reminders: This app was also redesigned to make it easier to manage
reminders. Additional capabilities were added as well, such as the option
to add attachments.
Sidecar: This is a new feature introduced in macOS Catalina, which allows
you to extend or mirror your screen using an iPad as your second display.
This feature works well with Apple Pencil, a precision pencil for drawing
and marking (for newer versions of the iPad).
Screen Time: This new app, also introduced in macOS Catalina, allows you
to monitor and schedule screen usage (Figure 1.8). In combination with
the Family Sharing feature, it enables you to set limits to your family
members' communication activities. We cover Family Sharing in Chapter
10, Managing Apps and Documents:
[ 18 ]
Overview of the macOS System, Architecture, and Features Chapter 1
Find My: This feature replaces Find My Mac. The difference is that it
combines Find My iPhone and Find My Friends into a single app that
works on Mac, iPad, and iPhone.
Voice Control: This feature offers advanced capabilities for voice-activated
tasks, such as app navigation through numbered labels and verbal
commands for more accessibility possibilities. In fact, Voice Control allows
you to fully control your Mac with your voice.
Safari: Safety and privacy enhancements were introduced to Safari. Also,
the start page now includes your favorite bookmarks, reading lists, iCloud
tabs, and more.
Sign in with Apple allows you to sign in to participating apps and
websites using your Apple ID. You can learn more about this feature and
the requirements to use it in this article: https://support.apple.com/en-
us/HT210318.
The introduction of Mac Catalyst, a set of tools and APIs, is a big deal for
developers as it helps them bring their iPad apps to the Mac natively and
seamlessly. You can find more information on Mac Catalyst here: https://
developer.apple.com/design/human-interface-guidelines/ios/
overview/ipad-apps-for-mac/.
Dark Mode: Apple introduced this feature in macOS Mojave. In macOS
Catalina, there is an additional option when configuring dark mode, the
Auto mode, which switches between light and dark mode automatically.
These appearance modes are available from the General preferences, which
you can access from the Apple menu ( ) by selecting System Preferences,
as seen in Figure 1.9:
[ 19 ]
Overview of the macOS System, Architecture, and Features Chapter 1
Apple's macOS team introduced the following security and privacy enhancements
in macOS Catalina:
If you would like to see an overview of the macOS features directly from your own
Mac, be sure to check out the next section.
[ 20 ]
Overview of the macOS System, Architecture, and Features Chapter 1
Touring macOS
You can take a guided tour of macOS through the Finder to learn more about what's
new, learn about the basics (if you are new to Mac), and obtain information on your
MacBook Pro if you own one.
You can do that by clicking on the notification popup that will appear after installing
macOS ( Figure 1.10):
If you don't see the notification, just go to the Help menu in the Finder top menu and
select one of the options, such as See what's new in macOS. You will then see a
screen such as the one in Figure 1.11 that will start the guided tour:
Now that you have a pretty good idea of the new features in your Mac, let's review
the version history that brought macOS to where it is today.
[ 21 ]
Overview of the macOS System, Architecture, and Features Chapter 1
OS X El Capitan 10.11.6
OS X Yosemite 10.10.5
OS X Mavericks 10.9.5
OS X Lion 10.7.5
Visit this page to verify the latest macOS versions available: https:/
/support.apple.com/en-us/HT201260.
We are now familiar with the versions that led us to where macOS is today, as well as
the new features introduced in the latest versions. But you might be wondering how
these features, or macOS for that matter, are different from other leading operating
systems. Let's explore this question in the following section.
[ 22 ]
Overview of the macOS System, Architecture, and Features Chapter 1
Apps: macOS includes a variety of apps, bundled with the macOS installer,
that have essential productivity functionalities, such as Mail, the Safari
browser, Notes, Reminders, Contacts, and Messages. In addition, in the
App Store, you will find thousands of apps, many of them free, including
an entire productivity suite that can easily replace any other office suite. Of
course, we are talking about the iWork suite with its Pages, Numbers, and
Keynote apps. Apple was a pioneer in this type of app management and
integration with an operating system as well. In fact, the App Store remains
one of the largest application marketplaces around. And with more than 20
million developers reported by Apple (WWDC 2018 Keynote), the variety
and flavors of apps will only continue to grow and diversify.
Boot Camp: While you can install macOS on your PC, something that
is known in the community as a Hackintosh, the process is long and
involves many steps and third-party tools. That aside from the fact that
Apple does not authorize its operating system to be installed on machines
other than Mac computers. On the other hand, installing a Windows
operating system on a Mac is easy and quick, thanks to a macOS built-in
utility called Boot Camp. The Boot Camp Assistant makes the process
painless and quick.
[ 23 ]
Overview of the macOS System, Architecture, and Features Chapter 1
macOS is a unique operating system but, at the same time, it has embraced industry
standards in its design to make it easy for users to configure and integrate with other
systems. In the next section, we describe some of those standards.
Multicast DNS
mDNS is a technology developed to facilitate IP networking configuration. It's related
to a concept you have probably already heard of: zero-configuration networking, or
zeroconf. We know zeroconf in Mac as the Bonjour protocol created by Apple to
facilitate device configuration for local networks.
The Internet Engineering Task Force (IETF) maintains the mDNS standard. The
technical definition of mDNS, as stated in IETF's RFC document, is the
following: "Clients performing DNS-like queries for DNS-like resource records by
sending DNS-like UDP query and response messages over IP Multicast to UDP port
5353."
[ 24 ]
Overview of the macOS System, Architecture, and Features Chapter 1
While that might sound like a mouthful, what's important about this technology is
that it allows three significant advantages:
In other words, Bonjour in Mac computers uses mDNS to perform DNS-like queries
in the absence of a Unicast DNS server. What this means is that users will not have to
worry about setting up a networking configuration on their Mac machines.
Take into account that there are some security concerns with the use of mDNS. We
will discuss those risks and address how to reduce them in Chapter 15, Managing
Security in macOS, of this book.
Another tool used by macOS is the Swift programming language, which is what we
will see next.
Swift
Swift is the programming language embraced by developers to create apps for
macOS, iOS, watchOS, and more. What's important about Swift is that it is developed
openly by a large community of developers. The claim is that Swift makes it easier to
write code for apps that are faster and safer.
It produces clean code. It uses a clean and intuitive syntax that is easier to
read, understand, and maintain.
Its design takes security into account. For example, it eliminates entire
classes of unsafe code.
[ 25 ]
Overview of the macOS System, Architecture, and Features Chapter 1
Swift was conceived from the beginning to be fast. One of the ways it
achieves this is through the use of the LLVM compiler technology. The
LLVM Project, which started as a research project at the University of
Illinois, is a collection of modular and reusable compiler and toolchain
technologies (https://llvm.org/), which makes it possible to transform
Swift code into optimized native code.
Cross-platform compatibility. Swift can be used to program all Apple
platforms: iOS, macOS, watchOS, and tvOS. It is also compatible with
Linux, and the community is working to make it available on even more
platforms.
It's free. Because it's open source, it has no cost.
And with this review of the industry standards used by macOS, we have reached the
end of this first chapter, which introduced you to the exciting world of macOS. Be
sure to read the following summary for a recap of the main points covered here.
Summary
Now that you have completed this chapter, you can describe the generalities of
macOS, and you are also aware of the new features introduced in the latest macOS
versions. Also, you know the fundamentals of the macOS architecture and what each
layer of its design is responsible for. This information is essential for you to
understand how Macs and macOS are different from other industry-leading products,
as well as their capabilities and features. This information enables you to explain
those features and differences to other users, to whom perhaps you will be providing
support.
In the next chapter, we will move on to the practical aspects of managing macOS,
starting with the essential tasks of installing and configuring macOS.
[ 26 ]
2
Installing and Configuring
macOS
Installing, configuring, and updating macOS are perhaps some of the most common
and essential tasks you will encounter in your job as a support professional or an
administrator. It all starts with installing the macOS system or updating it if you
already have it installed. Following installation, the configuration of macOS is the
next important task required to personalize the user's experience.
In this chapter, you will learn how to install, update, upgrade, and reinstall macOS, as
well as how to perform the necessary checks, and the requirements to do so. Next,
you will see how to configure the macOS installation and adjust the settings post-
installation. You will also learn how to do other practical tasks, including creating an
installer for specific cases such as clean installations. As mentioned earlier, the tasks
related to installation you will see in this chapter are probably what you will
encounter more frequently when supporting users. Therefore, the information and
examples provided here will help you master all the possible installation scenarios.
Installing and Configuring macOS Chapter 2
Installing macOS
Upgrading macOS
Reinstalling macOS
Updating macOS
Configuring macOS
Before we start, let's see the technical requirements for this chapter.
Technical requirements
For this chapter, you will require the following:
Before performing the tasks assigned in this chapter, it is essential to be aware of the
system and hardware requirements regarding the installation of macOS. Here, we
detail the requirements for the most recent versions of macOS.
System requirements:
[ 28 ]
Installing and Configuring macOS Chapter 2
Hardware requirements:
System requirements:
Hardware requirements:
[ 29 ]
Installing and Configuring macOS Chapter 2
Next, we'll explain how you can check your Mac model and other important details to
verify whether your machine meets the aforementioned requirements.
Once in the About This Mac window, make sure the Overview tab is selected. As
you can see in Figure 2.2, this is a MacBook Pro (15-inch, 2018); hence, it is compatible
with the current system requirements for installing macOS Big Sur. However, the
memory is insufficient, so we will have to fix that before proceeding:
[ 30 ]
Installing and Configuring macOS Chapter 2
Another useful way to verify exactly which Mac model you have is by going
to https://support.apple.com/specs and entering your Mac serial number in the
search box (Figure 2.3):
[ 31 ]
Installing and Configuring macOS Chapter 2
After entering the serial number in the search box, click on the Search button, and
you will obtain a result (marked in red in Figure 2.3), which already shows you some
very useful information. However, if you click anywhere on that result, you will see
even more detailed specifications relating to your Mac model (Figure 2.4):
[ 32 ]
Installing and Configuring macOS Chapter 2
As you can see, you will not only find out when your Mac was brought to the market,
but also its storage capacity, the type of graphics card, and much more.
Now that we know whether our machine meets the requirements for
installing macOS Big Sur, and after fixing any requirements that were not met, we can
do so. We will explain the steps in the next section.
Installing macOS
In this section, we will discuss the process of installing the operating system, which is
normally done through an upgrade or a reinstallation. Typically, installing the latest
macOS version will be an upgrade process, with no loss of data or user settings. On
the other hand, a reinstallation can be performed both with or without data loss.
However, there are important details to take into account before performing any of
those procedures.
Before installing, upgrading, or reinstalling macOS, you should verify the following:
Take into account the fact that you require administrator privileges
to perform an upgrade or reinstallation.
Once you have taken the above recommendations into account, you will be ready to
upgrade or reinstall. We will see how to upgrade in the next section.
[ 33 ]
Installing and Configuring macOS Chapter 2
Upgrading macOS
An upgrade will install the next major version of the OS. For example, if you are
running OS X Mavericks, an upgrade will install the latest major release, such as
Mojave or Catalina, and there will be no loss of data or user settings.
Automatic upgrades
You can configure upgrades to download automatically in the background through
System Preferences for the OS or the App Store preferences (available from macOS X
El Capitan and later) for apps.
1. Open the System Preferences screen. You can access System Preferences
from the Apple menu ( ) at the top left of your screen or through the gear
icon, , in the Dock.
2. In System Preferences, click on the Software Update icon, as shown in
Figure 2.5:
[ 34 ]
Installing and Configuring macOS Chapter 2
[ 35 ]
Installing and Configuring macOS Chapter 2
4. Make sure the Check for updates and Download new updates when
available options are selected, as shown in the following screenshot:
5. With this configuration, you will see a notification indicating that a macOS
upgrade is ready to be installed. This is because you need to check
compatibility and other requirements prior to upgrading to a major
version. Therefore, the upgrade won't be done until you click
the Install button (Figure 2.8). On the other hand, you can program updates
to the currently installed version at a later time by clicking Later or
immediately by clicking on the Install button:
6. If you want the system to verify the requirements on its own and attempt
to install macOS updates/upgrades, then you should check the other two
boxes (Figure 2.9). However, this is not recommended since this prevents
you from checking whether all your software is ready for the update, and it
can render certain apps incompatible with the new update/upgrade:
[ 36 ]
Installing and Configuring macOS Chapter 2
Manual upgrades
You can always verify whether upgrades are available through the App Store and
install them manually. We will see how that works in macOS Catalina and macOS Big
Sur next.
[ 37 ]
Installing and Configuring macOS Chapter 2
3. In Figure 2.10, we used the search box to locate the macOS Big Sur installer.
Click on the installer name or the VIEW button to enter the details page:
Figure 2.10 – Searching for the macOS installer in the App Store
4. Once on the details page, click the GET button to download the installer, as
shown in the following screenshot:
[ 38 ]
Installing and Configuring macOS Chapter 2
5. This action will open the Software Update tool and ask you whether you
want to download the upgrade. As soon as you click on the Download
button (Figure 2.12), the download will start, and you can monitor its
progress:
6. Once the download is complete, you will see an Upgrade Now button.
Click on it to start the process.
[ 39 ]
Installing and Configuring macOS Chapter 2
7. Then, the installer will open automatically, as can be seen in the following
screenshot:
Note: If you expect to do more installations, it's a good idea to save a copy
of the installer in another location. The installer will be downloaded by
default into the Applications folder, but it will be removed as soon as
your installation is complete. If you don't save a copy elsewhere and later
need to reinstall or create a bootable disk, you will have to download it
again. To save a copy, just go to the Applications folder before initiating
the installation (Figure 2.14), and then copy the installer into another
location. Also, take into account that installers have an expiration date, so if
using an old installer you saved doesn't work, chances are it has probably
expired, and you will need to acquire a new copy.
[ 40 ]
Installing and Configuring macOS Chapter 2
8. Navigate back to the installer and then click Continue (Figure 2.13) to
initiate the installation.
9. Accept the Software License Agreement.
10. You will see the window to select the destination volume for the
installation. If you only have the default volume available (usually named
Macintosh HD), only that volume will appear, which is the case for this
example (Figure 2.15), or you can click Show All Disks... to see more
available disk options. Select the volume and then click Install or
Continue:
If you wish to quit the installation at any point, you can click on
the Back button to return to the beginning of the process, and then
you will be able to click Quit from the top menu.
Before macOS High Sierra, your disk was probably formatted as Mac
OS Extended (Journaled). When upgrading to macOS High Sierra or
later, the installer will decide to automatically convert to the new
default Apple File System (APFS) if your hardware supports it.
[ 41 ]
Installing and Configuring macOS Chapter 2
11. You may see a warning about 32-bit apps not supported by macOS (most
likely to appear if you are upgrading to macOS Catalina). If that is the case,
take note of the incompatible software, if any, and then click Continue.
[ 42 ]
Installing and Configuring macOS Chapter 2
14. Once the installation is complete, you will see a login screen. Since we are
upgrading to macOS Big Sur in this example, you will see a screen similar
to the one shown in Figure 2.17:
15. Once you log in, you will be taken through a quick setup process. Take into
account the fact that the screens you see will depend on your current
configuration; for example, whether you have an Apple ID linked to your
account. We will see a complete setup process in the The Setup Assistant
process section at the end of the chapter.
And that's it! You now have the latest version of macOS. Let's now check the third
way to upgrade: through the internet.
[ 43 ]
Installing and Configuring macOS Chapter 2
Reinstalling macOS
The difference between an upgrade and a reinstallation is important. During an
upgrade of a Mac that already has a system installed, the next major version of the OS
will be installed. During a reinstallation, we are not limited to installing the next
major version, but any supported version can be installed really. Reinstallations can
be done with or without data loss, except in the case of a clean installation, which
requires the system volume to be erased.
When you have a Mac computer with an old OS installation or when the
OS is corrupted.
When you have just purchased a Mac and want to start with a new, fresh
installation that will erase everything on the disk. This is also known as a
clean installation.
You are selling your Mac and want to erase all your data for security and
privacy purposes.
The internet
The macOS Recovery system
An external installer
In all the preceding cases, if you don't erase the disk, you can keep your
files and user settings intact.
The first option not only reinstalls macOS but also upgrades it to the latest
version compatible with your Mac.
Through the second and third options, you can also choose to erase the
disk and make a clean installation (erasing all volumes on your disk).
[ 44 ]
Installing and Configuring macOS Chapter 2
Using the first two methods is very easy and requires almost no intervention on your
part:
Heads up! This can take a while (depending on your internet connection), so be
patient.
Take into account that the commands described are not available for Macs with the
Apple M1 silicon chip. The procedure to use the Recovery for reinstallation with M1
Macs is described later in this chapter.
The third option requires more steps. We will explore this in detail in the next section.
[ 45 ]
Installing and Configuring macOS Chapter 2
Before we go through the steps of an actual reinstallation, let's take a look at the
Recovery system in more detail.
Install/Reinstall macOS.
Restore your system from a Time Machine backup.
Access the Disk Utility to repair or erase your volumes, and more.
Access the Online Help.
Perform additional advanced tasks.
[ 46 ]
Installing and Configuring macOS Chapter 2
Next, we will see the process of using the macOS Recovery system on a Mac with
macOS Catalina, and we will review the other options available as well.
Startup Disk
Startup Security Utility
Network Utility (macOS Catalina and earlier)
Terminal and Reset Password
[ 47 ]
Installing and Configuring macOS Chapter 2
Startup Disk
Startup Disk is accessed from the Apple menu ( ) in the macOS Recovery interface,
as shown in the following screenshot:
By choosing Startup Disk, you can specify which volume the computer will use to
boot from on the next restart (Figure 2.20):
You also have the option to restart the computer in Target Disk Mode... as seen in
Figure 2.20.
[ 48 ]
Installing and Configuring macOS Chapter 2
Network Utility
The Network Utility tool lets you use advanced network troubleshooting tools, such
as ping and traceroute. You can access this tool from the Utilities menu as well
(Figure 2.21). We will see the options available in this tool in detail
in Troubleshooting Tips. Take into account the fact that this utility has been
deprecated in macOS Big Sur.
This tool also includes an important feature that can only be used through Terminal:
the resetpassword command. When you use this command, you can reset any user
password, including the admin password. We will see more on
the resetpassword command in Chapter 5, Managing User Security and Privacy.
Now that we have seen what you can do with macOS Recovery, let's see how to
access it from macOS Big Sur.
[ 49 ]
Installing and Configuring macOS Chapter 2
The interface has been significantly redesigned, as you can see in Figure
2.22:
Security has also been tightened for this tool: you will need to authenticate
with a known admin account to access it.
The top menu now has the first menu option called Recovery instead of
macOS Utilities.
You won't find Network Utility anymore in the Utilities menu option
since it has been deprecated.
Macs with the T2 chip have extra security options in Startup Security
Utility in the Utilities menu. We will explore that in Chapter 15, Managing
Security in macOS.
Also, if you have a Mac with the M1 Apple Silicon chip, accessing the Recovery is a
bit different, and there are a few extra options in the menu. We'll explore that next.
[ 50 ]
Installing and Configuring macOS Chapter 2
Follow these steps to access macOS Recovery when using a Mac with the M1 chip:
1. Turn off your Mac and restart it while pressing and holding the Power
button until you see the startup options.
2. Select the icon with the name Options, and click Continue, as seen in
Figure 2.24:
[ 51 ]
Installing and Configuring macOS Chapter 2
The Recovery options are similar to those found in Catalina and Big Sur (Figure 2.22);
however, there are some differences:
The reinstall process is explained next, and it's very similar for all the latest versions
of macOS.
1. Ensure that you have checked the system and hardware requirements, as
well as the pre-verification steps, as explained in the Technical
requirements and Installing macOS sections earlier in this chapter.
2. Access the macOS Catalina Recovery interface as explained earlier.
3. At this point, if a firmware password has been set, you will be asked to
enter that password. If no firmware password is set, you will proceed to the
macOS Recovery interface (Figure 2.21).
4. In this example, macOS Recovery will reinstall the current version already
installed on this machine, which in this example is macOS Catalina. Select
the Reinstall macOS option and click Continue.
5. You will see the window to choose a language for the installation (Figure
2.25). Don't worry about the display language. You can easily change it
in System Preferences post-installation:
[ 52 ]
Installing and Configuring macOS Chapter 2
6. The installer will open (Figure 2.26). Click Continue to proceed with the
installation:
[ 53 ]
Installing and Configuring macOS Chapter 2
In the next section, we will see a reinstallation with macOS Big Sur Recovery.
[ 54 ]
Installing and Configuring macOS Chapter 2
5. Read and accept the terms of the software license agreement. Click Agree
at the prompt to continue.
6. Select the volume you want to reinstall and click Continue. The default will
be Macintosh HD.
7. The installation will start, and you will see a progress bar that will allow
you to monitor the process. Beware that this can take a long time.
8. Your Mac will probably reboot several times, and you will see the Apple
logo with a progress bar. This is normal. Don't turn off the machine or stop
the process.
9. When finished, you will see the login window appear. Log in as usual.
10. That's it! The next steps relate to the setup process, which we explore in the
section on The Setup Assistant process, at the end of the chapter.
We have just covered the steps required to perform a reinstallation without data loss.
In the next section, we will look at the steps associated with a clean installation.
[ 55 ]
Installing and Configuring macOS Chapter 2
1. Make sure you have checked the system and hardware requirements, as
well as the pre-verification steps, as explained in the Technical
requirements and Installing macOS sections earlier in this chapter.
2. Access macOS Recovery, as indicated previously for your corresponding
macOS version.
3. In the Recovery interface (Figure 2.22), select the Disk Utility option.
4. In Disk Utility, select View | Show All Devices from the top-left menu, as
shown in the following screenshot, to see not only the volumes but all the
devices:
[ 56 ]
Installing and Configuring macOS Chapter 2
5. From the sidebar in Disk Utility, select the disk or volume to erase. This is
the volume where you will install macOS, usually with the name of
Macintosh HD. For example, in Figure 2.28, Apple SSD macOS... is the
disk, Container disk4 is a container on that disk, and Macintosh HD is a
volume in that container. In most cases, selecting the system volume
(Macintosh HD) would be enough. But in some cases, you might want to
select the whole disk if you want to make sure that everything is fully
wiped out from the disk so that the installer recreates a clean boot disk
structure and volume group. However, bear in mind that this action will
also erase the Recovery volume, and the only methods you will have left to
reinstall your machine are through the internet recovery procedure
described earlier or through an external installer, provided that your
machine is configured to accept booting from external devices (a setting
configured in advance in Startup Security Utility).
[ 57 ]
Installing and Configuring macOS Chapter 2
7. After clicking Erase, you will see a pop-up window where you need to
enter the following information:
Name: I would keep Macintosh HD, the default name for the system
volume, for simplicity, but you can name it anything you want. If you
decide to change it, be sure to use an adequate name to identify the system
volume easily.
Format: Choose APFS (default) or Mac OS Extended (Journaled) if you
require compatibility with Mac computers using macOS 10.12 or
earlier. Disk Utility will show a compatible format by default.
Scheme: If it shows as an option, choose GUID Partition Map.
8. Once that information is configured, you can go ahead and click the Erase
Volume Group button. This will also erase the user data volume. If you
don't see this button, click Erase.
9. If you didn't erase the volume group, you should also erase the Macintosh
HD - Data volume, which is where the user information is stored. Ensure
you have a backup of that volume if you want to keep the data stored in
that volume. Repeat steps 7 and 8 for this volume.
10. Quit Disk Utility when done to go back to the macOS Recovery menu.
11. You can now install macOS on the disk or volume. Once in the Recovery
menu, follow the steps under How to perform a reinstallation for your
appropriate macOS version.
If for any reason, the installation process fails, you can attempt a
reinstallation through the internet recovery procedure by
pressing Shift + Option + Command + R at startup. For this process to
work, you require a good internet connection.
Once reinstallation has completed successfully, what comes next is the Setup
Assistant process. We will cover that process in detail later in this chapter, but before
that, we will see one last method of installation through the use of an external
installer.
[ 58 ]
Installing and Configuring macOS Chapter 2
The creation of a bootable installer, also known as installation media, has a number of
requirements that you should consider first:
It is also important to know that in order to use a bootable installer, you need
permission to boot from an external media in the machine you want to reinstall. On
newer Mac systems, the default setting in Startup Security Utility is to disallow
booting from external or removable media. Therefore, this setting must be changed in
advance. You can learn more about Startup Security Utility in Chapter 15, Managing
Security in macOS.
1. You should first format the external volume you will be using.
2. Next, you will need to download a macOS installer; typically, from the App
Store.
3. Then, you will have to use the createinstallmedia command in
Terminal.
4. Finally, it's always a good idea to test the installer before using it.
The steps involved in each of these mandatory tasks are detailed here.
[ 59 ]
Installing and Configuring macOS Chapter 2
2. Plug the external disk/USB into your computer if this has not been done
already.
3. In the sidebar, look for the disk you inserted, and be sure to select the
device entry and not the volume below it. In the following example, we
have an old USB with a macOS Mojave installer, and we want to create a
new installer with a newer version of macOS, for example, macOS Big Sur.
Therefore, we will erase the current installer so as to create a new one.
Select the USB in the left-hand panel (Figure 2.30):
[ 60 ]
Installing and Configuring macOS Chapter 2
4. Click the Erase button in the toolbar at the top (Figure 2.30).
5. You will then see a prompt to enter a name, a format, and, if available, a
scheme, as shown in the following screenshot. Give the disk a descriptive
name (for this example, we will call it MyVolume), and choose Mac OS
Extended (Journaled) as the format. Next, select GUID Partition Map as
the scheme, if it's shown as an option. When ready, click the Erase button
(Figure 2.31):
6. The process will start, and you will be able to monitor its progress. You can
also see more details by expanding Show Details, as seen in Figure 2.32.
[ 61 ]
Installing and Configuring macOS Chapter 2
7. When the erase process is complete, you will see a green checkmark (refer
to the following screenshot). At that point, you can click on Done and quit
Disk Utility to proceed with the next steps:
Now that the volume is prepared, let's move on to the next step for creating our
bootable installer: downloading the installer.
If you download the installer from the App Store, it will open as soon as it
finishes downloading. When that happens, just quit the installer.
An installer downloaded from the App Store would normally be saved in
the Applications folder with a name such as Install macOS Big Sur.
If you have already used the installer, it will probably be gone unless you
saved it to another location before using it. In this case, you will need to
download it again.
Also, you should know that installers have an expiration date. So if you
cannot install with an old installer you saved, chances are it has probably
expired, and you will need to download a new copy.
[ 62 ]
Installing and Configuring macOS Chapter 2
Now that we have the installer we will use for this install media, let's move on to the
next step.
The exact name and location of the media you will be using as a bootable
installer
The exact location of the macOS installer
2. Type or paste the following command in Terminal. Note that this example
assumes that the installer is in the Applications folder and
that MyVolume is the name of the USB or volume we're using to create this
bootable installer. Replace those variables, if necessary:
sudo /Applications/Install\ macOS\ Big\
Sur.app/Contents/Resources/createinstallmedia --volume
/Volumes/MyVolume
3. Press Return.
[ 63 ]
Installing and Configuring macOS Chapter 2
4. When asked, type your administrator password and press Return. Bear in
mind that Terminal won't show anything while you type your password,
which is expected (Figure 2.34):
5. When prompted, type Y to confirm that you want to erase the volume and
press Return. The process will start, and you will be able to see the progress
in the Terminal output.
6. In macOS Big Sur, you might be asked for permission to access files on a
removable volume. Just click OK. This process can take several minutes.
Please be patient and don't close the Terminal window.
7. When completed, you will see an output similar to that shown in Figure
2.35:
8. The created installation media will have the same name as the installer you
downloaded (for example, Install macOS Big Sur).
[ 64 ]
Installing and Configuring macOS Chapter 2
Now that we have created our bootable installer, it's time to test it and use it.
1. Eject the disk you created if you will be testing it on another computer.
2. Turn off the computer you will be using to test and insert the bootable disk.
3. Restart the computer and hold down the Option key as soon as it starts up.
4. You will see the available startup volumes, including the USB install media
icon, which should show the name of the installer you used; for example,
Install macOS BigSur.
5. At this point, if you're not ready to reinstall, just quit or restart the
computer. If you'd like to proceed with the installation of the operating
system, you may do so by selecting the bootable disk and continuing with
the installation process, which is similar to what we have seen already in
the reinstallation process.
1. Make sure that you have verified the system and hardware requirements,
as well as completing pre-verification steps.
2. Insert the bootable disk into a Mac that is connected to the internet.
3. Turn on your Mac and keep the Power button pressed until you see the
startup options window (Figure 2.24). This will show any bootable volumes
and an Options icon.
4. At this point, if you're not ready to reinstall, just quit or restart the
computer. If you'd like to proceed with the installation of the Operating
System, select the bootable disk and continue with the installation process,
which is similar to what we have seen already in the reinstallation process.
[ 65 ]
Installing and Configuring macOS Chapter 2
Once macOS is installed on your Mac, you will see the Setup Assistant, which will
guide you through the initial configuration process. We will detail this process later
in this chapter.
Updating macOS
An update performs an incremental installation on macOS. In this case, the version of
the OS will not change; only updates to the current version will be applied (for
instance, an update of macOS Catalina 10.15.3 to macOS Catalina 10.15.4). These are
usually system/security and software updates.
Software updates
System updates
Firmware updates
Software updates
Software updates will normally refer to updates of macOS (minor versions) and
software included with macOS. By default, an Updates Available notification, like
the one in Figure 2.36, will show when software updates are ready to be installed. You
will also know whether an app update is available through a red badge with a
number in the App Store icon in the Dock:
You can simply click on Restart to apply the updates or choose a Later time.
If these notifications are annoying to you, you can disable them. We will explain how
in the next section.
[ 66 ]
Installing and Configuring macOS Chapter 2
These settings are configured in System Preferences, but there are other related
settings in the App Store preferences. We will see these next.
[ 67 ]
Installing and Configuring macOS Chapter 2
1. Go to the App Store menu by clicking its icon, , in the Dock or from the
Applications folder.
2. Select Preferences from the App Store menu, as shown in Figure 2.38:
[ 68 ]
Installing and Configuring macOS Chapter 2
Bear in mind that if the Automatic Updates option is activated, the system attempts
to update the following software:
You can also verify whether updates are available and apply them manually, as we
will see in the next section.
1. Open the App Store and click on the Updates tab. In macOS Mojave and
later, you can access Updates from the side menu in the redesigned App
Store, as seen in Figure 2.40:
2. Next, click the Update All button (Figure 2.40) to install all available
updates or click the individual UPDATE buttons to update just the
elements you want to. Take into account that in order to update a
purchased app, you need to be signed in with the Apple ID used to acquire
the app initially in order to apply any available updates.
[ 69 ]
Installing and Configuring macOS Chapter 2
In this section, we have seen how to do software updates. The second type of update
is the system type, and we will look at it next.
System updates
System updates are system data files and security updates. These updates include the
following:
The same type of notification as shown earlier, in Figure 2.36 will appear for system
updates, but with the System Preferences icon instead of the App Store icon. Clicking
on Install will take you to the Software Update window.
Because of the importance of these updates, you should make sure that your system is
updated at all times and that system background updates are done automatically.
[ 70 ]
Installing and Configuring macOS Chapter 2
5. Back in the Software Update window (Figure 2.41), if there are any updates
available, you will be able to click Update Now or close the window to do
it later. If you click on More Info..., you will see a window like the one in
Figure 2.43 with more details on the available update. You can also
choose Install Now from this window or Cancel Scheduled Updates:
[ 71 ]
Installing and Configuring macOS Chapter 2
Another way to know whether you have updates ready to install is through the Dock.
You will see a red badge with a number on the System Preferences icon (Figure 2.44)
in the Dock to indicate the number of system updates available:
The third type of update is the firmware type. Let's explore this next.
Firmware updates
Firmware refers to computer chips with data and programs on them. These are
included when the computer is manufactured. They tell the computer how to perform
tasks. Therefore, keeping the firmware up to date is a best practice for optimized
performance, compatibility, and security. Otherwise, you could encounter problems
when installing, upgrading, or updating the operating system. In particular, you
should update your firmware after updating or before reinstalling macOS.
[ 72 ]
Installing and Configuring macOS Chapter 2
Also, bear in mind that on a Mac with the Apple M1 silicon chip, the firmware update
may fail. We will see what we can do in that case in Troubleshooting Tips.
With this information, we have reached the end of this section on updating macOS,
including software, system, and firmware updates. In the next section, we will see the
process that takes place after installing/reinstalling a Mac: configuring the installation.
[ 73 ]
Installing and Configuring macOS Chapter 2
Right after the installation is complete, the Setup Assistant process will initiate. These
are the screens you will see in the case of a clean installation of macOS Big Sur
through the Recovery system (the screens you see may vary depending on the OS
version installed):
2. Next, you will see the Written and Spoken Languages configuration
screen. Click Customize Settings to set up your written and spoken
languages, or click Continue to accept the default options (Figure 2.46). For
this example, we will click Continue:
[ 74 ]
Installing and Configuring macOS Chapter 2
3. Next, you will see the Accessibility options, which you can set up at this
moment. We will click Not Now to skip to the next screen (Figure 2.47):
4. You will now see a screen with important information regarding your data
and privacy. You can click on Learn More... if you want to see more details
about how your data and privacy are handled. When ready, click
Continue.
[ 75 ]
Installing and Configuring macOS Chapter 2
5. Next, you will have the option to transfer information to the Mac from
various sources, such as another Mac, a Time Machine backup, a startup
disk, or a Windows PC (Figure 2.48). Alternatively, you can choose not to
transfer any information at this time. For this installation, we will choose
Not Now to skip the transfer of information:
6. Next, you can choose to sign in with your Apple ID (Figure 2.49) so that you
can take advantage of other features, such as iCloud, iTunes, App Store,
and iMessage. If you don't have an Apple ID, you can create one at this
point as well. For this installation, we will choose Set Up Later. You will be
asked if you are sure you want to skip this step; click Skip to continue:
[ 76 ]
Installing and Configuring macOS Chapter 2
7. Now, you will be asked to agree to the Software License Agreement. Click
on Agree.
8. In the next step (Figure 2.50), you will need to create a user account and
password. This first account will have administration rights and will be the
main account (in other words, the administrator account). When ready,
click Continue:
9. Next, you will see the Express Set Up screen (Figure 2.51), which will
configure some features for you, including apps such as Maps and services
such as Find My. You can choose Customize Settings or click Continue to
proceed and accept the default configuration:
[ 77 ]
Installing and Configuring macOS Chapter 2
10. Next, you will be asked whether you want to share crash and usage data
with Apple. We will leave the default option and click Continue.
11. When upgrading/installing macOS Catalina and later, you will see a
window asking you to set up a new feature: Screen Time (Figure 2.52). You
can either click Set Up Later or Continue:
12. On the next screen, you will see the option to enable Siri, which is activated
by default. Click Continue to proceed:
[ 78 ]
Installing and Configuring macOS Chapter 2
13. You may be asked to select a language for Siri. When ready, click
Continue.
14. Next, you will be asked if you wish to share Siri data. You can select Share
Audio Recordings or Not Now.
15. Next, decide on a look. You can choose either the Light, Dark, or Auto
mode and click Continue (Figure 2.54):
[ 79 ]
Installing and Configuring macOS Chapter 2
16. And we are almost done. The setup will finish on the next screen.
17. When the setup is finished, you will see the macOS desktop.
And that's it! The installation/reinstallation and initial configuration are now
complete.
If you want to change a setting you configured during this initial configuration, you
can do so later on, and that is what we'll cover next.
Besides System Preferences, macOS offers another way to configure a system, and
this is through the use of configuration profiles. A configuration profile is a file with
the extension .mobileconfig that contains predefined system settings. A system or
network administrator most likely defines these settings.
Using this file is very straightforward. All you have to do is double-click on the
configuration profile file to open it, and macOS installs the profile and its settings.
These profiles are very useful when you need to configure many machines, especially
in an enterprise or large environment.
After the profile has been applied, you can manage it through the Profiles
preferences.
If you don't see the Profiles preferences pane, this is because you
haven't installed any. The option will appear once you install a
profile.
Apple has an app called Apple Configurator 2 that helps in the creation of
configuration profiles, among other features. You can learn more about it here
https://support.apple.com/guide/apple-configurator-2/welcome/mac.
[ 80 ]
Installing and Configuring macOS Chapter 2
iCloud is a secure cloud service where you can store files such as documents, photos,
videos, and much more. When you configure iCloud, your files remain updated
across your Apple devices. It also offers other key features that are only available
when you set up iCloud.
Cloud storage and communication services for apps (iCloud Drive, Photos,
Contacts, Calendars, Reminders, Safari, Siri, Notes, and Find My).
iCloud Keychain, a security tool that we will explore in Chapter
5, Managing User Security and Privacy.
Two-factor authentication is another feature that is used in combination
with the Apple ID to increase security. We will also see how to set this up
in Chapter 5, Managing User Security and Privacy.
You can also configure mail services automatically if you use an @mac.com,
@me.com, or @icloud.com domain.
You can access iCloud from your Apple devices, but also on the web,
at iCloud.com.
Allow for the fact that Apple devices might have different system
requirements or available geographic areas for iCloud. You can
check the details for your specific device or location in this
article: https://support.apple.com/HT204230.
To use iCloud, you need an Apple ID. The Apple ID is the personal account that
allows you to access Apple's products and services, such as the App Store, iTunes
Store, iMessage, and FaceTime, as well as Apple's storage service called iCloud. The
Apple ID is always an email address, and you need a password to use it.
You can create an Apple ID from your Apple device or on the Create
Your Apple ID web page (https://appleid.apple.com/account#!page=
create).
[ 81 ]
Installing and Configuring macOS Chapter 2
When you sign in to iCloud on your Mac and other Apple devices using the same
Apple ID, the changes you make to your files on one of the devices will sync with the
others, as well as on the iCloud.com web portal, accessible through any standard
browser on a Mac or Windows computer. For instance, a photo you add to Photos on
your Mac will automatically appear in the Photos app on iCloud.com, your iOS
devices, your Apple Watch, and your Apple TV.
Currently, iCloud offers 5 GB of free iCloud storage for each Apple ID account that
you have, but if you need more storage, there are also paid plans that offer more
storage space.
After you have set up iCloud, you can change or adjust the settings in the iCloud
preferences.
Figure 2.55 – Accessing iCloud preferences in macOS Catalina and Big Sur
[ 82 ]
Installing and Configuring macOS Chapter 2
Figure 2.56 – Accessing iCloud preferences in macOS Catalina and Big Sur
We will see more details on how to configure iCloud in Chapter 4, User Accounts
Management.
[ 83 ]
Installing and Configuring macOS Chapter 2
Summary
In this chapter, we have looked at all that relates to macOS installation and
configuration in great detail. You now know how to install, update, reinstall, and
configure macOS. You also know how to perform other useful related procedures,
such as verifying the system requirements and performing the necessary checks
before installation. You can also use the Recovery system, which allows you to
reinstall macOS, or use the Disk Utility feature to erase a disk or volume to prepare it
for a clean installation. You know how to create a bootable installer if you need to
install macOS on several machines or if you need a specific version of the OS. Finally,
you know how to proceed with the Setup Assistant, as well as how to undertake post-
installation configurations. You are now ready to install, upgrade, or reinstall any
available version of macOS for yourself or any user that might need your support.
Now that we have our system up and running, we will go on to the next chapter,
where we will discuss user management. You will learn about the types of users
available in macOS, as well as how to create them, manage them, and customize their
environment.
[ 84 ]
3
The Start Up Process
In this chapter, we will explore the start-up process on Mac computers running
macOS. Why is it important to explore this? Being familiar with the start up process is
important for troubleshooting and narrowing down potential issues. Many problems
that users face with their Mac computers occur during startup, and you need to know
what happens from the moment the computer is powered on until you see the
interface. If everything works as expected, a successful startup should take place.
Therefore, you will learn how to recognize the characteristic cues and sounds during
this process to identify where a problem might be happening.
In this chapter, you will learn how the start-up process unfolds, or, in other words,
how system initialization works in macOS. You will review the stages and the
visual/audio cues involved. You will also explore the battery and energy-saving
features available in macOS that can affect this process. Finally, start-up modes are
also very useful for troubleshooting as they can provide clues regarding the stage of
the process where an issue might be occurring; macOS offers Safe mode and other
modes to help you pinpoint potential issues.
Take into account that this chapter describes the Intel-based Mac startup process and
modes. Apple M1 silicon Macs startup modes are described in Troubleshooting
Tips.
Before we start, let's see the technical requirements for this chapter.
The Start Up Process Chapter 3
Technical requirements
The following will be required for this chapter:
The initialization stages can be distinguished as two larger processes, each with their
own smaller stages:
Let's take a look at the initialization stages in more detail, including what happens at
each stage in terms of visual and audible cues (including colors, icons, and sounds).
[ 86 ]
The Start Up Process Chapter 3
During this stage, and depending on the model of the device you are using, the
following happens:
When the Mac or, in other words, the firmware is first powered, the
memory and RAM are initialized. A black screen is the expected visual cue,
and there could be an audible cue as well. You will hear a chime sound if
your Mac is from 2016 and earlier and if audio is enabled. In macOS Big
Sur, sounds have been reintroduced; therefore, the familiar start up chime
is also audible.
A Power-On Self Test (known as POST) and a BootROM test are the first
processes that take place. The POST test verifies hardware functionality,
and the BootROM test verifies whether sufficient memory is available and
whether it is in a good state.
Booter
During this stage, the bootup process begins. The booter loads the kernel
environment and other drivers known as kernel extensions (KEXTs in macOS
Catalina and earlier) into the memory to allow the kernel to take over the system
during the next stage. Since macOS Catalina and later, KEXTs are being deprecated
and replaced by system extensions that run in userspace. Therefore, these extensions
are no longer loaded at the same time as the kernel.
The visual cue for the start of the bootup process is indicated by the Apple icon
appearing at the center of the main screen (Figure 3.1):
[ 87 ]
The Start Up Process Chapter 3
1. The Mac firmware launches the bootup process where the booter file,
specified in the start-up preferences (or Boot Camp in the case of a
Windows installation), is located.
2. If the boot EFI file is found, the Intel Extensible Firmware Interface
technology used by macOS tells your Mac where to locate the System
folder on the start up disk and starts the bootup process. An operating
system is selected through the localization of the start-up file in a specific
system volume.
3. If the booter file cannot be located, a flashing folder with a question mark
will appear instead of the Apple logo. In Troubleshooting Tips, we will
see what to do if this happens.
4. EFI then enables the Mac to start up from macOS, Windows, or any Intel-
compatible operating system.
5. After your Mac locates the system folder on the start up disk, a progress
bar (Figure 3.2) or a spinning wheel appears on a screen, which means the
Mac is reading files from the system folder. In some Mac models, startup
happens so quickly that the progress bar is missed:
When KEXTs are being used, and they are installed or modified, the system
automatically reveals the caches. So, whenever possible, cache files are used to speed
up the initialization process. The cache contains all kernel extensions that may be
needed to boot a Mac. Most of the cache files are located
here: /System/Library/Caches.
[ 88 ]
The Start Up Process Chapter 3
Cache files are ignored if you start up in Safe mode or if there's a problem with the
system. If the kernel environment fails to be loaded, a prohibitory icon appears
instead of the Apple icon. We will see in Troubleshooting Tips, what to do if this
happens. KEXTs are being deprecated since macOS Catalina. Therefore, this should
be less of a problem in the future. However, issues can arise with apps still using
KEXTs.
Bear in mind that if your Mac is configured to use a network disk, the process may
vary slightly since the booter and kernel caches have to be located and downloaded
from a net install service. This process is indicated by a small spinning globe icon
below the Apple icon. The globe icon is replaced by the standard progress bar once
the kernel has been successfully loaded from the net install service. After the booter
loads the kernel, it takes control of the start-up process, which is the next stage.
Kernel
During this stage, the kernel takes over the start-up process.
If the kernel, and consequently, the operating system, loading is successful, the
progress bar in the main display seen in Figure 3.2 will finish loading.
After it finishes loading, the non-kernel processes start, as we will see in the next
section.
System launchd
The first non-kernel process is started during the system launchd stage. The role of
this stage is to start up the macOS processes as a parent process and load the rest of
the system to complete initialization. During this stage, other secondary processes
and items are started as well.
[ 89 ]
The Start Up Process Chapter 3
The visual cue that tells you the process has been successful is seeing the login
window (Figure 3.3):
This process also manages the initialization of another process called loginwindow,
which is part of the user session stage. We will see this stage in the next section. But
first, let's see what happens with system initialization when FileVault is enabled.
FileVault initialization
Bear in mind that when FileVault is enabled, this stage unfolds differently in the
sense that the booter cannot be accessed until the user unlocks the encrypted system
disk. At the same time, the visual cues are different.
The visual cue that tells you FileVault is enabled, depending on the macOS version
you are using, is usually a gray screen (Figure 3.4):
[ 90 ]
The Start Up Process Chapter 3
Startup happens from the Recovery HD, where a special EFI booter shows an
authentication screen (Figure 3.5) instead of the normal process. You will first need to
enter the password to unlock the encrypted disk:
Only after the user has authenticated to unlock the system disk will EFI be able to
access the booter file and allow the process to continue. At this point, the user who
unlocked FileVault will be automatically logged in.
Once the launchd processes are performed correctly, either with or without FileVault,
the user session stages begin, which we will examine next.
[ 91 ]
The Start Up Process Chapter 3
loginwindow
launchd
user environment
loginwindow
During the loginwindow stage, which is owned by the root user, the login screen
appears. If this stage is successful, the loginwindow process, along with the launchd
process, will initialize the user interface. At this point, the users will be able to log in
to their accounts by entering the appropriate password.
As far as logging errors are concerned, you will find more information about how to
view logs in Troubleshooting Tips. For now, we will take a look at the logout,
shutdown, and restart processes.
[ 92 ]
The Start Up Process Chapter 3
Logout
Shutdown
Restart
You can choose to log out, shut down, or restart through the Apple ( ) menu (Figure
3.6):
Logging out is managed by the loginwindow process, which performs these actions:
[ 93 ]
The Start Up Process Chapter 3
Users can log out at any moment, but shutdown cannot occur without logging out
happening first. When shutdown is requested, loginwindow performs the following
actions:
It logs out all logged-in users. If there are users logged in simultaneously,
through a feature called Fast User Switching (covered in more detail in
Chapter 4, User Accounts Management), the system will ask the
administrator to authenticate so that shutdown can happen for all logged-
in users. Next, all users, applications, and background processes are quit as
well.
When all user sessions are closed,loginwindow issues a command to the
kernel to quit any remaining processes; some may be forced to quit so that
the Mac can shut down.
There is an alternative choice to logging out: if the user chooses to restart instead of
logging out or shutting down once the shutdown process is complete, the start up
process will simply begin all over again.
launchd
The launchd process starts all the user processes and loads applications, such as
Finder, once the user has authenticated correctly. This process is complementary to
loginwindow as it initializes the user environment and lays out the graphical
interface for that user.
The visual cue that tells you this process has completed successfully is that apps such
as the Finder app will appear on the screen (Figure 3.7):
[ 94 ]
The Start Up Process Chapter 3
When initializing the user environment, these are some of the tasks the launchd
process performs:
[ 95 ]
The Start Up Process Chapter 3
During both system and user environment startup, several types of items are
launched. These are launch daemons, start up items, launch agents, and login items.
Let's take a look at these briefly.
/System/Library/LaunchDaemons
/System/Library/LaunchAgents
/Library/LaunchDaemons
On the other hand, the user account launchd process launches agents and login items
during the user environment startup. These can be found here:
/Library/LaunchAgents
/Library/StartUpItems
There is a way to visualize these processes. In the next section, we will discover how
we can do just that.
[ 96 ]
The Start Up Process Chapter 3
2. Once in Activity Monitor, make sure you are in the CPU tab. Then, go to
the top menu, select View, and then All Processes, Hierarchically (as seen
in Figure 3.9):
[ 97 ]
The Start Up Process Chapter 3
3. Click the arrow in the parent processes to display the secondary or child
processes, as shown in the following screenshot:
We have just seen the loginwindow and launchd user session stages. The final stage
in this section is the user environment, which we will explore next.
User environment
The user environment is the workspace where users can use their applications and
any customizations applied to their accounts. During this stage, the login window
continues to run as a background process to take care of any session logging out or
shutdown events.
And with this process, we have gone through all the start up processes in macOS.
Additional features affect those processes, such as enabled energy-saving options,
which we will examine in the next section.
[ 98 ]
The Start Up Process Chapter 3
Sleep mode
Battery preferences
Safe Sleep and Standby
Let's now see what each of these does and how they affect other processes.
Sleep mode
The Sleep mode saves energy by pausing any active processes or applications and
stopping the hardware. This mode is more convenient than shutting down the
Mac since the computer is still on, and you can quickly pick up the computer to
resume any processes and applications.
There are several ways in which you can activate this mode:
Go to the Apple ( ) menu, and then choose the Sleep option (shown
in Figure 3.6).
You can close the lid if you're using a portable Mac.
Press the Command + Eject key combination.
Tap the Power button. Be careful when using the tap Power button option
to enter Sleep mode. If you press the Power button for too long, the Mac
will shut down.
Bear in mind that these last two options don't work with a MacBook
Pro with Touch ID.
In Macs with a battery, the battery preferences let you configure the sleep preferences
for the display. You can even schedule sleep times, as we will see in the next section.
[ 99 ]
The Start Up Process Chapter 3
1. Open System Preferences and select the Battery icon (Figure 3.11):
[ 100 ]
The Start Up Process Chapter 3
2. You will see a menu on the left side of the preferences with several options.
The first option, Usage History, allows you to see your Battery Level and
Screen On Usage values for the last 24 hours, or the last 10 days (Figure
3.12):
[ 101 ]
The Start Up Process Chapter 3
3. The default settings for the next panel, Battery, are shown in Figure 3.13.
These options define how your Mac will behave when it is running on
battery power. We will examine some of those options next:
With the slider set to Turn display off after, you can indicate how long to
wait before turning the display off and going to sleep. This stops any signal
to internal and external displays, and therefore, the LCD backlight is
turned off to save energy.
You can also activate the Put hard disks to sleep when possible option.
When enabled, this option shuts down the hard drive motors when not
being used. It is best not to activate this option if you are using a non-SSD
drive, and your apps are constantly reading and writing to the hard disk.
SSD drives are not negatively affected by this option since they don't have
moving parts that can affect data reading and writing operations.
[ 102 ]
The Start Up Process Chapter 3
Power Nap is a mode that allows the Mac to wake up occasionally from
sleep to perform certain tasks automatically. These tasks include using
Time Machine to perform backups, checking whether you have a new
email, and so on. During these occasional wakes, Power Nap keeps the
displays and other hardware off to save energy. Once the tasks it needs to
perform are finished, it goes back to sleep. To enable it, just check the box
next to Enable Power Nap while on battery power.
In some computers, when there is more than one graphics chip, you will
see an Automatic graphics switching option. We can see that this option is
available in Figure 3.13. For example, if enabled and you are using a text
editor, macOS will switch to a low-power graphics chip to save energy.
When not enabled, a high-performance graphics chip will be used all the
time, regardless of the type of application you are using and, of course, this
will consume more energy.
4. The next option on the menu is Power Adapter. In Figure 3.14, you can see
the default options selected when your Mac is plugged into a power
adapter:
[ 103 ]
The Start Up Process Chapter 3
As you can see, many of the options available in the Battery preferences are
also present here, such as Power Nap and Automatic graphics switching.
However, you also have these additional options:
5. The final menu option in these preferences is Schedule. Here, you can set
hours for Start up or wake and for Sleep, as you can see in the following
screenshot:
Besides what we have just seen, there are other energy-saving modes available in
macOS. The ones we will explore next are the Safe Sleep and Standby modes.
[ 104 ]
The Start Up Process Chapter 3
Safe Sleep mode occurs when the Mac battery is low or drained, or the Mac has been
left idle for a long time. When the Mac is in Safe Sleep mode, the system memory
content is copied in its entirety to an image file on the system volume, and the
computer is powered down. This way, if the battery is drained while the Mac is in
Safe Sleep, and the computer turns off, no data will be lost. The next time the
computer is powered, you will be able to resume where you left off.
Standby mode occurs when the Mac is asleep and idle for more than 1 hour, or after 3
hours, depending on the Mac model. By default, Mac models from 2013 and newer go
into standby after being asleep for 3 hours. All current sessions are saved to the disk
while this mode in use, and some hardware systems are turned off. The Standby
mode is available on Mac computers that are started from an internal SSD or flash
storage.
More specifically, the Mac models that support Standby mode are the following:
But how do you wake up your Mac if you are using any of the different sleep modes
we just saw? There are several straightforward methods for doing so, as we will see
next.
[ 105 ]
The Start Up Process Chapter 3
In the next section, we will explore the available start up modes in macOS, which are
very useful for identifying errors and recovering your system. Let's see next what
they are and how they work.
Safe boot
Verbose
Single user
In this section, we will also take a look at the T2 security chip, which allows yet
another start up mode known as Secure Boot.
Safe mode
During Safe mode, also known as Safe Boot, the Mac performs verifications and
prevents specific software from loading or opening to isolate the cause of a
problem. You can start up in Safe mode by holding down the Shift key during startup.
[ 106 ]
The Start Up Process Chapter 3
During this mode, macOS loads only essential items for startup, and prevents the
unnecessary loading of the following items:
Sometimes, it is not so easy to establish whether your Mac is in Safe mode. In macOS
Big Sur, you will see it indicated in the login window, as seen in Figure 3.16:
[ 107 ]
The Start Up Process Chapter 3
1. Hold down the Option key while clicking on the Apple ( ) menu and
select System Information.
2. Once in the System Information window, scroll down to Software in the
left-hand menu. There, you will be able to see whether you are running in
normal or in Safe mode, as you can see in the following screenshot:
Bear in mind that some features might not work in Safe mode, such as the following:
Now that you have entered Safe mode, you can perform troubleshooting tasks, but if
this doesn't help, there are other modes, such as Verbose, which we will cover next.
[ 108 ]
The Start Up Process Chapter 3
Verbose
With Verbose mode, the Mac shows the start up process as text. If the text stops at
any point, it most likely means that the start up process has also stopped. This allows
you to review the text to try to identify where the problem is and the probable cause.
Verbose mode is initiated by holding down the Command + V key combination during
startup.
Don't use Safe mode and Verbose mode at the same time. This is
because, if the start up process succeeds during Safe mode, Verbose
will be overridden, and you will not be able to identify problems at
startup.
Figure 3.18 shows an example of what you might see during startup in Verbose mode.
We are not seeing the complete printout, just a portion, so that you have an idea of
what to expect when using this mode. You can now review this output to try to find
out where the process is getting stuck:
[ 109 ]
The Start Up Process Chapter 3
Finally, we have a single-user mode, which also provides a way to start up the system
and perform specific troubleshooting tasks.
Single-user
With single-user mode, you can access a minimal command line that allows you to
run UNIX commands as root. You can then move suspicious files to a quarantine
folder and modify any files and folders as required. Perform the following steps to
start single-user mode and prepare the system to use it:
4. Then, repeat the command until you see a message indicating that the disk
appears to be OK, as demonstrated in the following screenshot:
[ 110 ]
The Start Up Process Chapter 3
The fsck -fy command entered is used to verify and repair the start up
volume, where fsck is a common UNIX command used for system check
and repair, the -f flag forces verification of journaled filesystems, such as
HFS, and the -y flag answers with "Yes" to any prompts fsck might
encounter, so use it with caution.
5. Only when you know that the disk is OK should you enter the following
command to mount the start up volume as a read and write filesystem
(Figure 3.20):
/sbin/mount -uw
This method works if you're not using the APFS filesystem (for systems
using AFPS, see the following set of steps). When entered, this is what you
will see:
6. After you make the necessary changes to fix problems through the
command line, exit Single-user mode.
7. Then continue startup by entering the exit command, or you can shut
down the Mac by entering the shutdown -h now command.
[ 111 ]
The Start Up Process Chapter 3
In newer Mac computers, especially if you are using the APFS filesystem, the
previous method to mount the start up volume has been replaced by the following:
Now that we know about all the start-up modes we can use, an additional mode
needs to be explained separately since it is only available in certain Mac models.
[ 112 ]
The Start Up Process Chapter 3
iMac Pro
Mac mini, MacBook Air, and MacBook Pro models introduced in 2018
You can also verify whether your Mac has the chip through System Information. For
this, perform the following steps:
[ 113 ]
The Start Up Process Chapter 3
If you have the chip in your Mac, then you can use Secure Boot. The configuration of
the security options available when the T2 chip is available, including Secure Boot, is
explained in Chapter 15, Managing Security in macOS.
And with this, we have reached the end of this chapter. Please be sure to read the
summary so that you can recap what we have learned.
Summary
Now that you have completed this chapter, you should have a good understanding of
the macOS start-up process and the initialization stages involved. This includes the
visual cues and sounds that happen at each stage so as to be better equipped to
troubleshoot possible start-up issues. You should also be familiar with the available
start-up modes, including Safe Boot, Verbose, and single-user modes, which are
helpful when it comes to isolating possible issues. Also, you now know what energy-
saving features you can configure; namely, Safe Sleep, Standby, and Power Nap,
which affect startup and shutdown. Finally, you have learned about a feature in
newer Macs, the T2 Security Chip, which allows additional security modes.
In the next chapter, we will look at another important topic at the heart of any system:
users. We will see the types of user accounts available, and how to create them,
manage them, and much more.
[ 114 ]
4
User Accounts Management
In this chapter, you will first learn about the different types of user accounts available
in macOS in a section divided into two parts: Local user accounts and Other user
accounts. Next, you will learn how to manage the different user accounts, as well as
how to use login options and other practical features such as fast user switching and
Screen Time. Finally, you will understand how user home folders are organized. By
the end of this chapter, you will be able to add any type of account to a Mac, as well
as manage them and configure the different options available to enhance the user
experience and increase security. In the latter half of the chapter, you will gain a good
understanding of user home folders and their structure, as well as how to restore
them in case of accidental deletion.
Technical requirements
To work through the examples in this chapter, you will need the following:
Local
Other
Both categories of user accounts have several types available. We will start by
exploring local user accounts.
Standard
Administrator
Root user
Guest
Sharing-Only
Group
[ 116 ]
User Accounts Management Chapter 4
The Standard and Administrator accounts are the most common, and they are the
ones you will be using for most regular and administrative tasks on a Mac.
Let's examine each of them to understand when and how they should be used.
Even though the Standard account is the most common one, other types of accounts
can be used for specific purposes, as we will see in the following sections.
[ 117 ]
User Accounts Management Chapter 4
The Administrator account cannot access other users' items unless they are in a
shared folder (such as the Public folder).
When you first install or reinstall macOS on your computer, this is the type of account
created with the help of Setup Assistant as part of the setup process. It is the primary
account.
As the name says, this account is intended for administrators. Many users never
create other accounts and use this one as their primary account for their Mac's
everyday use. This is not a problem unless you share the Mac with a family member
or a colleague, in which case having only an Administrator account is a security risk
for the system and the information stored on it. The ideal number of administrators is
two or three.
[ 118 ]
User Accounts Management Chapter 4
The Administrator is the account with most of the privileges you will ever need to
manage your system. However, there is another account with even greater privileges,
as we will see next.
This user can do everything an Administrator user can do, plus the following:
You should be aware of the risks of breaking something in the system if an action by
the root user is performed incorrectly. The root user is to be used for very specific
tasks and only when required. Also, take into account that most administrative tasks
can be performed with an Administrator account.
We have seen the accounts with the most privileges in macOS. In the coming sections,
we will see other types of user accounts, which are, in general, more limited.
[ 119 ]
User Accounts Management Chapter 4
Therefore, this is a temporary account for momentary activities. It is ideal for letting
non-regular users utilize your Mac for activities such as checking their email or
browsing the web, without having to create any type of account and, at the same
time, protecting your data and personal information by not allowing access to your
Standard or Administrator account to an external person.
The Guest account is disabled by default; it has to be enabled for use. We will see how
to do that in the Managing user accounts section in this chapter.
When FileVault is enabled, the Guest user can only use Safari.
If you need to share files but you don't need the user to access your Mac interface,
there is another type of account that is better for that purpose, as we will see next.
[ 120 ]
User Accounts Management Chapter 4
Finally, if what you need is to group users according to a common objective, for
example, then you can use group accounts, as we will see in the next section.
Actually, all the previous user accounts discussed belong to one or more groups
already set up in macOS. The main default groups are as follows:
Staff: All user accounts are members of this group when they are created
(including administrative users).
Admin: All administrative accounts also belong to this group.
Wheel: Its only member is the root user.
However, other groups can be created with custom access and permissions for files
and folders.
With this, we have concluded reviewing the first category of user account types
available in macOS: local user accounts. Next, we will review the second category of
user accounts: other, non-local user accounts.
[ 121 ]
User Accounts Management Chapter 4
Network
Mobile
They can be used even when it's not possible to contact the shared
directory server.
The home folder is usually located on the startup disk.
[ 122 ]
User Accounts Management Chapter 4
Now that you know which types of local and non-local user accounts can exist on a
Mac running macOS and their privileges and limitations, you can now decide when it
is appropriate to create each of these accounts.
In the following sections of this chapter, we will discuss the most common user
administration tasks, such as creating the types of user accounts we just explored.
In this section, we will perform different user management tasks. More specifically,
we will cover the following topics:
[ 123 ]
User Accounts Management Chapter 4
The main tool to manage user accounts is Users & Groups (Figure 4.1) in System
Preferences. Remember that you need administrator permissions to manage user
accounts. You can go to System Preferences via the Apple ( ) menu or through the
desktop icon, as we have seen in previous chapters:
This is where all user accounts are created, managed, unlocked, and deleted. Also,
local group accounts can be created here.
[ 124 ]
User Accounts Management Chapter 4
[ 125 ]
User Accounts Management Chapter 4
Congratulations! You've just created your first user account. You will see
the new user appear in the left-side panel, as seen in Figure 4.4:
[ 126 ]
User Accounts Management Chapter 4
7. Log out from the admin account and log in as the new user to verify it has
been correctly created. You can log out via the Apple ( ) menu. If it has
been correctly created, you should see the new user in the login window, as
shown in Figure 4.5:
Once the user is created, the initial setup will take place, which is what we will see in
the next section.
[ 127 ]
User Accounts Management Chapter 4
1. Log in to the new account with the password created (Figure 4.5). First, you
will be presented with the Data & Privacy information. Make sure to read
it, and then click Continue when ready.
2. If you are prompted to log in with your Apple ID, just click Set Up Later
(Figure 4.6). You might see a prompt asking whether you are sure; just
click Skip for now. We will see how to link a new account with an Apple
ID or iCloud account in the next section:
[ 128 ]
User Accounts Management Chapter 4
3. If Find My is enabled for this machine, you might see a window indicating
the Apple ID used to locate it. This is an informative window, so make sure
the associated Apple ID is correct and click Continue. If it's not correct, you
can change it in System Preferences later on.
4. Next, you will see the Screen Time window. You will see it only if you are
installing on macOS Catalina or later. You can click either Set Up Later or
Continue, as any of those options will take you to the next screen.
5. Then, you will be presented with the Siri screen. By default, the Enable Ask
Siri option will be enabled. Uncheck it if you don't wish to use Siri. When
ready, click Continue.
6. In macOS Big Sur, you will have the choice to set up Siri at this point. You
can do so and click Continue, in which case you will see a couple of extra
screens where you will have to speak several phrases for this configuration,
or you can choose Set Up "Hey Siri" Later, which is what we will do for
this example.
7. Next, you will see a screen where you can choose to share data with Apple
to improve Siri and Dictation. The default option is Not Now, but you can
change that if you wish to share your audio recordings.
8. If you have a Mac compatible with Touch ID, then you might see a
screen to set it up. If you do, then click Continue. If not, just skip to step 10.
9. You will be able to set up Touch ID at this moment, or you can click Set Up
Touch ID Later. If you choose to set up Touch ID later, you might see a
prompt asking you whether you are sure; just click Continue.
10. Next, you will be asked to choose a look, either Light, Dark, or Auto mode.
The Auto mode is a new option available in macOS Catalina and later.
When ready, click Continue.
11. In Mac computers compatible with True Tone (Macs with Retina screens),
you might see a screen informing you about this feature. You can click on
See Without True Tone Display to see how your screen would look
without it, or just click Continue.
[ 129 ]
User Accounts Management Chapter 4
You can find out which Macs are compatible with True Tone at this
link: https://support.apple.com/HT210437#mac.
And that's it! Now, the setup will finalize for the new account. You have created and
configured your first Standard account.
In the next section, we will see how the set up flows when choosing to use an Apple
ID.
To link your Apple ID or iCloud account, follow all the steps described in the
previous section to create a standard user account. Then, when you first log in with
the newly created account, you will arrive at the Sign In with Your Apple
ID screen, where you will see the following options related to the Apple ID (Figure
4.7):
Take into account that in macOS Mojave and earlier, the last option will be worded
differently since in macOS Catalina, iTunes was replaced with other dedicated apps,
as mentioned in Chapter 1, Overview of the macOS System, Architecture, and Features.
The option will read as Use a different Apple ID for iTunes and iCloud?.
At this point, you can enter your Apple ID if you have one, recover it if you have lost
your password, or create one. In the next section, we will see an example where we
choose to create an Apple ID.
[ 130 ]
User Accounts Management Chapter 4
2. To start the process, you will be prompted to enter your birth date.
[ 131 ]
User Accounts Management Chapter 4
3. Enter the information for the new Apple ID, including an email account. At
this point, you can choose to create a free icloud.com email or provide
another existing email. For this example, we will choose to create
an icloud.com email by clicking on the Get a free iCloud email
address... link, as seen in Figure 4.8:
[ 132 ]
User Accounts Management Chapter 4
4. You will be prompted to enter the iCloud email address's details to be used
as your new Apple ID, including a password. Enter the details and click
Continue.
5. Next, you will be asked to verify the email by providing a phone number
for a text message or a phone call. I will enter a phone number and select
Text message as the verification method (Figure 4.9):
6. Next, accept the terms and conditions. At that point, iCloud will be set up.
[ 133 ]
User Accounts Management Chapter 4
7. Next, depending on the macOS version, the process will continue with step
3 of the previous section on the initial setup of a new user account.
When the process finishes, you will confirm that iCloud has been set up by
opening System Preferences. You will see that the Apple ID username
appears now, as well as an additional icon to set up the Family Sharing
feature, as seen in Figure 4.10:
And that's it! You can now use your Apple ID to recover your password and use the
iCloud features set up for this account.
In the next section, we will explore how to turn a Standard account into an
Administrator account.
[ 134 ]
User Accounts Management Chapter 4
In the next section, we will see how we can further customize the user environment
for a better experience.
[ 135 ]
User Accounts Management Chapter 4
1. Open the Finder, and choose Preferences from the top menu.
2. Next, select the General tab. By default, the Hard disks option is not
selected. Select it so that the default system volume (usually Macintosh
HD) appears on your desktop for easy access to the system volume root, as
shown in Figure 4.12:
[ 136 ]
User Accounts Management Chapter 4
3. Now, click the Sidebar tab and select the folders you want to have in the
sidebar's Favorites section. In this case, we will select the administrator's
home folder so that it shows in the Finder's sidebar's Favorites section for
easy access (Figure 4.13):
Make sure the checkboxes are fully selected. If a dash shows instead
of a checkmark (as with Hard disks in Figure 4.13), it means it is not
fully selected.
[ 137 ]
User Accounts Management Chapter 4
1. Open System Preferences and click on the Desktop & Screen Saver
preferences icon marked in Figure 4.14:
2. In the Desktop tab, from the dropdown, you can choose your desktop
style: Automatic, Light (Still), or Dark (Still) (Figure 4.15):
[ 138 ]
User Accounts Management Chapter 4
3. In the Screen Saver tab, you can choose your screen saver style and timing
(Figure 4.16):
[ 139 ]
User Accounts Management Chapter 4
At the bottom right of Figure 4.16, you can see a Hot Corners... button. If you use a
screen saver, configuring Hot Corners allows you to start the screen saver by setting a
shortcut so that it starts when you move the pointer to a designated corner of the
screen. Follow these steps to configure it:
3. You will see several options to choose from, as seen in Figure 4.18. For this
example, let's choose Start Screen Saver and then click OK:
4. You can also use the Control, Option, Shift, or Command keys with a hot
corner. To use them, press one of those keys – for example, Option – while
the drop-down menu is open and select an option such as Start Screen
Saver (Figure 4.18).
5. Once set, whenever you move the pointer to the corner of the screen you
just configured (and press a key, such as Shift, if you configured one), the
screen saver will start.
[ 140 ]
User Accounts Management Chapter 4
There are many other options to configure your account that you can explore, but we
have seen the most important ones. In the next section, we will explore what account
attributes are.
1. Go to the Users & Groups preferences and click the lock icon to log in as an
administrator.
2. Next, right-click on the user for whom you want to see the attributes,
and Advanced Options... will appear, as seen in Figure 4.19:
[ 141 ]
User Accounts Management Chapter 4
3. The screen you will see looks like the one in Figure 4.20:
User ID: This is the user account ID. User accounts will normally start at
501, and root administrator accounts will start with a number under 100.
Group: This is the primary group the user belongs to. In this case, this
account belongs to the staff group, as most local user accounts do. We will
see the types of groups available in more detail in Chapter 7, Understanding
Ownership and Permissions.
Account name: This is the name of the account and the user's home
folder. It cannot have any special characters (, /; "), symbols, or spaces.
However, it can contain periods, dashes, or underscores (.-_).
[ 142 ]
User Accounts Management Chapter 4
Full name: This is a longer version of the account name. It can also be used
to authenticate, but most users will use the account name for convenience
since it's shorter. It can contain any characters. This name must be unique,
and there cannot be other accounts with the same full name. It can also be
changed at any time.
Login shell: As we saw earlier, both Administrative and Standard users
can access Terminal. The login shell specifies the default file path for the
command-line shell used in Terminal. The shell is the programming
language the command line uses. By default, it is /bin/bash in macOS
Mojave and earlier but is being deprecated. From macOS Catalina and
later, the default shell is zsh. Therefore, when you open Terminal, you
might see a warning indicating that the default interactive shell is now zsh;
check Chapter 16, Using the Command Line, for instructions on how to
change it.
Home directory: This shows the path for the user's home folder, except for
Sharing Only accounts because, as we saw earlier, no home folders are
created for this type of account. The default path is the following:
/Users/[user account name].
Universally Unique ID (UUID) or Globally Unique Identifier
(GUID): This is a long, unique, alphanumeric number generated by the
computer when the account is created, sort of like a serial number that can
only be identified by the Mac the account was created in. This means that if
you restore an account on another Mac, the number will change, and it will
be unique to that Mac computer as well. It's also an alphanumeric attribute
that serves to identify the account with the file and folder ownership.
Apple ID: This is the Apple ID linked to this account. If there isn't an ID
associated with it yet, nothing will show for the user, as is the case in Figure
4.20.
Aliases: This is used to associate the local user account with other service
accounts, such as iCloud.
In the following sections, we will see other important management actions, such as
deleting and restoring user accounts.
[ 143 ]
User Accounts Management Chapter 4
1. Open System Preferences and then the Users & Groups preferences.
2. Right-click on John's account to see the Advanced Options... button, as we
did in the previous section. Take a screenshot of the attributes you see here,
in case you need that information later.
[ 144 ]
User Accounts Management Chapter 4
2. Now, you will have to define what will happen to the user's home folder.
The options you can choose from are shown in Figure 4.22. They are as
follows:
Save the home folder in a disk image
Don't change the home folder
Delete the home folder
When you choose the last option (Delete the home folder), the user account
and folder are fully deleted from the system, and the storage space is freed.
Next, we will see what happens when we choose the other two options.
3. For this example, let's choose the first option, Save the home folder in a
disk image. Next, click Delete User:
That's it! The user account is deleted and the home folder, in this case, has been saved
as a disk image. Next, let's see how to restore this deleted user.
[ 145 ]
User Accounts Management Chapter 4
To restore the user in this case, we need to go to our Mac's root folder:
1. You can find the root folder through the Finder's side menu
or the volume we configured to be visible on the desktop
(usually Macintosh HD). Once you are there, you will need to go to
the /Users/Deleted Users folder, where you will find the saved image,
as shown in Figure 4.23:
2. Double-click on John's image (the DMG file shown in Figure 4.23). The
contents of the file will be shown, and a disk icon will appear, as you can
see in Figure 4.24. You can close the containing folder but keep the image
open (the disk icon to the right); don't eject it:
[ 146 ]
User Accounts Management Chapter 4
3. Next, select the image and select Duplicate from the Finder contextual
menu, as seen in Figure 4.25. This is an important step to ensure all folders,
including the hidden Library folder, are copied for a successful
restoration:
[ 147 ]
User Accounts Management Chapter 4
And that's it! The home folder has been restored, but there are still a few
more actions to complete the account restoration.
[ 148 ]
User Accounts Management Chapter 4
Account restoration is now complete! You will see the user appear again in
the Users & Groups side menu.
1. In the Users & Groups preferences, right-click the newly created account to
see Advanced Options... as we saw earlier.
2. Open the screenshot you saved before deleting John's account and compare
the details.
3. Both accounts' user IDs should be the same, but the UUID will be different
because that is unique to every account created.
4. If you now go to the Users folder and try to open John's restored account,
you will not be able to do it since the folder now belongs to John, and not
even the administrator has permission to access it.
[ 149 ]
User Accounts Management Chapter 4
As an extra verification step, log in as John Adams and verify that the hidden folders
are there:
That's it! We just saw how to carry out account restoration when the deleted account
home folder was saved into an image (DMG). In the next section, we will see the
second option presented when deleting a user account.
[ 150 ]
User Accounts Management Chapter 4
In this case, restoring the deleted account is even easier: just rename the folder and
remove the (Deleted) part. Then, follow the steps to create an account with the
same details, as we saw earlier, to complete the restoration. You will again see
the prompt that will warn you that a folder with the same name already exists. As we
did previously, select the Use Existing Folder button shown in Figure 4.27.
And that's it! You have now successfully restored a deleted account using two
different methods. With this, we have completed the section on Standard account
management. In the next section, we will explore the management of the root user.
System Preferences
Terminal
To enable the root user through System Preferences, follow these steps:
[ 151 ]
User Accounts Management Chapter 4
3. Click on the Login Options button, and next on the Join... button, as shown
in Figure 4.29:
5. You will see the window in Figure 4.31. Once more, click the lock and enter
your administrator name and password:
[ 152 ]
User Accounts Management Chapter 4
6. In the Directory Utility menu bar, choose Edit, and then Enable Root User,
as shown in Figure 4.32:
7. Finally, enter the password you wish to use for the root user. And that's it!
[ 153 ]
User Accounts Management Chapter 4
You can also enable the root user through Terminal. Follow these steps to use that
method:
Now that the root user is enabled, let's see how to log in with this account.
1. Turn on the Mac, or if you are logged in, log out of the current account to
see the login window.
2. When the root user is enabled, you will see a new user with the name of
Other... in the login window, as you can see in Figure 4.34. Click on that
icon to log in:
[ 154 ]
User Accounts Management Chapter 4
3. Next, enter root in the username field and the password you created for
this user in the password field.
4. Once you are in the desktop interface, if the option to show full names is
enabled in fast user switching (this feature is covered in the What is fast user
switching? section a little later in this chapter), you will see the
name System Administrator at the top of the screen, as you can see in
Figure 4.35. This tells you that you are logged in as root:
And that's it! You are now logged in as root with full access to the system.
To log in through Terminal, you can do so via the command line with the sudo
command. It's actually safer to use the root user this way than it is to enable it for the
whole system for an undetermined amount of time, as you may perhaps forget that
you've left it enabled.
Enter the following command in Terminal to enter root mode, followed by any
commands you would like to run:
sudo [command]
If you need to perform many tasks as root, you can also open a root shell:
sudo -s
[ 155 ]
User Accounts Management Chapter 4
If you use the previous command, you will stay in root mode until you enter exit to
revert to your usual permissions:
exit
If you want to learn more about what you can do with sudo, you can enter man sudo
in Terminal, as seen in Figure 4.36:
We have just seen how to enable the root user. Let's examine how to disable it.
Just follow the same steps you did to enable it through Directory Utility, but in the
menu bar, choose Edit, and then Disable Root User, as shown in Figure 4.37:
[ 156 ]
User Accounts Management Chapter 4
And with this, we have finished the section on managing the root user. In the next
section, we will explore another kind of user, the Guest user.
[ 157 ]
User Accounts Management Chapter 4
4. Check the Allow guests to log in to this computer box. As soon as you do
that, the Guest user in the left panel will show the Login only status, and
the Limit Adult Websites option will be enabled by default as well (this
can be different in versions prior to Big Sur, where you probably have to
enable the latter option manually):
5. The next time you are at the login window, you will see the Guest User
icon (Figure 4.40). Just click the icon, and it will automatically log in (there's
no need for a password):
[ 158 ]
User Accounts Management Chapter 4
Finally, you could also allow guests to use shared folders in the network. For this,
check the Allow guest users to connect to shared folders box (Figure 4.39). When you
do that, the Guest account will have access to shared folders from another computer
or user on the network.
Take into account that enabling the Guest account can cause
unexpected behavior when FileVault is enabled.
That's it! Your temporary users can now use the Guest account without risking
exposing your data or personal information.
In the next section, we will see other useful settings that help you adjust the user's
login options.
Automatic login
Account display options
Fast user switching
Automatic login
You can configure a user to log in automatically when the Mac is started. By default,
this setting is disabled. To change that behavior, follow these steps:
1. Open System Preferences, click on Users & Groups, and then click Login
Options.
2. Click the lock icon to authenticate as an administrator.
[ 159 ]
User Accounts Management Chapter 4
3. Click the Automatic login drop-down menu, then choose a user, as shown
in Figure 4.41:
4. Once you select a user, you will be asked to enter the user's password.
5. You might need to restart the Mac for the automatic login to become
effective.
There are more login options you can use to improve your user experience, and we
will see those next.
[ 160 ]
User Accounts Management Chapter 4
[ 161 ]
User Accounts Management Chapter 4
4. Once that is done, you will be able to quickly switch users from the top-
right corner of the screen, as seen in Figure 4.43:
With this, we conclude this section on the login settings you can use to improve the
user experience.
In the next section, we will see a new feature called Screen Time used to control user
access.
Screen Time is not just a tool to restrict usage and schedule downtime; it also
provides daily and weekly reports to analyze how you and others are using the Mac.
In the following example, we see the feature in the macOS Big Sur interface:
1. The Screen Time options are managed from System Preferences, through
the icon shown in Figure 4.44:
[ 162 ]
User Accounts Management Chapter 4
2. To enable it, click Options in the lower-left corner, and click Turn
On.... The same button can be used to Turn Off..., as you can see in Figure
4.45. You can even use a Screen Time passcode so that you can enter it to
allow more time when limits are reached:
[ 163 ]
User Accounts Management Chapter 4
If you are using Family Sharing, you can turn on Screen Time on each of the devices
and manage it from your Mac. Family Sharing is covered in Chapter 10, Managing
Apps and Documents.
In the next sections, we will explore the options on the left menu of this tool, each
having a specific function. These options can be divided into two main categories:
Tracking usage
Limiting usage
Tracking usage
In this section, we will see the options in Screen Time related to usage tracking. They
allow you to track how apps are being used and the amount of time dedicated to
specific apps so that you can make decisions on restricting certain apps. This part of
Screen Time is not for configuration but rather for monitoring.
To track usage with the Screen Time feature, you have the following options:
App Usage
Notifications
Pickups
App Usage
This feature is used to check how much time is spent on each app. You can see the
data per day or week. You can also see all apps or view usage by category, such as
productivity or entertainment (Figure 4.46):
[ 164 ]
User Accounts Management Chapter 4
The next item on this part of the menu is Notifications. Let's explore what it is for.
[ 165 ]
User Accounts Management Chapter 4
Notifications
Notifications are small boxes you see in the top-right part of your screen triggered
from several apps, depending on your configuration. These notifications can be
distracting or even annoying. The Notifications tab in the Screen Time tool helps you
see statistics about how many notifications you get from each app (Figure 4.47):
If you want to configure notifications, for example, to pause or stop them, you can do
that from the Notifications pane in System Preferences.
Let's explore the last tab in this tracking section, the Pickups tab.
Pickups
This feature allows you to see how many times you have "picked up" your device or,
in the case of a Mac, how many times you "woke it up" after a period of inactivity or
sleep, and which apps you used first after picking it up (Figure 4.48):
[ 166 ]
User Accounts Management Chapter 4
And with this, we have seen the section in Screen Time that tracks usage. In the next
section, we will see the options that allow you to limit that usage.
Limiting usage
After analyzing the statistics you obtained in the Screen Time tabs we saw in the
previous section, you can make decisions on how to optimize your usage by limiting
it for yourself or other users or family members if using Family Sharing. Family
Sharing is covered in Chapter 10, Managing Apps and Documents.
These are the options you have to limit usage with the Screen Time feature:
Downtime
App Limits
Always Allowed
Content & Privacy
[ 167 ]
User Accounts Management Chapter 4
Downtime
With this option, you can schedule time away from the computer. When this option is
configured, you will only be able to use specific apps you have configured to be
allowed, along with phone calls. First, make sure Downtime is selected in the left
menu, and click on the Turn On... button to enable it. The same button will allow you
to turn it off, as seen in Figure 4.49. Once enabled, you can set a schedule per day or
set a custom one:
You can configure Downtime for your own account, for other accounts if you log in
to their accounts as an administrator, or directly from your administrator account if
using Family Sharing.
When Downtime is configured and in effect, the user will see a notification 5 minutes
before it is activated, as seen in Figure 4.50:
[ 168 ]
User Accounts Management Chapter 4
If the user tries to use a restricted app in the Mac, a message will be displayed
informing them that the Mac cannot be used. You can click OK or Ignore Limit to use
the Mac despite the scheduled downtime, as seen in Figure 4.51. In the case of a family
member, usually a child, an additional option will show through which they can
request more time, which the organizer of the Family Sharing group can deny or
approve.
If you click on Ignore Limit, you will be given the options shown in Figure 4.52:
While this option allows you to set a global downtime setting, the next option we will
see allows you to set limits on specific apps.
[ 169 ]
User Accounts Management Chapter 4
App Limits
This option allows you to set limits on specific apps and even entire categories of
apps. To use it, you need to enable it. Make sure App Limits is selected in the left-side
menu, and then click the Turn On... button (Figure 4.53):
Next, you can add apps or categories of apps by clicking on the + button, as shown
in Figure 4.53. When you do that, you will see the window shown in Figure 4.54. At
that point, you can choose entire categories of apps to restrict, such as Games, or you
can expand the category by clicking the arrow encircled in the following screenshot to
select or deselect specific apps in that category:
[ 170 ]
User Accounts Management Chapter 4
When you activate this option, you will receive a notification similar to the one seen
in Figure 4.51 when your time is up for a configured app restriction. Again, when you
see that notification, you can click either OK or Ignore Limit. If you click on the last
option, you will be given the options shown in Figure 4.52.
With this option, we have seen how we can configure app restrictions. With the next
option, you will be able to specify which apps are allowed.
[ 171 ]
User Accounts Management Chapter 4
Always Allowed
This option allows using certain apps even when downtime is scheduled or when app
limits have been configured. To use it, make sure the Always Allowed option is
selected in the left-side menu (Figure 4.55). Next, select the apps from the list that you
want always to be allowed:
The last option on the menu allows you to customize restrictions even further, as we
will see in the next section.
[ 172 ]
User Accounts Management Chapter 4
When you are using Family Sharing, you will see an extra option on the left menu,
called Communication. To use it, Contacts has to be turned on in the iCloud
preferences. With this option, you will be able to control who the members of the
Family Sharing group you monitor can communicate with during the day. This
option allows establishing limits on Phone, FaceTime, Messages, and iCloud contacts.
Still, communication with specified emergency numbers is always allowed.
And with this, we have finished this section on the Screen Time feature and on
managing user accounts. We saw how to create a standard user account, set it up, and
configure additional preferences. We saw how to manage the root and guest users.
We also saw login options and how to use the fast user switching feature.
In the next section, we will see a topic closely related to user accounts: user home
folders.
[ 173 ]
User Accounts Management Chapter 4
In this section, we will cover the following topics related to home folders:
[ 174 ]
User Accounts Management Chapter 4
The default home folder structure for any macOS user contains the following
subfolders:
Desktop
Documents
Downloads
Movies
Music
Pictures
Public
The content of these folders is pretty straightforward, as their names are self-
explanatory. This structure can be browsed by other users, but the contents of most of
these folders can only be accessed by the owner of that account. However, one folder
is the exception as other users can see it: the Public folder, also visible in Figure 4.58,
which has another folder inside it, the Drop Box folder.
An additional folder is hidden by default, the Library folder, which is why we don't
see it in Figure 4.58.
There is also another optional folder that can be created manually by users,
the Applications folder. This is where they can save their own applications, instead
of using the system Applications folder, where all apps are usually kept by default.
If created, this folder is recognized by the system. If you install apps in this folder in
your home folder, they will be available for you only, instead of all the users in the
system, as is the case with the usual Applications folder located at the root.
[ 175 ]
User Accounts Management Chapter 4
In the next section, we will see the folders that are not self-explanatory. That said, it's
still important to mention that some applications have specifically dedicated folders
for the files created with them. That's the case of
the Music, Movies, and Pictures folders in the user home folder, which are used
specifically for files created by applications such as iMovie, iTunes, and Photos; these
folders are the default locations for those applications. Some third-party applications
will even create folders inside those folders for their user-created files.
In the following sections, we will see more about the folders that are not self-
explanatory.
Using Stacks
It is not recommended to keep files in the Desktop folder unless it is temporary, but
we all know that temporary usually becomes permanent, and very quickly your
desktop becomes cluttered. You should have a nice folder structure to store all your
files, instead of the desktop. However, if you like keeping things on the desktop, there
is a useful tool introduced in macOS Mojave that comes to save the day: Stacks.
1. Right-click anywhere on the desktop and choose Use Stacks from the
contextual menu (Figure 4.59):
[ 176 ]
User Accounts Management Chapter 4
You can view the items that are organized in stacks very easily. Just click on a stack
and scroll to find what you are looking for. When you find the correct file, just
double-click to open it.
Let's see another feature available in the desktop space and that can be used in
combination with Stacks: Quick Actions.
[ 177 ]
User Accounts Management Chapter 4
Quick Actions
You have many other options to choose from when you right-click on a stack, or on
any file for that matter. You can choose Rename, Compress, or Share, or use one of
the Quick Actions features (Figure 4.61), such as Rotate, Markup, Create PDF, or trim
audio and video files:
We have just seen the Desktop folder and two important features you can use to
make the most of it. Let's continue exploring the other user folders.
[ 178 ]
User Accounts Management Chapter 4
If you need to access this folder for any reason, you can use temporary and
permanent methods to access it, all of which are covered in detail in Chapter
8, System Resources and Shortcuts.
At the same time, each Public folder has a subfolder called Drop Box. The purpose
of this last folder is to allow you to share your files with other Mac users by placing
them in their Drop Box folders. There are a few important things to consider about
the Public and Drop Box folders because they can be a bit confusing if you don't
understand the logic behind them. This is why I invite you to review how to use them
for file sharing, which is covered in detail in Chapter 7, Understanding Ownership and
Permissions.
And with this information, we have covered the user home folder structure. In the
next section, we will learn how to delete and migrate the local user home folder.
[ 179 ]
User Accounts Management Chapter 4
What happens when you choose each of these options is covered with examples in
the Deleting user accounts section earlier in this chapter. That said, let's see how to
migrate and restore a user home folder.
There are two ways to migrate or restore home folders. One uses a tool called
Migration Assistant, and the other way is just to do it manually. Let's examine both
methods.
Migration Assistant
Migration Assistant is a very useful tool that saves a lot of time since it allows you to
restore user account details and data automatically; you don't have to do it manually.
User accounts
Settings
A Time Machine backup
Content from a Mac or Windows computer
[ 180 ]
User Accounts Management Chapter 4
At the same time, there are three common scenarios you will encounter when
migrating data to a Mac through Migration Assistant:
We will see how the process works in the first two cases in the next section.
If you want to check the macOS version history to see which version
comes after the other, you can go back to Chapter 1, Overview of the
macOS System, Architecture, and Features, where you will find a list of
all the versions.
There are two ways to access Migration Assistant: when you are first setting up a
newly installed Mac, Migration Assistant will appear (Figure 4.62) in case you want
to transfer your data at that point:
The other way is through the Utilities folder in the Applications folder. In both
cases, the process the tool follows is the same.
[ 181 ]
User Accounts Management Chapter 4
[ 182 ]
User Accounts Management Chapter 4
Once you have verified that all the requirements are met, follow these steps:
5. You will see the screen shown in Figure 4.62. Choose the From a Windows
PC option and click Continue.
6. Enter the PC administrator's name and password.
7. Choose your PC from the list of available computers.
8. Next, a matching passcode should appear on both computers.
9. A list of data that can be migrated will be displayed for you to select; it will
include full user accounts, data, and so on.
10. Select the user account or individual files and settings you wish to migrate
and click Continue.
11. The process can take a while depending on how much data you are
migrating, but you will able to monitor the progress.
12. When the migration is complete, if you migrated a user account, you will
be asked to set a password when you log in to the migrated account on
your target Mac.
[ 183 ]
User Accounts Management Chapter 4
And that's it! Your data has now been fully migrated from a Windows PC to your
target Mac.
Let's see the steps for the second option, migrating from a Mac to another target Mac.
Make sure your Mac is updated. If not, be sure to install any updates that
may be pending before proceeding.
The old Mac should be running OS X Snow Leopard v10.6.8 or later.
The old Mac should have a computer name. To find out the name, go
to System Preferences and click on the Sharing icon marked in Figure 4.64:
[ 184 ]
User Accounts Management Chapter 4
Take note of the name in the Computer Name field, as seen in Figure 4.65.
In this section, you can also change your computer's name if you like by
clicking on the Edit button:
1. If both Macs are running macOS Sierra or later, place them close together
and make sure Wi-Fi is turned on on both of them.
2. If either Mac is using OS X El Capitan or earlier, connect them to the same
Wi-Fi network or through Ethernet:
Another way to connect them is through Target Disk mode,
which we will explore in Troubleshooting Tips, of this book.
Another option would be to connect your target Mac to a volume
containing a Time Machine backup. We will see all about Time
Machine backups in Chapter 11, Backups and Archiving.
[ 185 ]
User Accounts Management Chapter 4
Take into account that when you use Migration Assistant, all other
applications must be closed, or they will be closed by the
application.
6. Now, let's switch to the old Mac. Open Migration Assistant and click
Continue. You will be asked to authenticate as an administrator.
7. You will be asked whether you want to transfer data. At this point, select
the To another Mac option (Figure 4.62) and next, click Continue.
8. Now, switch to the target Mac. Select the appropriate source of the transfer,
in this case, the old Mac, and click Continue.
9. You should see a matching security code appear in both Macs. Click
Continue in the old Mac.
10. On the target Mac, choose the backup source you want to use from the list,
and click Continue.
11. Choose which data you want to transfer. This data can be entire user
accounts, folders, computer and network settings, apps, and so on. How
long the process will take will depend on how much information you are
transferring.
12. And that's it! You can now log in to the migrated account on the target
Mac.
In this section, we have seen how to migrate data using Migration Assistant. In the
next section, we will see how this can also be done manually.
[ 186 ]
User Accounts Management Chapter 4
Restoring manually
You can manually restore a local user account in the same Mac or a different Mac.
This is what you need to do:
1. Copy the entire user home folder you want to restore to a temporary
location, such as a USB or an external volume.
2. Next, copy the home folder to the /Users folder of the Mac on which you
want to restore the user account.
3. Open System Preferences and go to Users & Groups.
4. Create a new local user account with the same name as the user home
folder you want to associate with.
5. At this point, macOS will recognize the new home folder and ask you
whether you want to associate it with the home folder with the same name.
6. And that's it! The home folder is now restored and associated with a
specific user account.
And this concludes this section on understanding user home folders. In the first part,
we saw the home folder structure; next, we saw how to delete, migrate, and restore
local user home folders through Migration Assistant and also manually.
This concludes the content for this chapter. Be sure to read the summary for a quick
recap of the topics covered.
Summary
You now know the types of local user accounts available in macOS, what they are
used for, and how to create and manage them, including creating, deleting, and
restoring user accounts. You also know what account attributes are and how to
configure login options, including fast user switching. You learned how to use the
new Screen Time feature to track usage and set limits for user accounts and family
members. In the second part, we saw the structure of the home folder created for each
user, and how to delete, migrate, and restore user home folders with the help of
Migration Assistant. You are now ready to manage all aspects of user accounts and
home folders at a support level.
In the next chapter, we will explore the user security and privacy options available in
macOS for the user's data security and protection of the user's privacy.
[ 187 ]
5
Managing User Security and
Privacy
In this chapter, you will learn about managing user security and privacy through
various methods. First, we will explore the password types available in macOS and
when they should be used. Next, you will learn how to manage user account
passwords and other passwords used by macOS, such as the firmware password.
Also, you will examine the Keychain system and how to use it. Finally, you will
review additional features that help you protect user privacy in macOS, such as cross-
site tracking and Location Services. By the end of the chapter, you will be able to use
and manage passwords effectively to secure user accounts, and be able to configure
the different features macOS offers to further enhance security and privacy as an
essential part of your work as an administrator or while supporting other users.
More specifically, the main topics that will be covered in this chapter are the
following:
Technical requirements
This is what you will need for this chapter:
The macOS operating system uses several types of passwords for the security of the
hardware, operating system, and user data. There is also a system password. More
specifically, we will cover the following:
Standard
Administrator
Root
Sharing Only
Guest and Group accounts are not included as they don't require a password.
These passwords are configured at the time of user creation, or later using System
Preferences and the Users & Groups pane.
Before macOS Sierra, there was an option to unlock macOS user accounts with an
Apple ID, but this is no longer possible. Therefore, the only password authentication
method possible in macOS is through locally saved passwords. This method stores
locally encrypted passwords in account records.
[ 189 ]
Managing User Security and Privacy Chapter 5
If the Apple ID is not useful as an authentication method for your Mac local user
account, what is it used for in macOS? That's what we will see next.
The Apple ID account and password, however, when linked to your account, provide
you with an additional method to reset your macOS user account password. In the
Resetting local user account passwords section later in this chapter, we will see how to
use it for this purpose.
We have already seen how to configure a local user account and the
Apple ID in Chapter 4, User Account Management, if you would like
to go back to review it.
The next type of password available in macOS is Keychain passwords. Let's explore
them.
Keychain passwords
Keychain is a macOS password management system. The Keychain system is a tool
that allows you to store many types of items securely on your Mac, and
it stores passwords in encrypted files so that your authentication information remains
secure.
[ 190 ]
Managing User Security and Privacy Chapter 5
There are several keychain types in macOS. One of them is the login keychain that
works to secure the password you use to log into your local user account. Therefore,
this password is the same as your local account password. However, there are other
keychains for other purposes, and you can also create your own with its own
password. We will see how Keychain works in more detail in the Understanding the
Keychain system and iCloud Keychain section later in this chapter.
Next, let's explore another type of password related to the Keychain system.
Resource passwords
These are passwords for other types of resources, such as email, websites, file servers,
apps, and encrypted disk images. Note that these passwords are usually
automatically stored in the Keychain system.
Finally, let's take a look at the password type that adds an extra layer of protection to
your system: firmware passwords.
The firmware password is used to prevent your Mac from starting up from any disk
other than the one configured as the startup disk. Its primary purpose is to prevent
unauthorized users from using startup shortcuts (such as the Option key) to bypass
other passwords to access the computer's operating system and make changes,
mainly to users' passwords in order to gain access to the computer.
This password is not linked to any user account. In fact, it remains separate from the
system's software as it is saved to Mac's firmware chip.
[ 191 ]
Managing User Security and Privacy Chapter 5
When it is set, if you wanted to start up from another disk that is not the designated
one in the startup disk configuration, you would need to enter this password. Any
startup shortcuts would be disabled, except for the shortcut to start up from a
different disk (the Option key), but if you want to use it, you will need to enter the
firmware password.
Beware that, if the firmware password is not set, any user with
access to macOS Recovery can set it. Therefore, if that is a risk in
your environment, it is recommended to set a firmware password.
In this section, we have seen the password types available in macOS; namely, the user
account password, the Apple ID account and password, and keychain, resource, and
firmware passwords. In the next section, we will explore how to manage the
password types we have just described.
[ 192 ]
Managing User Security and Privacy Chapter 5
To change a local user account password, you need to know the old
password.
[ 193 ]
Managing User Security and Privacy Chapter 5
[ 194 ]
Managing User Security and Privacy Chapter 5
5. Enter your old password and the new password twice, and click
on Change Password when ready (Figure 5.3):
And that's it! We have seen how to change the password through the Users & Groups
preferences. Now, let's explore the second method.
[ 195 ]
Managing User Security and Privacy Chapter 5
As you can see, changing your local account password is very easy. Next, let's see
how to change other types of passwords.
[ 196 ]
Managing User Security and Privacy Chapter 5
Basically, you must follow the steps we saw in the previous chapter to enable the root
user (check Chapter 4, User Account Management, to review the procedure in detail):
If you have not enabled the root user, you will have to do so first.
Use caution as the root user has full access to the system. It's a best
practice to have the root user disabled or enabled by an advanced
administrator for very specific tasks and disabled once they are
completed.
8. Enter a new root password, enter it again to verify, and click OK when
ready.
[ 197 ]
Managing User Security and Privacy Chapter 5
That's it! You have now learned how to change the passwords for local user and root
user accounts.
In the next section, we will explore how to reset passwords that have been lost or
forgotten.
[ 198 ]
Managing User Security and Privacy Chapter 5
3. Select the user account for whom you want to reset the password and click
the Reset Password... button, as shown in Figure 5.6:
4. Enter a new password twice and click Change Password when ready.
Notice in Figure 5.7, a warning appears at the top, indicating that resetting
the password does not reset the password for the user's login keychain. In
general, this will not be a problem, but we will learn how to solve that, if
necessary, at the end of this section.
[ 199 ]
Managing User Security and Privacy Chapter 5
That's it! Resetting a password with this method is very easy, but there are two other
methods we will explore next.
[ 200 ]
Managing User Security and Privacy Chapter 5
[ 201 ]
Managing User Security and Privacy Chapter 5
6. You will see the Reset password assistant appear behind the Terminal. You
can close Terminal at that point. Now, you will have to authenticate with
the password of an admin you know. In the example in Figure 5.10, you can
see that we have two admin accounts to choose from. Select an admin
account, and click Next. Enter the password and click Continue:
[ 202 ]
Managing User Security and Privacy Chapter 5
7. After you authenticate as the admin you selected, you will be asked to
choose the user account for whom you would like to reset the password. In
the example in Figure 5.11, we have two local user accounts whose
passwords we can reset. Select one account and click Next:
8. Once you select the account, you will be able to enter the new password.
When ready, click Next. You will see a prompt indicating that the
password reset has been successful and that the user can now log in using
the new password.
9. Click Exit to close the window and restart the computer to use the new
password.
In macOS versions earlier than macOS Big Sur, to reduce the risk of
a user accessing the Recovery system with the ability to change
passwords, including the root user password, the solution was
either to use a firmware password or enable FileVault.
That's it! Resetting account passwords with this method is a bit more complex but
easy nonetheless. Next, we will explore the last method available.
[ 203 ]
Managing User Security and Privacy Chapter 5
For a user to reset their local account password, the administrator must have
previously enabled the Allow user to reset password using Apple ID option. To do
that, do the following:
[ 204 ]
Managing User Security and Privacy Chapter 5
If the Allow user to reset password using Apple ID option does not
appear, the Apple ID was likely linked recently. Restart the
computer for the option to appear.
3. Restart the Mac and select the user for whom you want to reset the
password. On the login screen (Figure 5.13), enter any incorrect password
several times until the Reset it using your Apple ID message appears.
When it does, click on the blue arrow icon beside it:
4. Next, enter your Apple ID and password, and click Reset Password. You
will see an alert message about the keychain, as you can see in Figure 5.14.
Just click OK; we will see how to fix that in the next section, if necessary.
[ 205 ]
Managing User Security and Privacy Chapter 5
5. After you do that, the Mac will restart, and you will be taken to the
Recovery Assistant, where you will be able to continue with the process we
saw in the previous example, starting in Figure 5.13. Note that you will
need to provide an admin password you know to proceed.
[ 206 ]
Managing User Security and Privacy Chapter 5
After resetting a local user account password, the new login password and the login
keychain password may not match. Let's explore why and what to do in that case.
The next time the user attempts to log in with the new password, the user might be
asked to fix the login keychain so that they are in sync again. Chances are it will be
fixed automatically.
Take into account that resetting a user password will prevent access to the old login
keychain and any information stored in it. Resetting the user password means the
login keychain password will also have to be reset, usually by creating a new login
keychain. The contents of the previous keychain will not be accessible unless the old
password can be remembered.
If no message to fix the login keychain is shown, and you are experiencing repeated
and annoying messages, like the one shown in Figure 5.45, you can manually reset the
login keychain or create a new one. We will see that in the Managing keychains later in
this chapter.
Next, let's see what happens when we want to reset a password and FileVault is
enabled.
[ 207 ]
Managing User Security and Privacy Chapter 5
1. When you are enabling FileVault, you are asked to choose a method to
unlock your disk and reset your password in case you forget it, as shown in
Figure 5.15. The FileVault password is, by default, the same as your user
account password. For this example, we will choose the recovery key
method, so we select the Create a recovery key and do not use my iCloud
account option when turning on FileVault. When ready, click Continue.
2. Next, you will see the recovery key, which looks like the one in Figure 5.16.
You should make a screenshot or a note and save it in a safe place. When
ready, click Continue:
3. At that point, the FileVault process will start with disk encryption.
[ 208 ]
Managing User Security and Privacy Chapter 5
Now that your disk is encrypted and you have set up a key as a recovery method,
you can follow these steps to reset a local user password when FileVault is enabled:
1. At login, select the user for whom you want to reset the password. Enter an
incorrect password at least three times until you see a message indicating
that you can restart to see the password reset options, as shown in Figure
5.17. Click the arrow next to ...reset it using your Recovery Key:
[ 209 ]
Managing User Security and Privacy Chapter 5
2. Next, you will see a field to enter the recovery key, as seen in Figure 5.18.
Enter your recovery key (which is case-sensitive; hyphens will be included
automatically), and click the left arrow next to it:
[ 210 ]
Managing User Security and Privacy Chapter 5
3. As soon as you enter the correct key, you will see a window like the one
shown in Figure 5.19. Enter the new password and click the Reset
Password button.
4. Next, the password will be reset, and you will automatically be logged into
your account.
That's it! You have successfully reset your user account password with the recovery
key set up with FileVault.
In the next section, we will see how to use the other method provided for recovery
when FileVault is enabled: your iCloud account.
[ 211 ]
Managing User Security and Privacy Chapter 5
Using iCloud
This method is the default option to recover your password when FileVault is
enabled. It only works when iCloud is enabled via an Apple ID, either during the
creation of the first user account or through the System Preferences after installation.
In some cases, using the Apple ID to reset the local account password may even work
if a local account password is not currently linked to the Apple ID. However, some
conditions must be met for this to work:
The user previously signed in to iCloud with the local user account
iCloud must be selected as the recovery method during FileVault setup
The user must not be using Legacy FileVault
1. When you are enabling FileVault, you are asked to choose a method to
unlock your disk and reset your password in case you forget it, as shown
in Figure 5.15. In this case, we will leave the default option selected: Set up
my iCloud account to reset my password, and click Continue.
2. If your iCloud account is already configured on your Mac, the recovery
method will be set up, FileVault will start the encryption process, and that's
it!
3. If iCloud is not configured, you will be able to do it at this point. You will
see a window to enter your Apple ID, as shown in Figure 5.20. Enter the
Apple ID and password, and click Next.
[ 212 ]
Managing User Security and Privacy Chapter 5
4. If two-factor authentication is set up, you will be asked to enter the code for
your second-factor device. To learn more about why you see this code, go
to the iCloud security code section and two-factor authentication in Chapter
15, Managing Security in macOS. You may be asked to enter your Mac
password so that you can use it to unlock passwords automatically.
5. You may be asked if you want to allow Find My Mac to use the location of
the Mac. Select Not Now or Allow.
6. You will be taken back to the FileVault window. Authenticate as an
administrator if necessary, and click Turn On FileVault...
7. You will see the window in Figure 5.15 again. Select Set up my iCloud
account to reset my password, and click Continue.
8. The recovery method will be set up, and FileVault will start the encryption
process.
Now that the recovery method using iCloud is set up, you can reset your password
using this method if necessary:
1. At login, select the user for whom you want to reset the password and
enter an incorrect password at least three times. You should see the
message in Figure 5.24 appear. Click on the arrow icon to the right of the
message, and you will see a black screen with the Apple logo appear:
[ 213 ]
Managing User Security and Privacy Chapter 5
2. Next, you should see the screen in Figure 5.22. Enter the Apple ID and click
Next; enter the password for that Apple ID, and click Next:
If two-factor authentication is set up, you will be asked to enter the code for
your second-factor device. To learn more about why you see this code, go to
The iCloud Security Code and two-factor authentication section in Chapter
15, Managing Security in macOS. You may be asked to enter your Mac
password so that you can use it to unlock passwords automatically.
3. Enter the necessary code to authorize the use of the Apple ID on this
device.
[ 214 ]
Managing User Security and Privacy Chapter 5
5. Next, you will be taken to the Reset Password assistant, where you will be
able to select a user to reset the password, and the process will continue as
seen starting in Figure 5.11.
In the next section, we will see the last method to reset a password when FileVault is
enabled: the Reset Password assistant.
1. Turn on or restart your computer, and when you are at the user login
screen, wait for approximately 1 minute without doing anything until you
see a message like the one in Figure 5.24. If you don't see this message, it
most likely means that FileVault is not enabled on your Mac:
[ 215 ]
Managing User Security and Privacy Chapter 5
2. Press and hold the power button to turn off the Mac. Then, press the power
button once more to turn it on again.
[ 216 ]
Managing User Security and Privacy Chapter 5
3. The Reset Password window should appear as soon as the Mac turns on
(Figure. 5.25). You have three options:
I forgot my password
My password doesn't work when logging in
My keyboard isn't working when typing my password to log in
[ 217 ]
Managing User Security and Privacy Chapter 5
And that's it! You have learned how to reset your local user account password in a
variety of scenarios, including the quickest methods, using the Apple ID, and when
FileVault is enabled. In the next section, we will learn how to configure the firmware
password.
1. Open the macOS Recovery system by restarting your Mac while holding
down the Command + R key combination.
2. If you are using macOS Big Sur, you will have to select a known admin,
click Next, and enter that admin password. In previous macOS versions,
you will see the macOS Recovery interface directly.
3. When you are in the macOS Recovery interface, go to the top menu,
choose Utilities, and then Firmware Password Utility or Startup Security
Utility. In Figure 5.26, you can see how that looks in macOS Catalina
Recovery:
[ 218 ]
Managing User Security and Privacy Chapter 5
4. Once in Startup Security Utility, which looks like Figure 5.27, click on
the Turn On Firmware Password... button. Take into account that, in
macOS BigSur, you will be asked to authenticate as an administrator to
access the utility:
[ 219 ]
Managing User Security and Privacy Chapter 5
So now, the next time you enter the Recovery system, or when you try to use a
startup shortcut, such as the Option key, you will see a different screen, similar to the
one in Figure. 5.28. You will have to enter the firmware password to access the
Recovery interface or start from another disk different from the one designated:
And that's it! You now know how to turn on and turn off the firmware password for
added protection.
And with this section, we have concluded the part on managing passwords in
macOS. We have seen how to change local user account passwords and the root
password, how to reset local user account passwords in various scenarios, and how to
configure a firmware password.
In the next section, we will go into more depth about another important feature of
password management in macOS: using the macOS Keychain system.
[ 220 ]
Managing User Security and Privacy Chapter 5
Types of keychains
How the default keychain works with iCloud
Managing keychains
Types of keychains
There are several types of keychains in macOS, and they can be classified into
three groups:
Default keychains
System keychains
Other keychains
Default keychains
All standard and administrative users have a login and a Local keychain, which by
default, use the same password as your local account. These two keychains unlock by
default when you log into your account.
Here are the types of items the login keychain can store:
Resource passwords
Application passwords
Network passwords
Keys and encryption keys
Secure notes
[ 221 ]
Managing User Security and Privacy Chapter 5
iCloud Keychain allows you to keep sensitive information updated securely across
your devices. iCloud Keychain contents are also saved in Apple's iCloud service so
that you can have all your Apple devices in sync. When iCloud Keychain is enabled,
it replaces the default local keychain.
The local keychain (or iCloud Keychain, if enabled) stores the following:
Resource passwords
Application passwords
Safari website usernames and passwords (auto-complete information)
Credit card information
Mail, Contacts, Calendar, and Messages access passwords
Secure notes
Keychain files are stored in different locations depending on the type of resource:
Local login
keychain: /Users/username/Library/Keychain/login.keychain
iCloud keychains: /Users/username/Library/Keychains/UUID
System keychains
There are two types of system keychains: System keychains and System Roots
keychains.
System keychains store system-wide sensitive information that is not specific to any
user, such as network passwords. These keychains can be modified only by an
administrator.
Resource passwords
Network passwords
Application passwords
Certificates
Keys
Secure text notes
[ 222 ]
Managing User Security and Privacy Chapter 5
System Roots keychains store network root certificates. These keychains cannot be
modified.
System keychain files are stored in different locations depending on the type of
resource:
But there's one last type of keychain – the ones you create for yourself.
Other keychains
These are keychains that you create to keep specific secrets apart from other existing
keychains. For example, you might want to create a separate keychain for items that
require more security and that you don't wish to have unlocked automatically when
you log into your account.
Now that we know the types of keychains that exist in macOS, let's explore how the
keychain system works with iCloud.
[ 223 ]
Managing User Security and Privacy Chapter 5
As mentioned, you will see two keychains for each local user account: the login
keychain and the local/iCloud keychain. If the iCloud keychain service is not enabled,
it will appear with the name Local Items in the keychain management application, as
shown in Figure 5.30:
[ 224 ]
Managing User Security and Privacy Chapter 5
When the iCloud Keychain service is enabled, the legacy keychains are migrated and
saved into the new iCloud keychain. They will now appear with the name iCloud in
the Keychain Management application, instead of Local Items, as seen in Figure 5.31:
The iCloud Keychain items are saved inside a folder with a UUID number, as we saw
earlier. This number is not related to the user account UUID attribute; it is not the
same.
There are specific requirements for using the Keychain system with iCloud:
In the section that follows, we will explore how to enable iCloud Keychain.
[ 225 ]
Managing User Security and Privacy Chapter 5
1. Open System Preferences and click on the Apple ID icon at the top (Figure
5.32):
[ 226 ]
Managing User Security and Privacy Chapter 5
2. Next, select iCloud from the side menu and check the Keychain checkbox
to enable it, as shown in Figure 5.33:
[ 227 ]
Managing User Security and Privacy Chapter 5
iCloud Keychain may not be available in all regions. Learn about its
availability here: https://support.apple.com/en-us/HT202861.
If you disable iCloud Keychain in the iCloud preferences, the keychain will be
renamed Local Items again. Let's explore how to manage keychains in case you want
to make changes or add your own.
Managing keychains
It is important to mention that it would be best to request professional support if you
are not comfortable dealing with keychains. You could make unwanted changes that
could negatively affect the system or prevent a user's access to the system (if a
keychain is modified or deleted by mistake).
There is no way to access user login and iCloud Keychain items if you don't
know the keychain password (usually, the same as your account
password). This means that if you forget this password, you won't be able
to access its contents in any other way; not even an administrator or a
support provider will be able to help you.
If a local user password is changed, the keychains will sync to the new
password.
If a local user password is reset, the login and local (or iCloud) keychains
may not sync.
You cannot change the iCloud Keychain password through the Keychain
Access application.
You cannot modify the login, local items keychain, or iCloud keychains (if
enabled), as the system manages them.
[ 228 ]
Managing User Security and Privacy Chapter 5
If you want to delete a local user login keychain, make sure there is another
one available. Any given user should always have at least one local login
keychain, or that user will lose access to the account.
When logging in with the new password after it has been reset, you may be
presented with the following four options:
Use the Update Keychain Password option to transfer the
old keychain information to the new one, but this only works
if you know the old password, which is unlikely because the
reset was probably done because the user lost the password.
In that case, you can only choose the next option.
Use the Create New Keychain option, which will create an
empty file used from there on for the new information stored
there. The old keychain file will be preserved in case the user
remembers the password at any point.
You could ignore the message and continue to log in, but this
option is the least recommended one because it disregards
the benefits of using the keychain system.
You can also manually create a new keychain and update it
with the old information. Again, this only works if you know
the old password.
Take into account that there is no resetting procedure for login and
local/iCloud keychain passwords. If you forget the passwords, you
won't be able to access the information stored in those keychains nor
transfer it to a new keychain.
If you want to create your own keychains, you can do that. We will see how in the
following section.
[ 229 ]
Managing User Security and Privacy Chapter 5
In the File menu of the Keychain app (Figure 5.34), you have several actions: creating
a New Password Item, a New Secure Note Item, or a New Keychain item. You also
have the options to Import Items, Add Keychain, or delete it. The Add
Keychain option is not the same as creating a new keychain. It is instead used to
migrate a keychain from one computer to another. And you also have the option to
import or export items from a specific keychain:
To create a new keychain, click on New Keychain, and you will see the dialog in
Figure. 5.35, which gives you the options to select where to save the keychain or
otherwise leave the default location in the Home folder. When ready, click Create..:
[ 230 ]
Managing User Security and Privacy Chapter 5
In macOS Catalina and earlier, the process is the same, but the interface is different.
As you can see in Figure. 5.36, the keychain categories (Passwords, Secure Notes,
Certificates) are shown on the bottom-left side, and Add keychain item is located at
the top left (circled in red):
Now that you have created a keychain, let's see how to add items to that keychain.
[ 231 ]
Managing User Security and Privacy Chapter 5
3. Select the appropriate tab (in this case, it should be Passwords). If the All
Items tab is selected, a password item will be created by default.
4. Click the Add button, as shown in Figure 5.37:
[ 232 ]
Managing User Security and Privacy Chapter 5
5. Enter the information requested, where Account Name can be the login
user or email. Once all the required information has been entered,
click Add (Figure 5.38):
Next, we will explore how to increase security with the use of the login keychain.
Locking keychains
When you log into your Mac, the login keychain gets unlocked and remains that way
as long as you are logged in. This can become a security risk if you are working in an
environment with many people around as anyone could use your computer to log
into an unauthorized site, for example, or see the information stored in your login
keychain.
[ 233 ]
Managing User Security and Privacy Chapter 5
If you are an active person who leaves your desk frequently, you might want to
change this behavior to lock your login keychain automatically.
1. Right-click on the login keychain, and you will see the option Change
Settings for Keychain "login"..., as shown in Figure 5.39:
2. Next, you will see a prompt where you will be able to change the keychain
behavior to lock automatically after a certain amount of time (Figure 5.40);
for example, after 5 minutes of inactivity or when sleeping:
[ 234 ]
Managing User Security and Privacy Chapter 5
In macOS Catalina and earlier, you could lock a keychain manually from
the File menu. You will see an option to lock a specific keychain or even to lock all
keychains. This is no longer possible in macOS Big Sur:
As soon as the login keychain is locked, if anyone at your computer wants to access
apps, such as Safari, iMessage, and so on, or any other item stored in the locked
keychain, they will have to provide the login keychain password, as seen in Figure
5.42:
[ 235 ]
Managing User Security and Privacy Chapter 5
Take into account that the lock keychain protection will not extend
to third-party apps, such as Google Chrome. This is why, in
controlled environments, the use of third-party apps should be
restricted.
For example, if you want to copy the password for a network configuration item that
is stored in the login keychain, do the following:
1. Use the Edit menu or right-click on the specific item, and click on Copy
Password to Clipboard, as you can see in Figure 5.43:
[ 236 ]
Managing User Security and Privacy Chapter 5
2. At that point, you will be asked to enter the keychain password (which in
this case is the same as your Mac login password) to copy the password to
the clipboard:
3. And that's it! You will now be able to paste the password wherever you
need it.
If you want to see the information or change the password for a keychain item, select
the Get Info option in Figure 5.43. You will see the information on the keychain item
(Figure 5.45), and you will also be able to view the password and change it:
Now, in the case of website passwords, the Keychain system works in combination
with Safari, which we will see next.
[ 237 ]
Managing User Security and Privacy Chapter 5
You can configure Safari's Autofill preferences, but this is done in Safari Preferences,
not in the Keychain Access application:
1. Open Safari.
2. Go to the File menu and select Preferences.
3. Select the AutoFill tab, and select the options most convenient for you or
Edit how you want the AutoFill tool to work with web forms:
You can also click the Passwords tab and, after authenticating as the user who owns
this account, you can see all the stored passwords for websites, copy them, change
them in the keychain, and add new ones.
And with this, we have finished this section on understanding the macOS Keychain
system. We looked at the types of keychains found in macOS, what happens when the
iCloud keychain is enabled, and how to manage keychains. In the next section, we
will look at more privacy options available in macOS.
[ 238 ]
Managing User Security and Privacy Chapter 5
Many of these settings are configured in the Security & Privacy preferences (Figure
5.1) in the System Preferences.
More specifically, there are four tabs in these preferences (Figure 5.47): General,
FileVault, Firewall, and Privacy. Let's examine each of them.
General: You can do the following in this section, apart from changing your user
password, which we've already covered. Take into account that, to change the options
that are grayed out, you would have to authenticate as an administrator:
You can configure the settings to require a password for waking a Mac that
is asleep or in screen-saver mode and a delay for requiring it.
You can add a custom message to the login window.
You can define the types of apps you can open: only from the App Store or
the App Store and identified developers.
[ 239 ]
Managing User Security and Privacy Chapter 5
When unlocked, you will also be able to click on the Advanced button,
which lets you configure whether you want to log users out after a specific
amount of inactive time. You can also configure the settings to always
require administrator authentication to access all system-wide preferences
(Figure 5.48).
FileVault: We will look at FileVault in more detail in Chapter 15, Managing Security
in macOS.
Firewall: This allows you to enable and configure the personal network firewall. We
will look at the firewall in more detail in Chapter 15, Managing Security in macOS.
Privacy: In this tab, you can see a list of apps that have requested access to your
accounts in apps such as Contacts, Calendars, Reminders, Photos, Camera, and
Microphone. We will see this tab in the Location Services section that follows.
[ 240 ]
Managing User Security and Privacy Chapter 5
Location Services
Location Services has been available since OS X Mountain Lion, and it allows apps
and websites to collect and use information based on the location of your computer. It
also helps to find a lost Mac by remotely accessing it through the iCloud Find
My feature. In macOS, you need to authorize an app or website to be able to use your
location information.
You can configure and limit the use of Location Services from the Privacy tab in the
Security & Privacy preferences. The option to configure it may also appear when you
use Setup Assistant after installing macOS with iCloud enabled.
If you've not already done so, follow these steps to enable this service:
[ 241 ]
Managing User Security and Privacy Chapter 5
4. Next, you will be able to configure which of the listed apps can use your
location information.
5. If you scroll down to the bottom of the list, you will see an option called
System Services (Figure 5.49).
6. Click on the Details... button to select which System Services are allowed
to determine your location, as seen in Figure 5.50:
In Figure 5.50, you can also select Show location icon in menu bar when System
Services request your location, which will show the icon in Figure 5.51. when an app
is using Location Services:
It's important to know that when a new app requests personal information, macOS
will ask for permission, and you will have to grant it; otherwise, the information will
not be accessible.
In the next section, we will explore yet another tool to protect user privacy, but in this
case, it is available for websites browsed through Safari.
[ 242 ]
Managing User Security and Privacy Chapter 5
Also, share, like, or comment buttons linked to social media sites that appear on other
websites you visit can be used to track your web browsing activity.
Safari offers the option to stop these content providers from tracking you with the
purpose of offering you products and services through advertising. To enable it, go to
Safari Preferences and make sure the checkbox Prevent cross-site tracking is
selected, as seen in Figure 5.52. In this same tab, you can also block cookies or manage
them:
With the option to Prevent cross-site tracking enabled, anytime a site wants to use
trackers, you’ll be asked if you want to allow the site to see your activity on other
websites. Also, the cookies and website data of those third-party providers on the
website you are visiting will be deleted.
macOS Big Sur has added an extra tool for protecting user privacy: the Privacy Report
(Figure 5.53), which can be accessed from Safari's top menu by selecting Safari and
then Privacy Report...
[ 243 ]
Managing User Security and Privacy Chapter 5
With this report, you will be able to know how many trackers have attempted to
profile you, the websites involved, and more.
Finally, let's examine how to control your privacy when using the Dictation service.
[ 244 ]
Managing User Security and Privacy Chapter 5
And with this section on managing user privacy in macOS, we have reached the end
of this chapter. Be sure to review the summary for a quick recap of what was covered.
[ 245 ]
Managing User Security and Privacy Chapter 5
Summary
In this chapter, we looked at a wide range of tools and features macOS provides for
protecting user security and privacy. We covered the password types available in
macOS. You now know how to manage those password types, including changing
and resetting them through various methods. We also looked at the Keychain system,
and how you can now manage keychains stored in your system and add your own.
And in the last section, we looked at other privacy-related options and how to use
them to customize a system to protect users' privacy, including the features Safari
offers to prevent cross-site tracking by third-party content providers on websites you
visit, and how the Privacy Report can help you identify and manage those trackers.
You are now equipped to use those options and tools to protect your privacy and to
assist other users in doing the same.
In the next chapter, we will look at the macOS filesystem in-depth, including
managing disks, volumes, and partitions, and much more.
[ 246 ]
6
The macOS File System:
Disks, Volumes, and
Partitions
The filesystem and storage are essential topics since they are the foundation of how
macOS structures and organizes the file hierarchy and storage space. In this chapter,
you will learn about the macOS default filesystem and the additional systems it
supports. This chapter will help you understand them, as well as illustrate when you
should use them. We will review important storage concepts, such as partition
schemes and volume formats, including usage examples. You will learn how to
manage disks, partitions, and volumes in macOS, including formatting/partitioning,
adding, and erasing volumes, and more. By the end of this chapter, you will be able to
describe the various filesystem formats, and you will know which one is best for your
specific case.
Before we start, let's look at the technical requirements for this chapter.
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Technical requirements
This is what you will need for this chapter:
Let's begin by reviewing general concepts before looking at the specifics of the macOS
filesystem and storage.
You will find yourself asking questions such as these: When should I partition as
opposed to adding a volume? Will I lose my data if I partition a disk? What's the
difference between a partition scheme and a volume format?
[ 248 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
These are all questions that will become clear by the end of this section, and you will
be certain of what you need to do to use storage effectively in macOS.
What is formatting?
Differences between disks, partitions, and volumes
The preceding questions always arise in connection with the need to apply logic to
storage, a process known as "formatting." Let's explore this process in more detail
next.
What is formatting?
Formatting is the process of applying logic to storage devices (whether hard drives,
flash drives, or other types of storage devices) so that the disk is divided into
appropriate sections defined by a partition layout or scheme. This is done by setting
up an appropriate volume format in the partitions defined, according to the intended
purpose of the disk. In other words, the formatting process prepares the disk for an
operating system to be installed or for the data to be stored on that disk by defining
the sections or partitions it will contain and the volume formats required for the
operating system or data the disk will contain. Take into account that formatting
implies deleting the data saved in a storage device if any.
Before formatting storage, we first need to understand the basic differences between
disks, volumes, and partitions. There are many definitions around, and we will refer
to those that are useful in the macOS environment.
[ 249 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Disks are frequently referred to as "drives," but drives are also used to describe other
storage types, such as volumes. For example, when you see software or instructions
referring to drive E or F on your computer, they actually mean volumes, not physical
drives. Therefore, you should keep in mind that when the term "drive" is used, it can
mean the physical device or a volume.
On a Mac, you can think of a "disk" as the parent physical container with logical
storage divisions inside it. So, we will stick to "disk" when referring to the parent
physical container in macOS, such as the internal disk. This disk usually has a name
that contains the manufacturer name and the type of disk and model, and it cannot be
changed; for example, APPLE SSD AP0512M MEDIA.
Partitions
Partitions are logical individual sections a disk is divided into according to a partition
scheme or layout applied during formatting. In order words, a partition is a section of
a disk of a size determined when it was created. Multiple partitions can be created on
a single disk. When you create several partitions, they remain independent of each
other, and they don't share their space; they are like two different disks. In general,
you cannot give a name to a partition.
When you format a storage device and create partitions, you need to make two
formatting decisions: the partition scheme and the volume format you will use. The
same is true when you format a disk in macOS; a partition layout is applied, and a
volume with a specific volume format is created in that partition at the same time.
Volumes
A volume is a logical division with which users interact to manage data. Each
partition you define in a disk has a volume with a specific filesystem format you
determined at the time of formatting. Contrary to partitions, you can give a name to a
volume. When you browse your Mac's filesystem through a file explorer such as the
Finder, what you see as storage are the volume-defined names, not the partitions or
the disks. To see the disks and partitions, you need to use an app such as Disk Utility
or Terminal.
[ 250 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
The most popular volume in macOS is the boot or system volume by default named
Macintosh HD. In macOS Big Sur, an additional volume that contains your data is
present, called Macintosh HD - Data by default, since the system volume is now
read-only for security reasons. You will interact with these volumes on a daily basis
when you work with macOS.
Now that you have a clearer idea of what formatting is and the difference between
disks, partitions, and volumes, let's examine an important part of the partition
process: selecting a partition layout, also known as partition scheme or map.
Intel® developed the GPT or GUID Partition Table as part of its Extensible
Firmware Interface (EFI) specification to overcome the limitations of older partition
schemes. The GPT is the default partition scheme in all Intel Mac computers.
Actually, OS X and macOS can only be installed on disks that are partitioned with
GPT.
[ 251 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Take into account that to change a partition scheme, you will need to format or, in
other words, erase the disk. This is why you will see those options appear only when
erasing the disk and not when adding partitions or volumes.
After you decide what partition scheme to use, you will need to decide on the
filesystem format for the volume or volumes the partitions in your disk will contain,
which we will explore in the next section.
What is a filesystem?
macOS volume formats
The advantages of APFS
Additional filesystems supported by macOS
File system domains in macOS
What is a filesystem?
Earlier, we mentioned that you need to decide on a partition scheme for the disk to
complete a storage formatting process. Next, you need to decide on the filesystem
format that will be placed in the volumes the partitioned disk will contain.
[ 252 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
But a filesystem is more than just a format. According to Apple's Developer site
(www.developer.apple.com), a filesystem "handles the persistent storage of data files,
apps, and files associated with the operating system." A filesystem also provides the
method to organize data in a volume. Files are organized according to a hierarchical
logic of directories and folders, which ultimately constitute the filesystem's directory
structure. It is also a process that manages how and where data is stored, and it
manages other operations such as file naming, hierarchy, metadata handling,
permissions, and more. A filesystem is indeed one of the essential resources used by
an operating system.
In macOS, the Finder is the main tool for users to explore and manage the filesystem.
There are many types of filesystems around, and macOS supports a variety of them
for booting or in read/write, or read modes. Let's explore those formats next.
APFS: This is the default macOS volume format in macOS 10.13 (High
Sierra) and later. At the same time, you can choose between several
versions of APFS:
APFS: The default APFS format.
APFS (Encrypted): It adds volume encryption.
APFS (Case-sensitive): This format is case-sensitive to file and
folder names; for instance, user and USER will be two
different folders.
APFS (Case-sensitive, Encrypted): The same as the previous
format, but it adds volume encryption.
Mac OS Extended or HFS+: This was the default format in macOS versions
prior to High Sierra. You can select this format if you need compatibility
with Mac computers using macOS 10.12 or earlier. You can choose from
either of these two versions:
Mac OS Extended (Journaled): The default format in macOS
versions 10.12 and earlier.
Mac OS Extended (Case-sensitive, Journaled): We explained
earlier what case-sensitive means.
[ 253 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
exFAT: A format used for large flash storage disks (for volumes of 32 GB
and more). This format works best for drives that need read/write
compatibility with computers running Windows and macOS.
MS-DOS or FAT: A legacy format used for compatibility with Windows
computers (for volumes of 32 GB or less). This format would be required if
you needed compatibility with computers running older Windows versions
(earlier than Windows XP SP2).
Although in Macs with macOS (High Sierra and later), the default
volume format is now APFS, macOS can also boot from a disk
formatted with the HFS+ filesystem.
Let's look at the advantages of using APFS, the current macOS default filesystem, in
more detail.
APFS has many features, the most important ones designed to save space. Here's a list
of the main features:
[ 254 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
If you would like to see the differences between APFS and HFS+,
you can visit this link: https://developer.apple.com/library/
archive/documentation/FileManagement/Conceptual/APFS_Guide/
VolumeFormatComparison/VolumeFormatComparison.html.
We won't delve deeper into all the features, but let's look at a couple of them that I
consider to be the most important and the ones that set it apart from the previous
filesystem:
Space sharing
Encryption support
Intelligent defragmentation
Let's look in more detail at the benefits these features bring to macOS.
Space sharing
There is a big difference with the Hierarchical File System (HFS) in terms of space
sharing. In HFS, you have volumes, and each volume is a partition, which means they
will not share space. So when you run out of space in one volume, there is nothing
you can do to take advantage of the free space in the other volumes. The only solution
is to repartition the disk, and this can be very inconvenient. This concept is illustrated
in Figure 6.1, representing the unrelated volumes, each in their corresponding
partitions:
[ 255 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
With APFS, the concept of containers comes into play: each volume is a section (but
not a partition) in an APFS container located in a single partition. Therefore, if you
add a volume to an APFS container, it becomes part of that partition, and space can
be shared inside it. If you run out of space in one volume, you can take advantage of
the free space in another volume, as long as it is part of the same APFS container. In
Figure 6.2, we see the container and the volumes inside of it. If Volume 1 grows, it
will take advantage of the free space in Volume 2, which will, in turn, shrink to give
up the necessary space to Volume 1. You can add multiple volumes to the container,
as long as there is enough space available:
Now you see how APFS offers you a huge advantage in terms of storage space
optimization through this feature of space sharing. But that is not the only advantage;
other advantages we will look at next are the encryption and defragmentation
capabilities.
Encryption
APFS supports the FileVault encryption model, and macOS seamlessly converts
existing FileVault-encrypted volumes to the APFS format. In most cases, the process
is automatic, and passwords and recovery keys are preserved after conversion
without any action on the user's part. Snapshots can also be encrypted.
Defragmentation
APFS supports intelligent defragmentation in hard drives only. It is intelligent
because it can tell which files are the most fragmented, and it defragments those first
and does it while the Mac is in an idle state.
But APFS and Mac OS Extended are not the only supported filesystem formats.
macOS supports a wide variety of formats that provide a user with the necessary
flexibility and compatibility, as we will explore next.
[ 256 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Now that you understand the filesystems supported in macOS, let's examine how the
default macOS filesystem is structured to simplify its use for users, which is
accomplished through filesystem domains.
[ 257 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Local
System
User
Network
[ 258 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
In Figure. 6.4, you can see the structure of the filesystem domains just described:
In this section, we described what a filesystem is. We also saw that the current default
filesystem in macOS is Apple File System (APFS) and how it is different from the
previous default filesystem. We saw how the macOS filesystem is organized in
practical domains that make it easier to navigate the folder structure and how some
folders are hidden to avoid confusion with resources the user doesn't need to see on a
daily basis. In the next section, we will advance with the practical aspects of
managing disks, volumes, and partitions.
[ 259 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Examining storage
Managing partitions
Using APFS volumes
Mounting, unmounting, and ejecting disks/volumes
Examining storage
macOS provides several built-in apps to help you examine and find out the state of
your storage devices.
If you only need basic information, you can use the About This Mac tool. Examining
storage in detail can be done with two other specific tools: Disk Utility and System
Information. Although you can gather the same information with both tools, the
latter is actually just an information tool that allows you to see all the details about
your Mac hardware, software, and network. In contrast, the first tool also allows you
to manage your storage devices.
Let's see how these tools work and the type of information you can gather with them.
[ 260 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Let's look at how to gather more details about your storage through other more
advanced tools.
Disk Utility
Disk Utility is the main tool to manage disks, volumes, and partitions in macOS. It is
also used for examining storage; formatting, partitioning, or erasing disks or volumes;
and mounting, unmounting and ejecting disks. Disk Utility also has a First
Aid feature, helpful for verifying volume health and integrity and attempting a repair
if necessary. We will see how to use this tool to troubleshoot volumes
in Troubleshooting Tips, of this book.
You can access Disk Utility from the Utilities folder, which can be found in
the /Applications folder, or by searching for it through Spotlight.
This tool has a great functionality called "dynamic partition," which lets you partition
a disk without erasing the data already on it. But, take into account that not all disks
support dynamic partitioning, and the functionality can be limited or unavailable on
encrypted disks or Fusion Drive hybrid disks. It is not supported in disks formatted
with the MBR (Master Boot Record) partition scheme. In all those cases, partitioning a
disk will entail erasing the data on it first.
[ 261 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
When you open Disk Utility, you will notice it will scan the filesystem for all available
storage, whether internal or attached. Internal storage devices appear listed first in
the sidebar on the left shown in Figure 6.6. External devices also appear in that section
of the sidebar, below the section for the internal devices. To see all the devices,
including the disks, you should click View at the top (circled in red) and then select
Show All Devices; otherwise, you may only see the volumes.
In Figure 6.6, notice that the physical disk is listed first. As mentioned earlier, the
disk's name is a combination of the manufacturer, type, and model. This name cannot
be changed.
Volumes in that disk appear indented below the disk name, and they can be changed
at any time without having to reformat or erase the volume. Just use the Finder and
the secondary click to change the volume name as you would change any file name.
In the case of the APFS filesystem, the container name shows right below the disk,
and any volumes will show indented below it, as shown in Figure 6.6.
[ 262 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
If you select a volume, you will see a lot of information in the section marked at the
bottom right in Figure 6.7, such as Capacity, Available, Used, Type, and more. In the
following example, you can see that the selected Macintosh HD volume has 499.96 GB
of storage capacity, of which 15.13 GB has been used, and the volume format type is
APFS:
[ 263 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
You can obtain even more information about the volume by selecting the Info button
at the top right. In Figure 6.8, you can see this additional information on the system
volume, such as File system (APFS (Encrypted)), the System installed (macOS 11.0),
and so on:
If you select a parent disk, as shown in Figure 6.9, you will also see important details
about the disk, as well as an important feature called the S.M.A.R.T.
status. S.M.A.R.T. stands for Self Monitoring Analysis and Reporting Technology,
and it is used for reporting disk health or disk problems to the operating system. This
feature should show Verified if the disk is in good health or Failing if there is a
problem. Take into account that not all disk manufacturers support the SMART
feature:
[ 264 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
As you can see, there's a lot of useful information you can obtain about your storage
devices through Disk Utility. Let's take a look at what the second tool, System
Information, helps us learn about our storage.
System Information
System Information is yet another tool that allows you to examine not only your
storage devices but all the devices available in your macOS. This tool can be accessed
in several ways:
[ 265 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
By going to the Apple menu ( ) | About This Mac, which will display the
window shown in Figure. 6.11; just click on the System Report... button:
Once you are in the System Information tool, you can examine storage devices by
selecting a storage interface or selecting the Storage option, as seen in Figure 6.12.
Next, you can select a volume in the top-right section, such as the system volume
(Macintosh HD); the lower section will display all the information about the selected
volume:
Now that you have seen how to explore and examine your Mac's storage devices,
both internal and external, let's look at the practical features that macOS offers to
manage that storage.
[ 266 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Managing partitions
In this section, we will learn how to examine partitions in order to make decisions
about necessary changes. We will also discover how to manage partitions to make
those changes. More specifically, this is what we will explore:
1. Open Disk Utility, select a disk from the section on the left, and
click Partition, as shown in Figure 6.13:
[ 267 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
2. If you see a prompt asking you to select Add Volume or Partition, choose
Partition.
A pie-style chart graphic will display. Each slice in the pie represents a
partition and its volume. You can select any of the partitions to obtain
information about it. The selected partition will be shown in blue color. In
Figure 6.14, the selected partition with the APFS (Encrypted) format is
where the APFS container with the Macintosh HD system volume resides.
The used space in that volume is represented by the blue area with thin
diagonal lines; the free space is represented by the solid blue without lines.
We also see two other partitions (Backup and Backup2), which are
formatted with HFS.
3. Below the partition information, you will find the exact details about the
space used (red rectangle):
To examine the disk and its partitions and volumes in detail, you
can use the diskutil list command in Terminal.
[ 268 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
1. Make sure you have a backup of your data before attempting to modify
partitions.
2. Select a partition in the pie chart so that it turns blue, and then select a
different format from the drop-down menu, as shown in Figure 6.15.
Clicking Apply will erase the partition and reformat it with the selected
option. In the example in Figure 6.15, we selected the Backup partition
formatted with HFS and chose to reformate it with APFS instead:
[ 269 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
You can click any non-APFS volume in the chart to rename the volume. In the case of
FAT and ExFAT volumes, the maximum length for a volume name is 11 characters.
You can change names, including APFS volume names, from the disk/volume list on
the left side of Disk Utility (Figure. 6.13). Just right-click the volume name and
select Rename.
In this section, you have seen how Disk Utility provides you with information about
the partitions on a disk and how to examine and manage those partitions. In the next
section, we will see how to partition a disk.
Formatting/partitioning a disk/volume
The objective of partitioning a disk is to divide it into two or more parts. Although,
technically, you could have an unlimited number of partitions with GPT, macOS
allows a maximum of 16 partitions. Also, remember that if using the APFS format,
there is really no need to partition a disk.
Which method you choose will depend on what your plans are for the partition. Here
are a few scenarios:
If you were doing a clean macOS installation, you would choose to erase all
data on the disk and partition it again with the appropriate volume format
(usually, APFS).
If you only needed an extra volume with a different variant of the APFS
volume format (encrypted, case-sensitive, for example), you would add a
volume to the APFS container.
If you wanted to install a different macOS version on the same disk where
the system volume resides, all you would need to do is add an APFS
volume to the APFS container.
[ 270 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
1. In the sidebar, select the parent disk you want to partition. Then, click
the Partition button in the toolbar, as shown in Figure 6.13.
2. If you see a prompt asking you to select Add Volume or Partition,
choose Partition.
3. To add the partition, click the Add (+) button below the pie chart and, on
the right side, define the name, choose a format from the drop-down menu,
and enter a size. You can also define the size by dragging the resize control
circled in red in Figure 6.16. In the example that follows, we choose to add a
partition formatted as a Mac OS Extended (Journaled) volume named
Backup.
4. Make sure the Backup volume is selected in the pie chart. When you are
ready, click Apply:
[ 271 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
5. You might see a warning that will ask you if you want to Use Mac OS
Extended or Use APFS, which is the default volume format for macOS Big
Sur. We are sure we want to use this format, so we will click Mac OS
Extended to confirm.
6. Next, click Apply. You will see a prompt that will confirm what will
happen. For example, in Figure 6.17, we are told that a new partition
(Backup) will be added and that the partition where the Macintosh HD
volume resides will be resized. Make sure this is what you mean to do,
then click Partition to proceed. No partitions will be erased in this process,
meaning it is a non-destructive process.
[ 272 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
7. If you are resizing the disk where the startup volume resides, you might
see a prompt warning that Resizing the startup volume will cause this
computer to stop responding and not to power off while the process is
ongoing. Click Continue.
8. The process will start, and you will be able to monitor it (Figure 6.18). Take
into account that it may take a while:
10. You will be able to verify that the partition was created because it will
show on Disk Utility's left-side menu and in the Finder's sidebar.
We mentioned earlier that there are two main ways of formatting a disk in macOS:
adding a partition, and the other is by erasing the disk. In the following section, we
will see how formatting is done by erasing a disk.
Erasing/reformatting disks
If you choose to erase a disk (not a volume or a partition), Disk Utility will create a
partition with a new volume format. Always remember that erasing a disk will
destroy its contents. If you will be erasing a system disk, you should use Disk Utility
from macOS Recovery.
[ 273 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
3. Enter a volume name, a Format (the default is APFS), and a Scheme (the
default is the GUID Partition Map). The format options you can choose in
the Format dropdown are shown in Figure 6.20:
[ 274 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
4. You might see a Security Options button when erasing certain storage
devices. If you click on it, you will be able to choose from four security
settings to erase your data. These options are Fastest, Two-Pass
Erase, Three-Pass Erase, and Most Secure (Figure 6.22):
Note that secure erase options are not available for solid-state drives
(SSD). The security alternative for this type of disk would be turning
on FileVault encryption.
When available, the security options and how they deal with erasing data are
explained here:
Fastest: This is the default method and the fastest. Data erased with this
method might be recoverable through third-party utilities.
Two-Pass Erase: This method overwrites with random data once and then
overwrites with a single pass of zeros. This means data is overwritten
twice.
[ 275 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
5. Move the slider to the appropriate position or leave it as the default, and
click OK.
6. Review all the details and, when ready, click Erase.
7. When the process is finished, click Done.
And that's it! You have successfully erased and reformatted your disk.
Next, we will see some other important actions that you might need to perform with
macOS storage, such as resizing and deleting existing partitions.
To increase the size of a partition formatted with Mac OS Extended, FAT, or exFAT,
you will need to delete the partition/volume right after the partition you want to
enlarge to make space for it. There is no easy way to resize without deleting another
partition first and potentially losing data; other options would be to use Terminal (for
advanced users only) or third-party software.
[ 276 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Take into account that it is not possible to increase the size of the last
partition on any device.
1. Make sure you have a backup of your data before attempting any partition
changes.
2. Open Disk Utility. In the sidebar, select the disk (not a volume) with the
partition you want to increase the size to, then click Partition (Figure
6.13). If you see a prompt asking you to select Add Volume or Partition,
choose Partition.
3. On the pie chart, select the volume immediately after the partition you
want to increase the size of so that it shows in the color blue, and click the
Remove sign (-), as shown in Figure 6.23.
4. Once you are certain this is the partition you want to delete, click Apply.
5. You will see a prompt warning you that this action will remove the
partition and its data. Verify and click Partition:
[ 277 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
6. When the process is complete, click Done. You should see an Operation
successful or Operation failed message. Click Done to close that window,
or click the Show Details triangle to verify any errors.
7. As you can see in Figure 6.24, the partition next to the one you just removed
now occupies the space liberated.
So, that's it! You have just increased the size of an existing partition:
[ 278 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Decreasing the size of a partition can be done in a much simpler and non-destructive
way (no data loss):
[ 279 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
3. You will see a prompt warning you that this action will resize the partition.
Verify the information and click Partition.
4. As you can see in Figure 6.26, the partition has been resized, and a new
"Untitled" partition now appears, occupying the liberated space:
Now that you have learned how to format, add, increase, and decrease partitions, let's
see how to use APFS, the current macOS default volume format.
[ 280 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
HFS+
Fusion
Core Storage
FileVault
If for any reason, volumes are not converted to APFS by the update process, or if you
want to convert an external disk, you can do it manually without data loss. To do
that, follow the steps indicated here:
1. Open Disk Utility, right-click the volume in the sidebar list, and
select Convert to APFS...
2. You will be asked to confirm. If you are sure, click Convert to proceed.
3. You will be able to monitor the process by clicking the Show
Details triangle.
4. When the process is complete, you will see a Conversion to APFS is
complete or Operation successful message in the details window.
Click Done to close that window.
[ 281 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
5. If you look in the sidebar in Figure 6.27, you will notice that the partition
converted is now wrapped inside a container as a result of the conversion
to APFS:
You can also convert a volume to APFS by changing the format to APFS, a procedure
we saw earlier, in the section on how to modify partitions (Figure 6.15). However, this
is a destructive process.
If you want to take advantage of the APFS space-sharing feature, the best option is to
add volumes to one APFS container, and that is what we will look at in the next
section.
[ 282 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
3. Give the new volume a name. In the Format dropdown, select the variant
of APFS you want to use or leave it as the default format, as seen in Figure
6.29.
4. You will see a Size Options... button, which you can use to manage APFS
volume allocation manually. The available options are the following:
Reserve Size: Ensures that a specific storage size will be
available for this volume.
Quota Size: Limits how much storage this volume can allocate.
5. When ready, click OK.
[ 283 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Now that you know how to add an APFS volume, let's examine how to delete it or
erase it.
1. Select the APFS volume you want to delete in Disk Utility's sidebar.
2. Click the delete volume button (-) in the top toolbar.
3. You will see a prompt to confirm. Make sure the correct volume will be
deleted and click Delete.
4. When the process is finished, click Done.
Erasing an APFS volume will permanently erase all the data in the volume, but the
empty volume will remain in the container. To erase a volume, do the following:
1. Select the APFS volume you want to erase in Disk Utility's sidebar.
2. Click the Erase button in the top toolbar.
3. You will see a prompt to enter a volume name and format. You can change
it if necessary, and click Erase when ready.
4. When the process is finished, click Done.
We have finished this section on using APFS volumes, including adding, deleting,
and erasing volumes. In the next section, we will examine a set of important recurrent
tasks.
[ 284 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
When a physical storage device is connected to a Mac, the volumes appear in the
Finder and Disk Utility, except for encrypted volumes. Encrypted volumes require
you to enter the password to unlock it first before they can be seen in the Finder or
Disk Utility.
In Figure 6.30, the volume appears dimmed, which means that the disk is physically
connected, but the volume is not mounted. If you select that volume, a message in the
center of the window will indicate so:
In the following section, we will look at the various methods to unmount/eject a disk.
[ 285 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
In the Finder, select the volume, then choose File, and Eject from the top
menu.
Select the volume, right-click, and select Eject "[volume name]."
Select the volume, click the Action button in the Finder toolbar, and
select Eject "[volume name]" (Figure 6.32):
[ 286 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Besides all the methods to unmount and eject we just saw, you can also use Disk
Utility to eject and unmount a volume. You won't be able to unmount or eject a
volume when files from that volume are open. You need to close any open files, and
sometimes even the Finder, to unmount or eject the volume.
Select the volume in the side menu, click the Unmount button at the top, or
click the Eject button beside the volume name, as seen in Figure 6.33.
[ 287 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Other options are to log out the user, preventing the release of the volume,
or restart the Mac. These options are preferable to just unplugging the disk
without properly unmounting the volumes and risking data corruption.
It's important to know that HFS Extended, Journaled formats use "journaling" as
crash protection. So, if an unexpected interruption disconnects the device without
unmounting (for example, in the event of a power outage), as soon as the power is
back, the system will verify the volumes and attempt to repair them. Journaling
allows this by keeping a history of the filesystem changes. Therefore, you need to
keep the disconnected device plugged in when the power returns for this process to
occur.
Now that we have seen how to unmount and eject disks/volumes, let's see how to
mount or remount them.
Mounting
To mount a volume, all you need to do is plug the storage device into the Mac.
However, mounting volumes previously unmounted and still connected by cable can
be done from Disk Utility.
If a volume is unmounted, but the device is still connected to the Mac, it will
show dimmed in the Disk Utility sidebar. If you want to remount that volume, all you
need to do is select the volume and click the Mount button in the toolbar (Figure 6.35):
[ 288 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
In the case of an encrypted volume, the Mount button will be grayed out or disabled.
To mount it, you would need to choose File from the menu, then select Unlock, and
enter the password to unlock the volume.
In this section, we have seen all about disks, volumes, and partitions, including how
to examine storage, manage partitions, use APFS volumes, and mount/unmount and
eject disks. In the next section, we will see how to optimize storage space.
[ 289 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Store in iCloud
Optimize Storage
Empty Trash Automatically
Reduce Clutter
You can access the Storage Management tool through Spotlight or the Storage tab in
the About This Mac tool we saw earlier in this chapter (Figure 6.5). Click
the Manage... button beside the system volume (usually Macintosh HD). Then, you
will see the interface shown in Figure 6.36:
When the tool opens, you will see the types of files you have and the space they
occupy on the left side. If you have a lot of files, the process of calculating the sizes
may take a while.
[ 290 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Store in iCloud
The first option you will see, Store in iCloud, recommends storing your files, photos,
and messages in iCloud. To save space, you should only keep recent files and
optimized photos on your local disk.
Desktop and Documents: Choose this option to store all files from the
Desktop and Documents folders in iCloud Drive. When you have limited
storage space, only the files recently opened are kept locally. Files stored in
iCloud will have a download icon; therefore, if you need the original file,
all you need to do is double-click on this icon to download the file.
Photos: With this option, all original photos and videos will be stored in
iCloud Photos. When you have limited storage space, only optimized
versions of the photos are kept locally.
Messages: This option will store all messages and attachments in iCloud.
When you have limited storage space, only the messages and attachments
recently opened are kept locally.
3. Once you have selected the appropriate boxes, click Store in iCloud.
4. If iCloud is not enabled in your account, you will be asked to sign in to
iCloud.
Optimize Storage
The Optimize Storage option recommends enabling the removal of movies and TV
shows that you have already watched.
[ 291 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Reduce Clutter
This option will allow you to sort and delete documents and other content stored on
the Mac. This process requires time, but the sorting tools make it easier to make
decisions.
1. Click the Review Files button. This option will help you sort through your
files to delete the ones you no longer need.
2. When you click that button, you will see the following five tabs (Figure.
6.37):
Large Files: This sorts through large files so that you can erase those
occupying a lot of space and that you don't really need.
Downloads: This sorts the downloaded files and allows you to
permanently erase them, especially installers, which are usually very big.
Unsupported Apps: In this tab, you can permanently erase unsupported
apps.
[ 292 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Containers: In this tab, you can explore application containers and erase
data not needed anymore.
File Browser: This sorts the folders that are larger in size so that you can
explore them and see which files you can delete:
You can also find other categories in the left panel to sort files by type: Documents,
Music, Trash, and more to help you with your storage optimization efforts.
And with this section on optimization, we have reached the end of this chapter.
Please be sure to review the summary and the further reading resources for more
information on the topics covered in this chapter.
[ 293 ]
The macOS File System: Disks, Volumes, and Partitions Chapter 6
Summary
In this chapter, we discussed several basic concepts necessary to understand macOS
storage, including what disks, volumes, and partitions are, and how you can examine
and manage them in macOS. We explored the macOS filesystem and how its
hierarchy structure can be classified into four domains (local, system, user, and
network) according to their purpose. We also examined the advantages of the new
default filesystem: APFS. Finally, we learned about the tools macOS provides to
optimize your storage space.
In the next chapter of this book, we will examine an important topic that describes
how access to the filesystem and storage is managed through ownership and
permissions.
Further reading
If you want to check out the fine-grained technical details about the Apple Mac's File
System, you can visit this page:
[ 294 ]
7
Understanding Ownership
and Permissions
Ownership and permissions in macOS control authorizations to access filesystem
resources. In other words, they control which users have what kind of access to which
resources.
In this chapter, you will learn how macOS manages ownership and permissions, and
how access rights priorities are assigned according to macOS's main policy. Also, you
will learn how to manage file and folder access through the tools macOS provides.
Finally, you will explore the options for sharing files through the default sharing
folders available in the macOS filesystem.
By the end of this chapter, you will be able to describe file ownership and permissions
in macOS, manage file and folder ownership and permissions and use the macOS
default sharing folders effectively to share resources with other users.
Before we start, let's look at the technical requirements for this chapter.
Understanding Ownership and Permissions Chapter 7
Technical requirements
This is what you will need for this chapter:
Let's begin by understanding what ownership and permissions are in the context of
macOS.
In macOS, the permissions that can be applied to files and folders are as follows.
[ 296 ]
Understanding Ownership and Permissions Chapter 7
Permissions that can be configured from the Finder for the file level are the following:
Read & Write: Users/groups can open, read, and modify files.
Read only: Users/groups can open and read files but cannot modify them.
No access: No access of any kind is allowed to the file.
Permissions that can be configured from the Finder for the folder level are as follows:
Read & Write: Users/groups can explore the contents of the folder and
modify its contents (add, edit, remove files).
Read only: Users/groups can explore the contents of the folder, but they
cannot make any changes.
Write only (Drop Box): Users/groups are not allowed to explore the
Dropbox folder, but they can drag, copy, or move items to it.
No access: No access of any kind is allowed to the folder.
"Execute," the UNIX permission that allows executing a file, is assigned to folders
when read access is granted, but it cannot be modified or configured through
the Finder. This permission can only be managed by administrators through
Terminal.
At the same time, the permissions we just described are applied to users based on a
structure of three types of POSIX-style ownership tiers that define specific privilege
rules. All files and folders have a permission level assigned to these ownership tiers,
which are the following:
Owner
Group
Everyone
[ 297 ]
Understanding Ownership and Permissions Chapter 7
This ownership model is common on UNIX systems, and it relies on the principle that
every file and folder belongs to at least one owner and one group. Let's look at each of
the three types of ownership tiers in more detail:
Owner: By default, the owner is the user who created (or copied) an item.
Users usually own all the items in their home folders. On the other hand,
the "root" user owns items such as resources and applications.
Group: An item inherits the group permissions from the folder it was
created in. The group tier includes all users that are not owners of a specific
item. There are three main groups of ownership already configured by
default in macOS; however, you can add your own groups, which you
create in the User & Groups preferences. You can explore Chapter 4, User
Accounts Management, to review how. The groups that exist in macOS by
default are the following:
Everyone: At the same time, each of the files and folders has a setting for
everyone else who is not an owner. In other words, any user (local, sharing,
guest) who is not an owner or does not belong to a group belongs to the
Everyone tier.
Apart from the preceding ownership tiers, we have what are known as Access
Control Lists or ACLs, which provide a filesystem ownership and permission
structure with more flexibility and customization options.
[ 298 ]
Understanding Ownership and Permissions Chapter 7
This is very useful when you have departments in an organization. For example, you
could create a Sales Department group and define a set of permissions for specific
folders for that department, and a Marketing group with another set of permissions
for that department.
If an ACL rule is defined for a user or group, this rule has precedence over the
standard UNIX permissions. You will see the order of precedence a little bit later in
this chapter. But now, let's see the types of permissions that can be configured in
macOS and how they work in a hierarchical fashion.
Let's look at some examples to better understand how this works in a real context.
[ 299 ]
Understanding Ownership and Permissions Chapter 7
Case 1
We have a folder that belongs to the staff group.
This group has Read & Write permissions for this folder.
We have two files inside: one has Read & Write permissions, the other has
Read only permissions.
Explore the folder and make changes to it, that is, add, remove, or edit files.
Read, and edit the file with Read & Write permissions.
Open and read the file with Read only permissions, but not make changes
to it. However, since they have Read & Write access to the folder where
this file resides, they can copy, move, rename, or delete the file. Therefore,
this file is not secure simply because it is Read only since the higher
permissions at the folder level allow tampering with it. In fact, users could
copy the file's contents in another file, and since they have full permissions
for the folder, they could replace the file.
Case 2
We have a folder that also belongs to the staff group.
This group has Read only permissions on this folder.
We have two files inside: one has Read & Write permissions, and the other
has Read only permissions.
Explore the folder, but they cannot make any changes to it, such as adding,
deleting, or editing files.
Make changes to the file that has Read & Write permissions, but they
cannot move it, copy it, rename it, or delete it because of the Read only
permissions for the folder. However, users could delete the file contents
and leave it blank because of the Read & Write permissions.
View the file with Read only permissions. They could copy the file to
another folder, but they wouldn't be able to replace it in the folder because
of the Read only access; modifying this file is not possible.
These two cases are just an example of the possibilities, and sometimes complexity,
that permissions offer in this model.
[ 300 ]
Understanding Ownership and Permissions Chapter 7
Now, besides permissions and ACLs, macOS uses other resources that also help
manage access to items: file flags. In the next section, we will examine a practical case
where file flags are used to control access.
File flags
macOS supports file flags, which are intended to override UNIX permissions in very
specific situations. These file flags allow controlling access at a per-file level. They are
very useful when permissions are assigned to a folder recursively, for example, but
you want a specific file to be excluded from those permissions and to have its own,
more restrictive access.
We have a folder with two files that belongs to the staff group.
The folder has recursive Read & Write permissions.
Because permissions are recursive, the two files in the folder have Read &
Write permissions, but a lock flag has been enabled on the second file.
The file owner enabled the locked attribute for the second file. This flag prevents any
user who is not the owner of that file from editing, moving, deleting, or renaming it
until the owner clears the flag. The only one who can perform any modifications to
the file is the owner. Actually, the owner could even delete the file, even if it was still
locked.
The file could be copied to another folder, at which point the user who copied it
would become the new owner and could disable the file lock, but the original file
would still be locked, and it wouldn't be possible to replace it with this new, unlocked
version.
[ 301 ]
Understanding Ownership and Permissions Chapter 7
macOS currently allows the use of the "locked" file flag only through the user
interface. Other flags can be used in macOS, but that would require the use of
Terminal.
1. Open the Finder and select the file you want to lock.
2. Press Cmd + I to open the Inspector window.
3. Enable the Locked checkbox circled in red in Figure 7.1:
Now that you know how file flags work in macOS, it is important to examine the
macOS filesystem security policy, which details exactly how access rights are
determined in the context of permissions and ACLs. In the following section, we will
see the priorities determined by the application of this policy.
[ 302 ]
Understanding Ownership and Permissions Chapter 7
If the application’s sandbox does not allow access, then the request is
denied.
If ownership checking is disabled for the volume, the request proceeds.
If there is an ACL set for the file, it is evaluated to determine the access
rights.
If there is a file flag that denies access, the request is denied.
If the user ID matches the owner of the file (the “user” or "owner"
permissions), then those permissions are used.
If the group ID matches the group for the file, then the “group” permissions
are used.
Otherwise, the “other” permissions are used.
[ 303 ]
Understanding Ownership and Permissions Chapter 7
In this section, we saw what ownership and permissions in macOS are, how Access
Control Lists or ACLs help to add flexibility to the UNIX model, how hierarchical
rules work, how we can use file flags to restrict access at a per-file level, and the
priorities the macOS File System Security Policy uses to grant or deny access to a
resource. This information will help you manage ownership and permissions to
customize access to your macOS resources if needed.
In the next section, we will see how to manage permissions and ownership using the
tool available for all macOS users for that purpose, the Finder.
[ 304 ]
Understanding Ownership and Permissions Chapter 7
There are several ways to display the Info window. With the item you want to
inspect selected in the Finder, you can do the following:
Press Cmd + I.
Go to File in the menu and select Get Info.
Use the secondary click to select the Get Info option.
This tool can also be used in Dynamic Inspector mode, which lets you inspect items
dynamically. This means that if you select another item in the Finder, the Inspector
window will change to show the new item's information, without having to close the
Inspector window.
The ownership and permissions info is shown at the bottom of the window, in
the Sharing & Permissions section, as seen in Figure 7.3:
[ 305 ]
Understanding Ownership and Permissions Chapter 7
In the Name column, you will see the list of users and groups with access
to this item. Remember, we said that all files and folders have permissions
granted to the three ownership tiers by default: owner, group, and
everyone.
The Privilege column lists the permissions associated with ownership tiers
listed in the Name column.
The user at the bottom of the users list, before the groups, displayed in a
circled icon (macOS Big Sur), is the item's owner. In Figure 7.3, hertanava
(Me) owns this item and has Read & Write permissions.
Other users are displayed with single-user icons. In the example,
patrickjohnson is a user added to the permissions list with Read
only access to this item.
The groups that have access to this item are displayed with a two-user icon.
In the example, there is only one group, the staff group, that has Read &
Write permissions for this item.
Every resource has a setting for everyone, which is displayed with a three-
user icon. In this case, everyone has Read & Write permissions on this
item.
The item's owner can change the item's permissions, but only administrators can
change both an item's ownership and permissions. We will explore that next.
The user who created an item is usually the user who owns it. Take into account that
to change permissions of items you don't own, you need administrator privileges. In
the case of ACLs, the Finder only allows limited configuration options. If you need
more complex permissions and ACLs, you can use Terminal.
[ 306 ]
Understanding Ownership and Permissions Chapter 7
1. Select the item in the Finder and open the Info window.
2. Click the small lock icon in the lower-right corner (Figure 7.4).
3. Enter your credentials to authenticate as an administrator, if necessary.
4. You will need to add the user as an entry in the permissions list if it's not
already in it. For that, click the Add (+) button in the lower-left
corner (Figure 7.4). You can select a user already on the list of users or
create a new user with the New Person button (Figure 7.8). By default, new
users will be added to the list with Read only permissions, as you can see
in the case of patrickjohnson in Figure 7.4:
[ 307 ]
Understanding Ownership and Permissions Chapter 7
6. To make him the owner of this item, select him in the list, click the small
gear icon at the bottom, and select Make "patrickjohnson" the owner, as
seen in Figure 7.5:
7. At this point, the new owner will move to the bottom of the users
permissions list, and its icon will change, as you can see in Figure 7.6:
[ 308 ]
Understanding Ownership and Permissions Chapter 7
Notice that, although patrickjohnson is now the owner, he still has Read only
permissions, but since he's the owner now, he will be able to change permissions for
this item for any user without having to authenticate as an administrator. We will see
how to change that in the Granting and changing permissions section.
The changes will be applied immediately, but as long as you keep the Info window
open, you will be able to revert the ownership configuration by clicking the gear icon
at the bottom of the window and choosing Revert changes (Figure 7.5). This option is
useful if you made a mistake or if you want to test different configurations to see their
effect on an item. Take into account that this is not an "undo" type option; it will
revert to the original configuration in effect when the Info window was opened.
[ 309 ]
Understanding Ownership and Permissions Chapter 7
However, administrators can change this behavior and force macOS to recognize
ownership in non-system external and internal volumes. To do this, follow the steps
given here:
1. Open the Finder, and select the non-system volume for which you want
ownership to be recognized. Open the Info window for that volume.
2. Next, click the lock at the bottom of the Info window to authenticate as an
administrator.
3. Next, you will see that the Ignore ownership on this volume checkbox is
selected by default, as shown in Figure 7.7. Deselect it to change the
behavior for that volume:
[ 310 ]
Understanding Ownership and Permissions Chapter 7
Note that this procedure will not work with volumes formatted as
FAT or exFAT.
Let's now discover how to add additional permissions using the Finder and the Info
window.
If you want to grant new permissions for a user or a group, follow these steps:
1. Select the file you want to grant permissions for, open the Info window,
and click the Add (+) button, as shown in Figure 7.4.
2. A window will appear to allow you to search and select a user or group
from the list. At this point, you will have the choice to create a new user as
well. Take into account that using the New Person button will create a new
sharing-only user account, the same way you would create it from the
Users & Groups preferences.
3. Click the New Person button to create a new sharing-only user or select a
user from the Users & Groups list or a contact from your Contacts list. For
this example, let's choose John Adams from the Users & Groups list and
click Select:
[ 311 ]
Understanding Ownership and Permissions Chapter 7
4. The new user in the list, John Adams, is added to the list with the
default Read only permissions.
5. To change the permissions, click on the Read only privilege for
johnadams and select an available permission such as Read & Write, as
shown in Figure 7.9:
6. Once that is done, the list will reflect the new privileges for johnadams as
Read & Write.
And that's it! You have successfully added a new user and granted them permission
to an item.
[ 312 ]
Understanding Ownership and Permissions Chapter 7
Notice that the actions in the preceding example were performed without having to
authenticate and with the lock engaged. This is because the user making the changes
is the owner of this item. If I weren't the owner of this file and tried to change the
permissions, I would get an error message like the one shown in Figure 7.10:
So, you see how adding permissions is very easy through the tools macOS provides.
Deleting permissions is even easier, as we will see in the next section.
Deleting permissions
You might want to delete permissions to increase the security for certain sensitive
items or remove permissions from users and groups that don't really need access to
those resources.
You cannot delete the original owner of an item through the Info window.
You cannot delete the everyone group permission through the Info
window.
To delete the staff group, you will need to authenticate as an administrator.
So far, we have seen how to add and delete permissions. In the next section, we will
explore how to change permissions for items for specific scenarios.
[ 313 ]
Understanding Ownership and Permissions Chapter 7
macOS is pre-configured in a way that files and folders are normally secure for file
and folder sharing. This means most users will never feel the need to change
permissions. However, there are scenarios in which it is important to consider
permission customization, especially with shared computers and shared
environments.
The first detail to consider is that, to facilitate access, all new files and folders are
created with Read only access for other users who are not the owners. This is of
particular importance when users place items in the root of their home folders or if an
administrator places an item in the root of the system volume, the local library, or the
Applications folders. Although it is not a good practice to place items in those
locations, if for any reason you or anyone else does, you should be aware of the
default read-only access to those items.
Here, we will use two scenarios to exemplify how customization can help improve
the security and privacy of certain resources. The first shows how to restrict access to
an item, and the second, how to propagate folder permissions.
Let's place a file in the root of a user's home folder. We have seen earlier that users,
even guests, can browse other users' home folders. Therefore, this file placed in the
root of the home folder can be seen by all users. Let's change its permissions so that
only the owner can see it.
1. Select the file placed in the root of the user's home folder for which you
want to change the permissions.
2. Open the Info window, and scroll down to the Sharing &
Permissions section.
[ 314 ]
Understanding Ownership and Permissions Chapter 7
3. Start by removing all users and groups from the permissions list through
the delete button (-) circled in red in Figure 7.11 (except for the original
owner, who cannot be removed).
4. To delete the staff group, you will need to authenticate as an administrator
by clicking the lock icon at the bottom right.
5. You will notice that you cannot remove the everyone group. This is
because this group needs to be able to browse through the home folder to
access the shared folders. But, you can restrict access to the file. To do so,
change the file's permission setting to No Access, as shown in Figure 7.11:
And that's it! You have secured a file by customizing the permissions to restrict access
to it. Now, only the owner will be able to see it and modify it.
[ 315 ]
Understanding Ownership and Permissions Chapter 7
1. Select the Pictures folder and open the Info window. As mentioned
earlier, you will notice that the permissions for the everyone group
are Read only.
2. Change the everyone permissions to Read & Write. You will notice that
despite having changed the folder's permissions, the items inside still have
the Read only permission for the everyone group. This is because
permissions changed through the Info window do not propagate to the
items inside the parent folder.
Follow the steps indicated here to propagate permissions applied to a folder to the
items in it. Take into account that to do that, you will need administrator privileges:
1. Change the Pictures folder permissions for everyone from Read only
to Read & Write.
2. Next, click on the lock icon at the bottom to authenticate as an
administrator, if you've not already done so.
3. Click on the gear icon at the bottom and select Apply to enclosed
items... as shown in Figure 7.12:
[ 316 ]
Understanding Ownership and Permissions Chapter 7
4. Also, take into account that this action is not easily reverted. This is why, at
this point, you will see a warning before accepting this action (Figure
7.13). Click OK if you are sure this is what you want to do:
5. Now, if you open the Pictures folder, you will be able to verify that the
folder's permissions for the everyone group have been propagated to the
items in it.
This section concludes our learning about managing ownership and permissions. In
the next section, we will see how we can easily share files through the folders
provided by default in the macOS filesystem and the permissions that allow this.
[ 317 ]
Understanding Ownership and Permissions Chapter 7
Public
Drop Box
Shared
[ 318 ]
Understanding Ownership and Permissions Chapter 7
These are the two premises you need to take into account to use these two folders:
1. Other users can view the contents of the Public folder, even users who
connect remotely can see what's in this folder, but they cannot add items or
make changes.
2. Other users can add files to the Drop Box folder, but they cannot see its
contents. Once a user "drops" a file in that folder, only the owner of that
home folder will be able to recover it. In other words, it's a folder for other
users to "drop" files for you (the owner of the home folder) to recover.
Let's examine the permissions of the Public folder. As you can see in Figure 7.15, this
folder has Read only access for the staff and everyone groups. This means other
users can read (explore) that folder. They can browse the contents of that folder, but
they cannot place any files inside it. If I were an administrative user, I could
authenticate and place files in it. However, any files placed in a user’s Public folder
can be read by all Mac users but edited or deleted only by the file owner:
[ 319 ]
Understanding Ownership and Permissions Chapter 7
Now, let's examine the permissions for the Drop Box folder located inside
the Public folder from the perspective of the home folder owner, Patrick Johnson. As
you can see in Figure 7.16, it has a custom permission: Write only (Drop Box) for
the everyone group. This means other users can write (drop items) to that folder.
Also, notice there are two entries for the owner, patrickjohnson: there is a Read &
Write permission, and there's a Custom ACL setting for this folder, which allows the
owner of the home folder to have full access to the items in this Drop Box folder. The
files created or copied into Drop Box are owned by the user who created or copied
them, even if they are in another user's home folder.:
If another user, such as John Adams, would like to drop items for Patrick, they can
browse the system folder to locate the Public and Drop Box folders from the root of
the system volume (Macintosh HD), as seen in Figure 7.17:
[ 320 ]
Understanding Ownership and Permissions Chapter 7
Since John doesn't have Read permissions, he cannot see the folder's contents. But he
has Write only (Drop Box) permissions because he is part of the staff group, so he can
drop files for Patrick.
Also, notice that all other sub-folders in Patrick's home folder have a red icon, which
means other users cannot access them.
Now that you understand how to get the most out of these two sharing folders, let's
look at another folder that helps us share in macOS, the Shared folder.
[ 321 ]
Understanding Ownership and Permissions Chapter 7
But there is something different and unique about this folder. If we examine this
folder's permissions, in Figure 7.19, we can see that the owner of this folder is the
system user, the everyone and wheel groups have Read & Write permissions, and
there is no staff group in the list. This is an excellent example of custom permissions.
Moreover, this folder has a permission configuration called "sticky bit," which
prevents users from deleting any items they don't own. Only the user who owns the
item is allowed to delete it. Take into account that sticky bit permissions can only be
managed from Terminal.
As you can see from the permissions in Figure 7.19, everyone has Read & Write
permissions, which means users on the Mac can access and recover files placed in the
Shared folder, without the restrictions of the Public and Drop Box folders, but only
the original owner can edit or delete a file placed in this folder.
And with this section on sharing through the default folders provided by the macOS
filesystem, we conclude this chapter about ownership and permissions. Be sure to
check the following summary to recap what we have learned here.
[ 322 ]
Understanding Ownership and Permissions Chapter 7
Summary
In this chapter, we understood how ownership and permissions work in macOS, how
we can manage them, and how to use the folders provided by macOS for sharing
files.
After reading this chapter, you should feel comfortable with understanding how
ownership and permissions work in macOS, and be able to describe the types of
permissions and ownership tiers used. Also, you will now understand how ACLs
provide more flexibility to the permissions model and how to use flags, such as the
"locked" flag, to restrict access to specific items. You can now manage items'
permissions and change their ownership, as well as make ownership in non-system
disks be recognized. Finally, you should be able to take advantage of the macOS
shared folders to share files with other users effectively.
In the next chapter, we will explore system resources and shortcuts, including system
resources such as preference files and fonts, and shortcuts such as aliases.
[ 323 ]
8
System Resources and
Shortcuts
In Chapter 6, The macOS File System: Disks, Volumes, and Partitions, we saw how
macOS organizes the filesystem through domains that make it easier for the user to
find the files they need and, at the same time, keep a clean, clutter-free interface, and
a secure system. This chapter will focus in more detail on the system resources
distributed in that filesystem structure.
Learning about system resources is important because you need to know what kind
of system resources macOS uses to function, their purpose, and where they are
located, in case you need to access them for troubleshooting. Moreover, you will learn
about shortcuts, their purpose in macOS, and how to create your own.
By the end of this chapter, you will be able to locate system resources in macOS,
explore the types of system resources available, uncover and hide files and folders,
manage font resources, understand shortcuts in macOS, and create and manage
shortcuts.
Before we start, let's look at the technical requirements for this chapter.
System Resources and Shortcuts Chapter 8
Technical requirements
This is what you will need for this chapter:
Most macOS system resources are located in the user and local Library folders in the
system volume. Precisely, the Library folders keep user and system resources
organized and separated from the rest of the files. This is why application and user
data is also found in these folders. This is intentional so that the Applications and
user home folders that are frequently accessed by users don't contain files they don't
really need to see.
Extensions
Frameworks
[ 325 ]
System Resources and Shortcuts Chapter 8
Fonts
Preference files
LaunchAgents and LaunchDaemons
Logs
These four resources are covered in other chapters and sections of this book:
Let's learn about the first six types of resources in more detail.
Extensions
Also known as kernel extensions or kexts, these are resources for the system kernel.
The following has been sad by Joe Auricchio, from the Mac CoreOS group:
Kexts have been part of macOS since the very beginning, and you can use them to
build powerful and innovative apps that extend the built-in functionality of the
operating system. (WWDC 2019)
Kexts can attach themselves to the kernel or core to perform low-level tasks that
cannot be performed in userspace. Their main objective is to provide driver support
for networking, hardware, and peripherals. Antivirus software, firewalls, VPN
clients, DNS proxies, and more also use kernel extensions.
[ 326 ]
System Resources and Shortcuts Chapter 8
However, since macOS Catalina (10.15), several improvements have been added to
kexts to facilitate development and debugging, reducing the risk to data security,
privacy, and the system. These improvements are possible through the introduction
of two new technologies that are designed to be run in userspace and not in the
kernel. Actually, "kernel extensions" will be deprecated and replaced by "system
extensions." Eventually, software using kernel extensions will trigger a notification
warning the user about the deprecated API and recommending that they contact the
developer for alternatives.
System extensions: They replace the "kernel extensions" functionality. They extend
the operating system's functionality and are part of the application but run in
userspace instead of the kernel. Developers can build three types of system extensions
in macOS Catalina and later:
Network: They replace the previous Network Kernel Extensions. They can
act as content filters, reroute traffic, and connect to a VPN.
Endpoint: They replace the previous kauth event monitoring. They allow
the development of detection and response, antivirus, and data loss
prevention apps.
Driver: They replace the previous device drivers kexts based on IOKit.
They are created with Driver Kit, a new SDK that is based on and replaces
the previous IOKit. It is designed to build device drivers in userspace
instead of the kernel. These extensions and Driver Kit allow you to control
hardware devices such as USB, serial, and so on.
Apple has informed developers that macOS .15 (Catalina) will be the
last release to fully support kexts. Developers will need to switch to
system extensions after that.
Frameworks
Frameworks are directories that contain code libraries. Their main purpose is to
provide resources for apps and system processes. They are located in the
/System/Library folder.
[ 327 ]
System Resources and Shortcuts Chapter 8
You can verify which frameworks are loaded into your macOS through the System
Information tool (you can review Chapter 6, The macOS File System: Disks, Volumes,
and Partitions, to learn how to access this tool):
Fonts
Fonts are probably the most popular resource used by regular users. macOS supports
many types of fonts, including bitmap, TrueType, OpenType, and PostScript fonts.
They are used for the typefaces available for displays and printers.
[ 328 ]
System Resources and Shortcuts Chapter 8
Preference files
Preference files store system and app configuration information. Whenever you
configure an application or a system setting, those settings are stored in these files. It
is common to delete preference files when an app is behaving unexpectedly or after a
migration. The specific steps to troubleshoot apps are covered in Troubleshooting
Tips.
For example, for the Scrivener app, the preference file would be located here:
~/Library/Containers/com.literatureandlatte.scrivener3/Data/Librar
y/Preferences
You can recognize preference files because they have the .plist extension.
[ 329 ]
System Resources and Shortcuts Chapter 8
Let's take a look at the last type of system resource we will see in this section.
Logs
Logs are files that contain information about activity and errors from nearly all
system processes and applications. They are located in all local Library folders and
also in the /var/log folder.
You can see logs through the Console application, which can be accessed from the
Applications/Utilities folder, or you can access it quickly through Spotlight.
We'll look at more about how to use Console to troubleshoot issues in
Troubleshooting Tips.
Now that we have explored the main types of system resources in macOS and know
what they are responsible for, we will explore how they are organized. System
resources in macOS are organized into domains; let's look at how that works.
[ 330 ]
System Resources and Shortcuts Chapter 8
System resource domains are used to distribute resources into domains to organize
them to increase user and system security and reliability and improve the user
experience at the same time. There are four domains in macOS where system
resources are found:
User
Local
Network
System
We saw a detailed description of these domains in Chapter 6, The macOS File System:
Disks, Volumes, and Partitions, if you want to go back to review them.
It is common to find some resources duplicated in these domains. For this reason,
there is a priority system in place when it comes to the system looking for the
resources it needs, from specific to general. In other words, if two or more copies of
the same resource are found, the priority the system will use is as follows:
1. User domain
2. Local domain
3. Network domain
4. System domain
This means that if a similar resource is found in more than one of these domains, the
system will prioritize the resource found in the User domain, and so on, until the
System domain, the last one in the priority list.
macOS also uses other technologies to ensure system resources and data security. One
of those technologies is called sandboxing. In the next section, we will see how this
technology is used to keep your system more secure.
Sandboxing
Sandboxing is an access control technology used in macOS that works at the kernel
level to make apps more secure and minimize the risk to the system and user's data.
This is possible because sandboxing limits an app's privileges so that it accesses only
the resources needed for its intended functionality.
[ 331 ]
System Resources and Shortcuts Chapter 8
A sandboxed app can access items inside a folder called a container. This folder
"contains" the resources of each sandboxed app available for users. Without
sandboxing, most apps would have unrestricted access to all user data and system
resources. With sandboxing, apps are only allowed access to the resources located
here:
~/Library/Containers/[bundleID]/Data
When a sandboxed app is used for the first time, macOS creates a Container folder.
The user that launched the app will have an individual container for that app, which
will simulate the user's home folder. macOS creates and maintains this separate
container folder for each sandboxed app used.
At the root of the Container folder, you will find the following items:
A property list file with the .plist extension, which contains the app
information.
A Data folder, which is the app's active container that simulates the user's
home folder.
[ 332 ]
System Resources and Shortcuts Chapter 8
As you can see in Figure 8.2, in the Preview app container, there is the property list
file, Container.plist, and the Data folder, which includes the same folder
structure you would find in a user home folder: Desktop, Documents, Download,
Library, Movies, Music, and Pictures. All the folders with arrows in their icons
are actually aliases to the user's actual home folder. We learn about aliases later in this
chapter.
There are other types of containers called Group Containers, or shared app group
containers, used for resources intended for sharing; in other words, these folders
contain resources shared by apps. Developers of sandboxed apps can request these
group containers to be created by the system to facilitate app resource sharing. These
containers are located in the user's Library folder, inside a folder called Group
Containers:
Similar to normal containers, when an app is first used, and requests access to shared
resources, macOS automatically creates the group container folder. These folders can
be recognized easily because they have a distinctive identifier, such as
"group.com.apple.notes," as seen in Figure 8.3.
Since 2012, all apps submitted by developers to the Mac App Store
must use sandboxing.
Now that you know the types of system resources macOS uses and how they are
organized and distributed into domains and containers for user experience and
system security, let's examine how to manage them.
[ 333 ]
System Resources and Shortcuts Chapter 8
In this section, we will cover the following common topics you will typically deal
with as an administrator concerning managing system resources:
In the next section, we will see how to access or uncover hidden items or hide
resources you don't want to see or don't want others to see.
One of those hidden folders is the user's Library folder. If you need to see it, there
are temporary and permanent methods to access it, and we will look at them next.
More specifically, we will explore the following:
[ 334 ]
System Resources and Shortcuts Chapter 8
Through the Go menu in the Finder: This is perhaps the quickest way to access this
folder.
1. Hold down the Option key and select the Go menu in the Finder. The
Library folder option will then be revealed, as seen in Figure 8.4:
[ 335 ]
System Resources and Shortcuts Chapter 8
Using the Go to Folder... option: This method requires that you enter the path to the
folder you are trying to access.
1. In the Finder menu, select the Go menu item, and select the Go to
Folder...option at the bottom (Figure 8.4).
2. A window will appear for you to enter a folder path. If you were trying to
access the user's Library folder, you would enter ~/Library. In this
case, ~/ is an abbreviated way to represent the current user's home folder,
so instead of writing the whole path to the current user's home folder, you
just type the tilde symbol.
3. As soon as you start to enter the first characters of the path, an
autocomplete feature will make suggestions, and you can just use the Tab
key to complete the rest of the path, as seen in Figure 8.5:
This last method works for any hidden folder, provided that you
know the path, or at least the first part of the path.
Using Spotlight
Spotlight is one of the quickest ways to find anything on your Mac, including files
and folders. Just enter Library and you will be shown all the relevant results. The
problem is perhaps that you will be shown many results, and the Library folder
may not be among the results at the top of the list. If you scroll down, you will see the
folder results, as shown in Figure 8.6.
[ 336 ]
System Resources and Shortcuts Chapter 8
You will have to distinguish between the several Library folders available in your
filesystem:
Another way to view hidden files in a folder is to use the Command + Shift + . (dot) key
combination. For example, open the Finder and select the root folder (Macintosh HD)
on the sidebar. Next, press the key combination indicated. You will see a screen
similar to the one in Figure 8.7:
[ 337 ]
System Resources and Shortcuts Chapter 8
We have seen temporary ways to access the Library folder. In the next section, we
will explore the permanent methods.
1. Open the Finder window and select the user's home folder. If it does not
show up, review Chapter 2, Installing and Configuring macOS.
2. With the user's home folder selected in the Finder's sidebar, go to the View
menu and choose Show View Options.
3. A window will appear. Make sure the Show Library Folder option is
checked. Once that is done, the Library folder will show in the user's
home folder in the Finder, as seen in Figure 8.8:
[ 338 ]
System Resources and Shortcuts Chapter 8
Another method to access files and folders hidden by default by macOS is through
Terminal. You can even pick specific items to hide; perhaps a folder you don't want
anyone to see. If you want to see how to hide files and folders so that they won't be
visible in the Finder, see Chapter 16, Using the Command Line, for precise instructions
on using the command line for this purpose.
In this section, we saw how to access and uncover the Library folder. In the next
section, we will explore how to manage font resources.
Installing fonts
Font location preferences
Resolving duplicate fonts
Disabling/removing fonts
The main app used for managing fonts in macOS is Font Book. This app allows you
to install, enable, disable, and validate fonts, and organize them into collections. It can
also help identify duplicate fonts. Font Book can be found in the Applications
folder (Figure 8.9):
Once open, the left panel lets you select All Fonts or other collections. Selecting any
font in the list will show a preview, as seen in Figure 8.10 and Figure 8.12.
[ 339 ]
System Resources and Shortcuts Chapter 8
Any fonts that are available but have not been downloaded will appear grayed out.
To download them, just right-click on the dimmed font, and select Download
"[Font]" Family (Figure 8.10):
There are several methods to install fonts. We will explore them in the next section.
Installing fonts
Installing fonts can be done in the following ways.
Through the Finder: When you double-click a font you want to install in the Finder,
Font Book will open it and show a preview. At that point, you just need to click on the
Install Font button (Figure 8.11) so that Font Book validates and copies the font into
the font's folder in the user's library:
[ 340 ]
System Resources and Shortcuts Chapter 8
Through the Font Book app: There are a couple of ways to add fonts through the
Font Book app:
Dragging and dropping: Drag any font to the user's Library fonts folder (Figure
8.13):
You might need to restart the system after the font is installed if it
doesn't appear in your app's font options.
[ 341 ]
System Resources and Shortcuts Chapter 8
Administrators can drag any font to the root Library fonts folder to make that font
available to all users. You can actually configure where the system will save fonts by
default; let's look at that next.
Since fonts can be placed in the various Library folders available in the macOS
filesystem, you might end up with duplicates. We will see next how to deal with
them.
[ 342 ]
System Resources and Shortcuts Chapter 8
You can check the box for Resolve duplicates by moving files to the Trash
in the Font Box preferences (Figure 8.14) if you want inactive copies of fonts
to go in the Trash.
When a duplicate font is selected in Font Book, you will see the Multiple
copies of this font are installed warning (Figure 8.15):
1. Go to the Edit menu and then select Look for Enabled Duplicates... (Figure
8.16):
[ 343 ]
System Resources and Shortcuts Chapter 8
Next, let's see how to disable or remove fonts that are duplicated or no longer needed.
[ 344 ]
System Resources and Shortcuts Chapter 8
Disabling/removing fonts
You can disable a font you don't use or no longer need:
1. In the Font Book app, select the font, right-click, and select Disable "[Font]"
Family, or deselect the box at the top, marked with a red circle in Figure
8.18:
2. Disabled fonts appear grayed out. To re-enable them, just select the font,
right-click, and select Enable "[Font]" Family, or check the box at the top.
To remove a font permanently, select it from the list and press the Delete key. If you
are sure this is what you want to do, click Remove when you see the confirmation
prompt.
[ 345 ]
System Resources and Shortcuts Chapter 8
Removing a font installed for all users requires administrator privileges. Also, take
into account that, as mentioned earlier, fonts that are used by the system cannot be
removed as System Integrity Protection (SIP) prevents it. SIP is explained in detail in
Chapter 15, Managing Security in macOS.
You can restore macOS original fonts if needed. To do that, while in Font Book, go to
the File menu and select Restore Standard Fonts... You will need to authenticate as
an administrator to do that.
Take into account that restoring standard fonts will remove any
custom fonts installed. The removed fonts will be placed in the
Fonts (Removed) folder, next to the Library folder.
In this section, we learned how to manage system resources, including how to unhide
files and folders you might need to access and how to manage fonts.
Besides domains, sandboxing, and hiding files and folders, macOS uses another
method to organize and optimize the filesystem, called "shortcuts." There are a few
types of shortcuts used in macOS, and we will explore them in the next section of this
chapter.
Types of shortcuts
Creating shortcuts
[ 346 ]
System Resources and Shortcuts Chapter 8
Types of shortcuts
There are three types of primary filesystem shortcuts used in macOS:
Aliases
Symbolic links
Hard links
Let's explore in a little more detail how they are different from each other.
Aliases
Aliases are shortcuts that contain information that allows the system to know where
the original item is, even if it's renamed or moved, as long it is in the same original
volume. This is possible because of two important pieces of information the alias has:
the UID of the file it links to and the file's complete path. Therefore, we could say that
aliases are dynamic links that point to files and folders.
Aliases can be created through the Finder, but not from Terminal, and actually, they
won't be recognized in Terminal.
An alias can be identified in the Finder through the small arrow that appears in the
lower-left corner of the item's icon. In the example in Figure 8.19, all the folders with
arrows are aliases:
[ 347 ]
System Resources and Shortcuts Chapter 8
You can find out where that alias is pointing to through the Info window. Just select
the item and press Cmd + I. The Info window will tell you what kind of resource this
is, and you will see that it is indeed an alias (Figure 8.20) and where it points to. In the
example in Figure 8.20, this Desktop alias is pointing to
/Users/administrator/Desktop:
Another way to locate the original item the alias is pointing to is to right-click on the
alias and choose Show Original from the contextual menu, which will take you to the
folder containing the original item.
Next, let's see another type of shortcut, the symbolic link, and how it is different
from an alias.
[ 348 ]
System Resources and Shortcuts Chapter 8
Symbolic links
Symbolic links, also known as "symlinks" or "soft links," come from UNIX system
design and can also be used in macOS. Both aliases and symbolic links are shortcuts
to an item, but they are not equal. We could think of symbolic links as advanced
aliases. Here are some of the differences from aliases:
Symbolic links don't only point to files and folders, as aliases do. They
work in all applications on the system, including Terminal.
Apps see symbolic links as if they were the same as the original item they
link to.
Contrary to aliases, symbolic links don't have UID information; therefore,
they can easily be broken if the item is changed. In fact, any change to a
symbolic link, such as renaming it or moving it to another location within
the volume, will break it.
Although the Finder can follow symbolic links, it cannot create them.
Symbolic links can only be created through Terminal.
You would use symbolic links when you need to not only point to a folder or file but
also to have an app interpret the shortcut as if it were the actual file or folder. For
example, say an application has its files stored at /Applications, but you want its
directory to be stored in MyVolume/Applications. You can move the directory to
this last location and then create a symbolic link at/Applications pointing to
/MyVolumes/Applications. The application will try to access the directory at the
usual location, and it will be redirected by the symbolic link to the new location
where the directory actually is.
Hard links
Hard links also come from the UNIX system design. Like aliases and symbolic links,
they are also references to an item. But in this case, they are actual (additional)
references to an original item. Let's clarify what this means.
[ 349 ]
System Resources and Shortcuts Chapter 8
A normal file usually has two parts: the bits that make up the file's content, which is
usually stored in a physical disk, and the name that points to that content. If we
consider this, we could say that all files have at least one hard link or "name." In this
case, in macOS, hard links are "additional" references because it is like another hard
link or "name" pointing to the same bits. Therefore, a hard link is not a copy, is not an
alias, and is not a symbolic link; it is the same file but accessed via another address.
If this seems confusing, think about a single file with different names, but it is not a
duplicate; it is the same content, accessed through different names. Therefore,
removing a hard link will not remove the original item; it will only remove the hard
link or extra name:
In macOS, hard links are used for both files and folders, and they can only
be created through Terminal.
A good example of hard links in macOS is Time Machine backups, which
use hard links for items that haven't changed since the last backup, making
them an excellent way of saving space in the backup process.
Now that we understand the differences between the types of shortcuts used in
macOS and how they are used, let's see how we can manage them.
Creating shortcuts
In macOS, managing shortcuts of the "alias" type is very simple. They can be
managed from the Finder in most cases, but there are also other ways you can go
about it.
In this section, we will explore the different methods to create aliases. We will not
explore how to create symbolic links and hard links because they can only be created
in Terminal and are to be used by advanced users and/or administrators and are
beyond the scope of this book.
[ 350 ]
System Resources and Shortcuts Chapter 8
To create an alias in macOS, you can use any of the following methods:
Open the Finder, select the item you want to create an alias for, then go to
the Finder menu, click the File menu item, and select Make Alias, or right-
click the item and select Make Alias, as seen in Figure 8.21. Take into
account that creating some aliases will require administrator privileges:
Select the item in the Finder and select Make Alias from the action menu,
as shown in Figure 8.22:
[ 351 ]
System Resources and Shortcuts Chapter 8
Drag the item to the new location while holding down the Option + Cmd
keys. In Figure 8.23, the Calculator app is dragged to the Desktop, creating
an alias for this app:
The last method is actually the only one that will not create the alias
with "alias" appended to the name.
And with this section, we have concluded the content for this chapter on system
resources and shortcuts. Be sure to check the following summary to recap what we
have learned in this part and to find out what comes next.
Summary
Having reached the end of this chapter, you now understand system resources and
the types macOS uses, such as extensions, frameworks, fonts, preference files, and
more. You also understand other methods macOS employs to keep the filesystem
clean, organized, and more secure, such as domains, sandboxing, and hidden items,
and you know of several methods to unhide items hidden by default. You can
manage the most familiar type of system resource for a standard user: fonts. You
discovered yet another method used for filesystem organization – shortcuts,
including aliases, symbolic links, and hard links, and their purpose. And you know
how to create your own aliases to organize your own filesystem.
In the next chapter, we will explore metadata in macOS, what it is used for, and how
to manage it. We will also look at handy tools for quickly and efficiently searching
and performing day-to-day tasks, such as Spotlight.
[ 352 ]
9
Understanding Metadata and
Searching
Metadata is pieces of information that help describe and identify content. Metadata is
important in every search system since it's this information that comes into play when
users search using the search tools and what can make their searches relevant and
satisfactory. In this chapter, you will learn what types of metadata macOS uses and
how it uses this metadata. You will also learn about the different search tools
available in macOS for efficient searching.
By the end of this chapter, you will be able to describe how macOS uses metadata and
the metadata resources available in macOS (such as tags) that you can use to organize
data and improve searching. You will use the Spotlight tool for efficient searching
and Siri to perform hands-free tasks and searches with the help of Apple's voice
recognition technology.
Before we start, let's see the technical requirements for this chapter.
Understanding Metadata and Searching Chapter 9
Technical requirements
This is what you will need for this chapter:
Simply put "metadata is data about data." This phrase has been around for a while and
it's an excellent, short way to describe what metadata is and what it does.
Metadata helps organize, locate, and manipulate data to make it easier to identify it
and find it. This metadata can be stored in several locations and various formats. It
can refer to any kind of information, such as documents, video files, images, sounds,
and so on.
In this section, we will explore the most important types of metadata used in macOS.
File flags
File system tags
The AppleDouble file format
Additional extended attributes
Let's explore in more detail what each of the preceding metadata types does in
macOS.
[ 354 ]
Understanding Metadata and Searching Chapter 9
File flags
File flags are a remnant of the original macOS design and are used for additional
access control since they can override applied permissions. This means that if a file
flag that prohibits access is in place, access will be denied, regardless of the current
permissions. Common file flags are the locked flag and the hidden flag. As we saw
earlier, the locked flag can be activated from the Info window, and the hidden flag is
activated from Terminal.
[ 355 ]
Understanding Metadata and Searching Chapter 9
The next type of metadata we will examine is the AppleDouble file format.
There are additional extended attributes that are worth exploring since they can be
very useful as metadata. Let's explore them.
[ 356 ]
Understanding Metadata and Searching Chapter 9
You can manage them from the Inspector or Info window (Figure 9.3). We learned
how to use the Info window in Chapter 7, Understanding Ownership and Permissions,
if you would like to go back to review it:
[ 357 ]
Understanding Metadata and Searching Chapter 9
Now that you understand the types of metadata that are available in macOS, let's see
how to manage the ones that will be the most useful for users in regard to data
organization and searching purposes: tags.
[ 358 ]
Understanding Metadata and Searching Chapter 9
The Finder Sidebar: When you select a tag in the left sidebar, the files
tagged with that tag will appear in the right window, as shown in Figure
9.4:
The Finder search box: When you enter a tag in the search box, you will be
able to select it from the search results, and appropriate tagged files will
appear, as seen in Figure 9.5:
[ 359 ]
Understanding Metadata and Searching Chapter 9
Now that you know how to view tagged files, let's explore how to tag files.
Using tags
Tagging files is straightforward, and there are also multiple places where you can add
tags to a file.
Take into account that you can add one or more tags to a file. To do so, follow any of
these methods:
Right-click on a file you want to tag and select the tags from the contextual
menu. The selected tags will show a checkmark, as you can see in Figure
9.7:
[ 360 ]
Understanding Metadata and Searching Chapter 9
If you don't see the tags you want to use, right-click on a file and select
the Tags... option below the color tags (Figure 9.7). A prompt will appear,
and you can start typing any tag in the input box (Figure 9.8), or click Show
All... to see all the tags and select one from the list:
[ 361 ]
Understanding Metadata and Searching Chapter 9
You can also tag files from the Info window. Start typing any tag in the
input box or select Show All... to see all tags and select one from the list.
Now that you know how to tag a file with the built-in color tags or from the list of
common keywords, let's see how we can create our own custom tags.
Creating tags
Creating a new tag can also be done in multiple places. Basically, wherever you can
view tags, you will also be able to create custom tags. Let's see the main methods for
doing this.
1. Select a file in the Finder, right-click, and select Tags... from the contextual
menu (Figure 9.7).
2. Start typing the tag name you want to create next to the other tags. If the
tag does not exist in the list, you will see Create new tag "[tag
name]" (Figure 9.9).
3. Assign a color if you want, and press Enter:
[ 362 ]
Understanding Metadata and Searching Chapter 9
Let's see how to create tags from a preview file in the next section.
1. Select a file in the Finder and select the Gallery view type from the icon
circled in red in Figure 9.10.
2. Scroll down the preview information to find the Tags section and click Add
Tag (Figure 9.10):
3. Follow the same procedure to add a new tag as explained in the previous
examples.
You can also create and/or assign tags in a similar manner in any document's Open or
Save As... dialogs.
You now know how to add tags, so let's learn how to delete them next.
[ 363 ]
Understanding Metadata and Searching Chapter 9
Deleting tags
Follow these steps to delete or remove a tag with the Finder.
1. Right-click on a file and select the Tags... option below the color tags
(Figure 9.7).
2. Position the cursor next to the tag you want to delete (Figure 9.8) and press
the Delete key.
1. Open the Finder, and right-click on a tag you want to remove from the
sidebar, as shown in Figure 9.11.
2. Select Remove from Sidebar or Delete Tag "[tag name]"... if you want to
delete it permanently:
Note that you can also rename a tag using this method.
You now know how to create and delete tags, but there's an advanced method to
manage tags, and we will see it next.
[ 364 ]
Understanding Metadata and Searching Chapter 9
[ 365 ]
Understanding Metadata and Searching Chapter 9
You can also change the color of the selected tag in the preceding window. Just right-
click on the tag and select any color you want to assign to it.
Now that we have learned how to view, use, create, and delete tags that help you
identify and organize your files, you will see how to perform powerful searches in the
next section about macOS searching tools.
Using Spotlight
Using Siri
Using Spotlight
Spotlight is an advanced macOS autocomplete search technology service. This
service uses metadata to create index databases that enable you to perform instant
and relevant searches. With Spotlight, you can find files, apps, images, and virtually
anything you are looking for.
[ 366 ]
Understanding Metadata and Searching Chapter 9
Spotlight lets you search metadata such as filenames, file flags (such as locked files,
keywords in comments, and more), modification dates, tags, file content, and other
information stored in files such as images and movies (for example, camera
manufacturer).
Spotlight has sort of evolved into a search engine since it searches not only in the local
macOS filesystem volume, Time Machine backups, and iCloud drive, but also in
shared files on other Mac clients, servers, and disks shared via AirPort Wi-Fi access
points. Since OS X Yosemite, the Spotlight service also suggests results from other
locations, such as the web, the App Store, Maps, and more.
Spotlight's suggested results are called Spotlight Suggestions, and they are an
intelligent combination of usage history, location, and authorized user information to
provide accurate and relevant results.
To use Spotlight, just click on the magnifying glass in the upper-right corner of your
Mac, as shown in Figure 9.13:
[ 367 ]
Understanding Metadata and Searching Chapter 9
Actually, Spotlight is the quickest way to open an app, as we can see in the following
example. As soon as you start typing the app name, the autocomplete function will
show you the relevant results, with the TOP HITS at the beginning, as shown in
Figure 9.14:
Notice that the preceding results include definitions, documents, folders, and more.
But you can configure how the results are shown through the Spotlight preferences.
[ 368 ]
Understanding Metadata and Searching Chapter 9
[ 369 ]
Understanding Metadata and Searching Chapter 9
3. In the Privacy tab, you can tell Spotlight which locations, such as folders or
volumes, you want to exclude from searches using the Add (+) and Delete
(-) buttons, as shown in Figure 9.16:
[ 370 ]
Understanding Metadata and Searching Chapter 9
4. You can also click the Keyboard Shortcuts... button, which will take you to
the Keyboard preferences where you can configure key combinations for
frequent searches (Figure 9.17):
Besides searching, you can use Spotlight for other useful tasks, such as performing
calculations and market-based currency conversions.
[ 371 ]
Understanding Metadata and Searching Chapter 9
For example, to perform a currency conversion, we type 150 CAD, and we obtain the
conversion to popular currencies, as seen in Figure 9.18. This feature works with any
conversion type you want to attempt, such as longitude, volume, and so on:
Now that you know what a practical and useful tool Spotlight is, let's see another
equally useful tool in the next section: Siri.
Using Siri
Apple defines Siri as "an intelligent assistant that offers a faster, easier way to get
things done." Siri is Apple's voice recognition technology tool for hands-free tasks,
and it can be used on Mac models from 2018 and later.
[ 372 ]
Understanding Metadata and Searching Chapter 9
Siri has many capabilities, but the most important ones are listed here:
[ 373 ]
Understanding Metadata and Searching Chapter 9
1. Just say "Hey Siri," then make your request, or press the Siri button at the
top right of your Mac screen. At that moment, Siri will start listening, and
you can make your request while holding down the button (Figure 9.21):
2. Siri will stop listening to your request when you release the button.
If you don't issue a voice command, Siri will show you suggestions for voice
commands you can use for specific apps, such as Finder, System Preferences, and so
on, as shown in Figure 9.22:
[ 374 ]
Understanding Metadata and Searching Chapter 9
If you double-click on the arrow next to any of the options on the list (the Finder, for
example), you will see more examples of phrases you can use, such as "Open my
Expenses folder", as seen in Figure 9.23:
You can visit this link if you would like to learn more about How to
use Siri on your Mac: https://support.apple.com/HT206993.
And with this, we have reached the end of this chapter on metadata and searching.
Make sure to check the following summary to recap what we have learned.
[ 375 ]
Understanding Metadata and Searching Chapter 9
Summary
In this chapter, you learned how macOS uses metadata and about the types of
metadata available; namely, file flags, filesystem tags, AppleDouble, and additional
extended attributes, such as the stationary pad and the locked attribute. You also
learned how to manage tags to identify and organize your files. You learned about
the macOS searching tools, such as Spotlight, for efficient and fast searching, as well
as other practical tasks, such as calculations and currency conversions. Finally, you
learned how to use Apple's voice recognition technology with Siri for the same
purpose, in addition to assisting you with common daily tasks.
You are now fully equipped to use the types of metadata and search tools macOS
offers and configure and manage them to improve the user experience for resource
organization and searching.
In the next chapter, we will learn all about managing apps and documents.
[ 376 ]
10
Managing Apps and
Documents
As a macOS user or administrator, you will spend a lot of time managing apps and
documents. Therefore, you must familiarize yourself with the tools and features
macOS offers to facilitate those tasks. In this chapter, you will explore how apps work
in macOS, how to use the App Store, how to install and manage apps and app
extensions, how to share apps with family members, and how to use the features that
macOS provides to manage documents on the spot. By the end of this chapter, you
will be able to use all these features to work with apps and documents quickly and
efficiently.
Before we start, let's look at the technical requirements for this chapter.
Technical requirements
This is what you will need for this chapter:
To use apps in macOS, we need to know the types of apps that macOS supports, and
we will talk about them in the following sections of this chapter. More specifically, we
will cover the following:
Native macOS
Universal macOS binary
Unix-based
Open source
[ 378 ]
Managing Apps and Documents Chapter 10
Native macOS
Native macOS applications are developed in high-level application environments.
Cocoa and Java are the most commonly used programming interfaces for bringing
applications into macOS. Carbon was also used until some time ago, but because of
its limitations with recently implemented features in OS X and macOS, it is officially
deprecated, and Apple no longer recommends its use for app development. Apps
developed with Carbon are considered legacy apps.
If you are (or plan to become) a developer, it is the style of your app that will
determine what you should use as your core objects for its implementation. Apple
developers have been developing native apps using the Cocoa framework, an object-
oriented framework that supports the creation of single-window and multi-window
apps, and the Swift programming language for some time now. With Cocoa, apps can
have the following styles:
No matter which type of style you choose, all apps use the same core set of
objects: model, view, and controller. Cocoa provides the default behavior for most of
these objects.
However, bear in mind that Apple announced the introduction of a new framework
called SwiftUI, specially created for Swift, since the Cocoa framework was created to
work with Objective C. This created problems for developers. SwiftUI is a declarative
way of declaring user interfaces for any Apple platform. Although it is still relatively
new, it is clear that SwiftUI will grow and improve to become the main means of
developing apps for Apple devices very soon.
[ 379 ]
Managing Apps and Documents Chapter 10
The preferred integrated development environment (IDE) for writing the code for
your Apple apps is Xcode, which is integrated with the Cocoa and Cocoa Touch
frameworks and supports the development of apps for all of Apple's devices: Mac,
Apple Watch, iPhone, iPad, and so on. The programming language that is most
widely used in Xcode is Swift, but you can use other languages, such as Objective C,
C++, and Python. XCode now supports SwiftUI as well.
The other native app development environment we mentioned is Java, which is used
to create cross-platform applications. Java applications work in macOS by installing
the Java Runtime Environment (JRE). In macOS, you are prompted to download and
install the latest Java runtime directly from Oracle's site. If you need Java, in general,
you should download the latest Java version for macOS directly from this link:
https://www.java.com.
If you need to use legacy applications that require the older Java SE 6 runtime, you
can go to this link and install Java for macOS 2017-001 (https://support.apple.com/
kb/DL1572). This package installs the legacy Java SE 6 runtime for macOS 10.13 High
Sierra, macOS 10.12 Sierra, macOS 10.11 El Capitan, macOS 10.10 Yosemite, macOS
10.9 Mavericks, macOS 10.8 Mountain Lion, and macOS 10.7 Lion. This package is
only intended to support legacy applications. Otherwise, you should keep your
software up to date by installing the latest Java version, as indicated here.
Once you've installed Java, you will be able to examine and customize some settings
through the Java icon that will appear in System Preferences, as shown in the
following screenshot:
[ 380 ]
Managing Apps and Documents Chapter 10
A separate panel will open, where you will be able to see all the available options for
Java, as well as find out which version you have installed:
[ 381 ]
Managing Apps and Documents Chapter 10
In the next section, we will explore macOS apps that run natively on both Apple
silicon and Intel-based Macs.
To update their code, developers can use Xcode 12.2 and later.
Unix-based
macOS is compatible with most Unix software. However, Unix apps can only be
accessed via Terminal. There is an open-source project called XQuartz, which
developed a tool similar to the X.org X Window System, also known as X, a
windowing system that provides the basic framework for a GUI environment, which
is common in Unix systems. This version for Mac that's supported by Apple even
came included in OS X at some point, but no longer is. If you wish to try it out, you
will need to install it from the development site at www.xquartz.org. You could also
search for other similar third-party solutions for Unix apps on macOS.
[ 382 ]
Managing Apps and Documents Chapter 10
Open source
Apple supports and encourages open source development, and it contributes to many
projects of that type, such as the Swift programming language. If you would like to
know more about these projects, you can visit the open source page on the Apple
Developer site (https://developer.apple.com/opensource/). You can also visit the
Mac Ports page (https://www.macports.org/), an open source community for
designing, compiling, installing, and upgrading either command-line, X11, or Aqua-
based open source software on the Mac operating system.
And with that information on supported macOS environments, you now have an idea
of the potential of macOS apps. The next section will cover an important change in
the compatibility of certain apps with macOS; namely, 32-bit apps.
App compatibility
App compatibility has gone through great improvements as Macs add new
technology and new macOS versions are released. In this section, we will look at the
current state of app compatibility with macOS and with Macs with the M1 silicon
chip. The topics we will explore are as follows:
macOS has been using 64-bit processing since Snow Leopard (2009), and although
macOS still offers support for 32-bit legacy apps, it has been encouraging developers
to transition to 64-bit for a long time to ensure that their apps take advantage of the
latest macOS features and optimizations. For example, recently introduced Apple
technologies, such as Metal graphics acceleration, only work with 64-bit apps.
[ 383 ]
Managing Apps and Documents Chapter 10
This is also the reason why, when you launch a 32-bit app in macOS Mojave, an alert
appears, warning you that the app has not been optimized for Mac. An alert also
appears if you are trying to install a 32-bit app.
Starting with macOS Catalina, 32-bit apps are no longer compatible with macOS. You
can still run your 32-bit apps in older versions of macOS. So, be sure to update your
apps or contact the developer to enquire as to when they will provide a 64-bit
version.
If you are not sure whether your app is universal or Intel, you can do the following to
find out:
[ 384 ]
Managing Apps and Documents Chapter 10
You can also ascertain whether an app is Universal through the Info window:
[ 385 ]
Managing Apps and Documents Chapter 10
If you have a Mac with the Apple M1 silicon chip, you may be asked to install Rosetta
to open apps that are not yet Universal. When you see the prompt, click on the Install
button:
[ 386 ]
Managing Apps and Documents Chapter 10
And that's it! Rosetta will run in the background; there is nothing else you need to do
to use an app that is not yet Universal. Just open the app normally.
In this section, you learned which frameworks are supported on macOS so that you
know which types of apps can be developed on the respective system. You also
learned what 32- and 64-bit apps are, the status of compatibility of macOS with 32-bit
apps, and what to do in the case of an incompatible app. At the same time, we learned
how to run apps that are not yet of the Universal kind and optimized for Macs with
the Apple M1 silicon chip. Finally, we learned how Macs with the Apple M1 silicon
chip can even run iOS apps. We can now move on to learn how to use the App Store
to download and install apps.
[ 387 ]
Managing Apps and Documents Chapter 10
The App Store also has an education program called the Apple School Manager
(www.school.apple.com/), through which Apple helps schools obtain access to and
experience Apple's technologies. In addition, there is a business program called Apple
Business Manager (www.apple.com/business/it) that helps enterprises adopt Mac and
helps employees make the most of those technologies. Both programs allow
businesses and educational organizations to acquire multiple licenses for App Store
software.
If you are an individual user, you need an Apple ID to install apps from the App
Store. In the next section, you will learn how the App Store works with your Apple
ID to provide you with a seamless app installation experience.
[ 388 ]
Managing Apps and Documents Chapter 10
The first time you access the App Store, you will see the Discover page. Here, you
will be able to browse categories and apps or use the search field to look for a specific
app without signing in. However, you will need an Apple ID to install an app and
view your purchases and history.
The following screenshot contains different icons that appear next to the apps:
If you have already downloaded the app in the past with this Apple ID but
not on this machine, a cloud download icon will appear.
If you didn't download the app, you will see a GET button.
If you have downloaded the app to this machine, you will see an OPEN
button. Here, you can see that there is a download icon for the iMovie app,
which means it was downloaded in the past with this account, and an
OPEN button for the Pages app, which means that it has already been
downloaded and installed on this Mac:
[ 389 ]
Managing Apps and Documents Chapter 10
1. You will be asked to sign in. If you don't have an Apple ID, don't worry;
creating one is easy, and we'll cover this shortly. If you have an Apple ID,
enter it, enter your password, and then click Sign In.
2. If you have two-factor authentication turned on, you will need to enter the
code from your second-factor device to enable your Apple ID on your Mac.
3. And that's it! With the Apple ID set up, you are ready to download apps.
When your Apple ID has not been used with the App Store previously, the following
will happen:
If you don't have an Apple ID, you can easily create one. We will do this in the next
section.
Creating an Apple ID
You can create an Apple ID through one of the following methods:
On your Mac, iPhone, iPad, or iPod touch through the App Store
On a PC through iTunes for Windows
On the Apple ID web page (appleid.apple.com), from any device with
browser support
[ 390 ]
Managing Apps and Documents Chapter 10
To create an Apple ID, you would normally need to provide a payment method. At
the time of writing this book, the accepted methods are as follows:
Now, let's examine the process of creating an Apple ID through the App Store:
1. Open the App Store and find a free app you would like to download.
2. Click on the GET button.
3. When you click the button, it will turn green and change to INSTALL, as
shown in the following screenshot. Click that button:
[ 391 ]
Managing Apps and Documents Chapter 10
4. When you're asked to sign in, click the Create Apple ID button, as shown
here:
5. Next, enter an email and password, select your country, check the Terms
and Conditions box, and then click Continue:
6. Enter your name, date of birth, select your security questions, and then
click Continue.
7. Next, provide a payment method and billing address and click Continue:
[ 392 ]
Managing Apps and Documents Chapter 10
9. And that's it! As soon as you enter the correct code, you will see a message
indicating that this Apple ID can be used to access all Apple services on
this Mac.
If you only want to install a free app and don't wish to enter payment information,
there is a way to create an account without providing a payment method.
[ 393 ]
Managing Apps and Documents Chapter 10
If you are using an existing Apple ID, you might be able to remove the payment
method you provided when you sign into the App Store, iTunes Store, or Apple
Books. However, you will need to provide one when you make a purchase. If you
cannot remove your payment methods, see the next section, where we'll explain why
that can happen.
1. Follow the same process described in the previous section for creating an
Apple ID up to Step 7.
2. When you arrive at the window where you have to enter your payment
information, choose None (Figure 10.10).
3. Enter your billing address, even if you selected None; otherwise, you will
not be able to proceed.
4. Next, you might be asked to provide and verify a phone number if you're
eligible to use two-factor authentication.
5. Continue with Step 8 in the previous section to complete this process.
In some cases, the None option will not appear, or you may not be able to remove a
payment method from your App Store account. There could be several reasons for
that, including the following:
If you're using an existing Apple ID with the App Store or iTunes for the
first time, you will need to provide a payment method.
If you have active subscriptions in that Apple ID, you need to have at least
one valid payment method on file. If you want to remove your payment
method despite the subscriptions, you will need to cancel the subscriptions
first and then try again to remove it.
If you have Family Sharing set up, and you are the family organizer, you
must have at least one valid payment method. If you would like to remove
the payment method anyway, you should turn off purchase sharing first.
We'll explain how to do this in the Sharing apps section, later in this chapter.
[ 394 ]
Managing Apps and Documents Chapter 10
You must have a payment method valid in the country or region where
you are physically located. Try changing an existing Apple ID to the
country or region you are in (if you moved or are traveling, for
example). You might be able to remove the payment method once you have
changed your country or region.
You won't be able to remove a payment method if you have a pending
charge. As soon as the balance is paid, you will be able to remove it.
Now that you know how to create an Apple ID from the App Store, you will learn
how to manage your account.
1. Click on your name that appears in the bottom-left corner, as shown in the
following screenshot.
2. You will see your purchased apps and links labeled View Information and
Redeem Gift Card:
3. If you click on View Information, you will be asked to sign in with your
Apple ID. Enter your Apple ID and password, and then click Sign In.
[ 395 ]
Managing Apps and Documents Chapter 10
4. Here, you will be able to make any desired changes to your account. You
will notice that the Payment Information field indicates No credit card on
file since we created this Apple ID without a payment method. You will be
able to add a payment method here in the future if you want to download
paid apps:
In this section, you discovered how easy it is to use the App Store and log in with an
Apple ID. You also learned how to create an Apple ID to be used with the App Store,
with or without a payment method set up. You will now be able to sign in, manage
your account, and start installing your favorite apps. There are several methods for
installing apps, and that is what we will cover next.
Installing apps
Examining packages and bundles
Updating apps
[ 396 ]
Managing Apps and Documents Chapter 10
Uninstalling apps
Exploring installed apps and app preference files
Monitoring open processes and apps
Let's start by learning about the methods for installing apps on macOS.
Installing apps
By default, macOS allows you to install apps using two main paths:
The first option is the (default) recommended option for app installation in macOS.
We will examine both paths in the following section.
To install apps from the App Store, the following are required:
Installing apps from the App Store is straightforward. Just follow these simple steps:
[ 397 ]
Managing Apps and Documents Chapter 10
3. If the app is free, you will see a GET button, as shown in the following
screenshot. If it's not free, you will see the price instead. If you scroll down,
you will find information about the app's version, download size,
developer, the app description, and screenshots, if available:
4. When you're ready to install, click the GET button to download it (or the
price button to purchase it).
5. The GET button will change to INSTALL. Click it to install the app.
6. You may be asked to sign in again.
7. The first time you download an app, you might be able to tell the system
that a password is to always be required, never, or after 15 minutes, as
shown in the following screenshot. You can change this setting later on
from the Security & Privacy preferences in System Preferences, via the
General tab:
8. The app download will start immediately, and it will be saved directly in
the Applications folder in the root system volume by default (usually
Macintosh HD).
[ 398 ]
Managing Apps and Documents Chapter 10
9. You will be able to monitor the app download progress in several locations,
including the Purchase page of the App Store, the Launchpad, and the
Finder. Here, we can see the download's progress in the Launchpad:
In the next section, we will learn how to install iOS and iPadOS apps from the App
Store for Macs with the Apple M1 silicon chip.
You can download apps you have previously purchased on your iPhone
and iPad, which are linked to your Mac with the same Apple ID.
You can search for apps.
[ 399 ]
Managing Apps and Documents Chapter 10
In this section, we saw how easy it is to install apps using the App Store, including
iOS and iPadOS apps, if you have a Mac with Apple silicon. Next, we will look at the
other installation methods that are available.
When installing apps that are not in the App Store, the installation method will
depend on the app developer. In general, installations are done using one of the two
following methods:
For example, this application comes with instructions to drop the app in
the Applications folder:
[ 400 ]
Managing Apps and Documents Chapter 10
As we mentioned earlier, only apps that have been installed from the App Store can
be installed by anyone. If you are installing through any other method, you will be
asked to authenticate as an administrator.
Let's examine another method for installing apps in macOS through packages.
Using packages
Custom packages using native installation assets will have the .pkg or .mpkg
filename extension. Non-native installers will have the .app extension. Installing
these packages will also require administrative privileges.
[ 401 ]
Managing Apps and Documents Chapter 10
5. That's it! You have successfully installed an app using a custom package.
As you can see, installing an app with any of the two methods is very user-friendly.
However, bear in mind that applications that are not in the App Store or are
identified as being from "unknown developers" are subject to security measures
implemented by macOS. However, if you are sure that an app from an unknown
developer is secure and you wish to install it anyway, you can override this default
behavior. We will examine the security measures that macOS implements and how to
override them in Chapter 15, Managing Security in macOS.
When you install packages, you might want to see what is inside them. There is
actually a way to examine those packages, as we will see next.
[ 402 ]
Managing Apps and Documents Chapter 10
After downloading a package, you can examine its contents through the Finder:
1. With the package selected, right-click and select Show Package Contents,
as shown in the following screenshot:
[ 403 ]
Managing Apps and Documents Chapter 10
2. Next, you will be able to browse the files the package contains as you
would any normal folder, as shown in the following screenshot:
In this section, we saw the app installation options for macOS. Next, we will look at a
task you will deal with afterward: how to update your installed apps.
Updating apps
In the previous sections, we learned how to install apps in different ways. The options
to update them are as follows:
App Store
This method is for apps that have been installed via the App Store. When there is an
update available, a red number appears in the App Store icon, signaling the number
of updates available. Just click on the icon, and you will be taken to the App Store
Updates tab to apply those updates.
Automatic updates
You can configure how updates are automatically downloaded or installed without
the need to do anything. We learned how to configure this option in detail in the
Upgrading macOS section in Chapter 2, Installing and Configuring macOS.
[ 404 ]
Managing Apps and Documents Chapter 10
Manual updates
For apps installed through the App Store, you can manually verify whether there are
any updates available directly in the Updates section of the App Store, which is
located on the left-hand side menu. You can also find and manually download all
Apple software updates at this link: www.support.apple.com/downloads.
For apps that have not been installed through the App Store, you will have to
manually verify this in the app itself (usually through their Help menus) or through
the developer's website. Some applications have notification systems to communicate
with you regarding updates through other means, such as email.
Besides installing and updating, another common action you might want to perform
is to uninstall an app, which is what we will learn how to do in the next section.
Uninstalling apps
Users who are not used to Macs find that uninstalling apps on macOS is so easy that
it seems they must be doing something wrong. This is because they are not used to
Mac's app development model, which is different from other operating systems.
Uninstalling apps in macOS can be achieved through any of these three
straightforward methods:
Launchpad
This option only works for apps that have been downloaded from the App Store.
Perform the following steps to use it:
1. Open the Launchpad from the Applications folder, or click on it from the
Dock if you have it there.
2. Click and hold on the app you want to uninstall until you see the icons
begin to bounce and an X appear at the top-left of the icon, as shown in
Figure 10.22.
[ 405 ]
Managing Apps and Documents Chapter 10
4. You will see a warning asking you if you are sure you want to remove the
app. Click Delete if you are sure.
5. You might have to authenticate as an administrator to proceed.
If the app does not have an X on the icon, this means it was probably
not installed through the App Store and cannot be uninstalled from
the Launchpad. Try the other methods instead.
To use it, just go to the Applications folder and drag the app you want to remove
to the Trash, as simple as that.
Custom uninstaller
Although rare, some apps come with a built-in uninstaller included when the
developer deems it necessary.
[ 406 ]
Managing Apps and Documents Chapter 10
To use this method, you would normally have to ask app support to find out where
this package is located, or sometimes it might be included in the app's contextual
menu. For example, the Avast Security software we installed earlier provides its own
custom uninstaller that can be accessed from the top menu, as shown in the following
screenshot:
It's always important to verify the developer's documentation to ensure which is the
best way to uninstall software in macOS.
So far, we have covered the important topics of installing and managing apps. In the
next section, we will learn how to explore and monitor installed apps.
[ 407 ]
Managing Apps and Documents Chapter 10
If you need to know which apps are installed on your system, including third-party
software, you can use the System Information tool to scan your apps to view a list of
installed apps and their locations.
Perform the following steps to use the System Information tool to explore apps and
their extensions:
3. You will be able to see the apps that have been installed on your Mac on
the list, along with some pertinent information, such as the version that's
been installed, the source (Apple or third party), and the installation date.
[ 408 ]
Managing Apps and Documents Chapter 10
You can explore the extensions that have been installed on macOS
through Extensions, right above the Installations section of the System Information
tool.
Apps have preference files, and they can be explored through the Finder tool, as we
will see next.
These files are stored in the user's Library folder, in the Preferences folder,
at ~/Library/Preferences.
As we saw in Chapter 8, System Resources and Shortcuts, sandboxed apps store the
preference files in the container folder, at ~/Library/Containers/[Bundle
ID]/Data/Library/Preferences.
You can view and edit the content of those files through various methods. The
following are the two that are most frequently used:
The Finder Quick Look feature allows you to view the contents of the file.
The Quick Look feature will be examined later in this chapter, in the
Managing documents section.
The Xcode app allows you to view and edit these files.
You can obtain Xcode for free from the App Store.
While you can explore apps through the System Information tool, macOS also has
another tool for monitoring open apps and processes. Let's examine that next.
[ 409 ]
Managing Apps and Documents Chapter 10
[ 410 ]
Managing Apps and Documents Chapter 10
Here, we can see the View menu, through which you can access all the filtering
options mentioned previously:
CPU
Memory
Energy
Disk
Network
Process Name
PID: The process ID
User: The user who owns the process
Now, let's look at the additional details you can examine in each of them.
[ 411 ]
Managing Apps and Documents Chapter 10
CPU
The CPU pane, as shown in the following screenshot, shows the processes that affect
the processor. The columns you have available for filtering are as follows:
If we examine the % CPU column shown in the following screenshot, we'll see
that there is a process called macOS Catalina that is using 42.1% of one processor
core:
In all panes, there is more key information you can examine at the bottom. In this
case, we can see the following:
[ 412 ]
Managing Apps and Documents Chapter 10
User: Percentage of CPU capability being used by apps opened by the user
or by processes opened by those apps
Idle: Percentage of CPU capability not being used
In the next section, we will explore how Activity Monitor helps you gather data about
the memory in your Mac, as well as ascertain whether you need to increase your
RAM.
Memory
The Memory pane, as shown in the following screenshot, shows the memory
resources being used. The main columns you have available for filtering are as
follows:
[ 413 ]
Managing Apps and Documents Chapter 10
In the next section, we will explore how Activity Monitor helps you gather data
regarding energy consumption.
Energy
The Energy pane, as shown in the following screenshot, shows the energy being used
by each process. The columns you have for filtering are as follows:
Energy Impact: Current app energy consumption; the lower, the better.
12 hr Power: Average app energy consumption in the last 12 hours, or since
the Mac was powered on, whichever is shorter; the lower, the better.
App Nap: A feature of some apps that allows them to consume very little
energy when they are opened but are not in use. This feature can activate
when an app is behind other active windows or in a space that is not being
viewed. In this column, it shows whether App Nap is active for this app.
[ 414 ]
Managing Apps and Documents Chapter 10
There is useful information about the battery at the bottom of the pane if you are
using a Mac notebook.
In the next section, we will explore how Activity Monitor helps you gather data
related to storage.
[ 415 ]
Managing Apps and Documents Chapter 10
Disk
The Disk pane, shown in the following screenshot, shows the data that's been read
and written to the disk by each process. The columns you have for filtering are as
follows:
Reads in: Total number of times data was read from storage
Writes out: Total number of times data was written to storage
Reads in/sec: Rate of read operations
Writes out/sec: Rate of write operations
Data read: Total data read from storage
Data written: Total data written to storage
Data read/sec: Speed per second at which data is being read
Data written/sec: Speed per second at which data is being written
In the next section, we will explore how Activity Monitor helps you gather data
related to the network and the volume of data that travels through it.
[ 416 ]
Managing Apps and Documents Chapter 10
Network
The last pane is the Network pane, as shown in the following screenshot, and it
shows the data being sent or received over the network. The columns you have for
filtering are as follows:
[ 417 ]
Managing Apps and Documents Chapter 10
In this section, we have covered some important tasks related to installing and
uninstalling apps and the different methods available to accomplish this. We also
learned how to explore and monitor apps and open processes using the System
Information and Activity Monitor tools. In the next section, we will discover how to
manage app extensions that have been developed to enhance apps' features and
capabilities.
A good example of the use of these extensions can be seen in the Preview app, which
includes markup features to allow you to manipulate images or PDF documents.
These features are also available in other apps, such as the Mail app. For instance,
when you include an attachment in an email, a button lets you access the Preview
markup features, as shown in the following screenshot. This means that you will be
able to mark up your attachment without the need to open any other app:
[ 418 ]
Managing Apps and Documents Chapter 10
In this section, we will learn how to explore apps and extensions that have been
installed on your system. More specifically, we will cover the following:
Types of extensions
Managing app extensions and widgets
Let's start by learning how to explore apps and extensions installed on your Mac.
Types of extensions
As we mentioned earlier, extensions allow different apps to interact with each other,
offering extended functionality, actions, and content to users. Thus, it is important
that we learn in which situations users can take advantage of them, which will save
them time and make their work more efficient. These extensions can be categorized
based on the locations where they allow features to be added, namely, the following
two locations:
Finder
The sharing menu
Finder
These types of extensions allow a badge to be included on local folders, which lets us
know the sync status of remote items, such as the one shown in the following
screenshot:
[ 419 ]
Managing Apps and Documents Chapter 10
They also allow us to include contextual menus in popular cloud storage apps to
manage syncing and a menu in the Finder toolbar to manage sync settings, as shown
in the following screenshot:
Now that you know how extensions can improve functionality in the Finder, let's
discover the second location where they add functionality as well.
Sharing menu
The extensions for the Sharing menu provide more options, such as sharing photos,
videos, and other content. Here, we can see these extensions in action from the Finder
Sharing menu:
Now that you have a pretty good idea of the types of extensions you can use in
macOS, let's explore how to manage them.
[ 420 ]
Managing Apps and Documents Chapter 10
You can inspect and manage those extensions through the Extensions preferences in
System Preferences. Perform the following steps to view and manage your
extensions:
[ 421 ]
Managing Apps and Documents Chapter 10
The other tabs in the left-hand side panel allow you to configure extensions in more
specific sections of macOS, such as Finder, Photos Editing, and Share Menu. For
example, the Actions tab allows you to select extensions for editing or viewing
content, such as Markup actions, as shown in the following screenshot:
Let's explore the last option, which is a bit different from the rest. The Finder tab
allows you to select quick actions and document providers to show in the Finder.
Here, we can see several quick actions that have been selected for the Finder:
[ 422 ]
Managing Apps and Documents Chapter 10
In portable Macs with a touch bar, you will see an additional tab where you can
configure quick actions for the touch bar.
In this section, we learned how extensions are an important part of the macOS user
experience and give us access to functionality, as well as sharing options. However,
app sharing is also an important feature. Let's take a look at how we can share apps
on macOS next.
Sharing apps
Sharing apps is a capability that macOS offers to users so that they can share
purchased apps with family and friends through a feature called Family Sharing,
which we will explore in detail in this section.
[ 423 ]
Managing Apps and Documents Chapter 10
However, if you own more than one Mac, apps purchased on one of them can also be
easily shared and installed on your other Macs as well. To do that, you will need to
enable the ability for purchased apps to be automatically downloaded on your other
Macs via the App Store's preferences:
1. Open the App Store, go to the App Store menu, and then Preferences.
2. Enable the Automatically download apps purchased on other
devices option, as shown here. You will need to sign in with your Apple ID
to configure this option; otherwise, this option will be dimmed:
Figure 10.38 – Downloading apps that have been purchased on other devices
That being said, let's examine the Family Sharing feature and learn how to take
advantage of it.
Family Sharing
Family Sharing is a feature, available since OS X Yosemite 10.10, that offers users a
great way to share apps with family or friends. Through this feature, you can create a
Family Sharing group composed of a maximum of six members (or six Apple IDs),
who can then take advantage of downloaded/purchased apps. Purchases that are
made by any group member can be shared with the other members, as long as they
enable them.
[ 424 ]
Managing Apps and Documents Chapter 10
Download and share eligible music, movies, TV shows, books, and apps
from the iTunes, Apple Books, and App Stores.
Get an Apple Music family subscription, and then invite family members to
join. You can learn more about the family subscription here: https://
support.apple.com/HT205595.
Share family photos and videos.
Set up a family calendar.
Share an iCloud storage plan for your family's photos, videos, documents,
and suchlike.
Find your family members with the Find My Friends app.
Find family members' devices with the Find My iPhone app.
Manage your child's account, turn on Ask to Buy, or use Screen Time with
Family Sharing.
Bear in mind that users can be a part of only one Family Sharing
group at a time.
In a Family Sharing group, there is one organizer who will be the main account and
will invite other Apple IDs into the group to share app purchases. If the organizer has
multiple Apple IDs in iTunes, they can add each of their accounts to the group in
order to share purchases from those Apple IDs as well. The organizer must also have
a valid payment method set up in their account, as all purchases for this group will be
made using that main account. Family Sharing members can also purchase apps
using redemption codes. Bear in mind that unauthorized purchases or downloads can
happen through Family Sharing. If you want to restrict app purchases or downloads,
you can do so through the Screen Time feature. We covered Screen Time in Chapter
4, User Accounts Management.
[ 425 ]
Managing Apps and Documents Chapter 10
Children under 13 must join a Family Sharing group to use Game Center and will
have to ask for approval to make any purchases, even for free items. However,
besides the organizer, another adult in the group can be designated as a parent or
guardian and will be able to approve or reject purchases requested by the children in
the group. For that to work, you will have to create Apple IDs specifically for the
children in your family group, who will have restricted access to purchasing. You can
use the restrictions options in Screen Time to limit the apps you want to allow per
user. You can also choose an age requirement, which will limit purchases and/or
opening applications to the users in that age range. All other regular Apple ID
accounts require a member to be at least 13 years old.
Now that you have a good idea of what Family Sharing is, in the next few sections,
we will explore the following key tasks related to Family Sharing:
[ 426 ]
Managing Apps and Documents Chapter 10
1. Make sure you are signed in to iCloud with a valid Apple ID on your Mac.
This will be the group's organizer.
2. Open System Preferences, and then click the Family Sharing icon, as
shown in the following screenshot. Bear in mind that this icon will not
appear if you are not signed in to iCloud with a valid Apple ID:
[ 427 ]
Managing Apps and Documents Chapter 10
3. The first time you enable Family Sharing, you will see a screen similar to
the following. Click Get Started to start the setup:
4. Next, you will be asked to confirm whether you wish to invite members to
this group or create a child account. For this example, we will choose Invite
People:
[ 428 ]
Managing Apps and Documents Chapter 10
5. You will then be asked how you would like to send the invitation: by mail,
message, or in person. For this example, we will choose Mail:
6. At this point, you will need to enter the email of the person you want to
invite and send the email:
7. Once you've done this, you will see a confirmation that the family member
has been invited and that you will be notified when they join. Then, click
Done. The family member will have to accept the invitation from the email
to be added to the group.
[ 429 ]
Managing Apps and Documents Chapter 10
8. Next, you will see the main Family Sharing preferences, where you will be
able to invite more members through the Add (+) icon, circled in red in the
following screenshot. You will also notice that you are shown as the
organizer. Other members will appear on the list below the organizer as
they are added:
In the tabs you see in the preferences, you will be able to set up access to different
types of content for members, as well as configuring location sharing and purchase
sharing. In the following section, we will learn how to set up purchase sharing.
[ 430 ]
Managing Apps and Documents Chapter 10
Purchase sharing
If you wish to allow members to make purchases or subscribe to services through the
Family Sharing feature, you will have to set up a payment method. Perform the
following steps to do this:
[ 431 ]
Managing Apps and Documents Chapter 10
5. Next, you will be able to add a payment method, which includes credit
cards and PayPal.
If you used PayPal as your payment method, you can verify it through a
code you can obtain from your PayPal account by logging in and using this
link: https://www.paypal.com/getcode. Once you've logged in to PayPal,
you should obtain a code like the one shown in the following
screenshot. You should enter this into the Verification Code field:
[ 432 ]
Managing Apps and Documents Chapter 10
6. Next, you will have to set up purchase sharing. While on the Purchase
Sharing tab, click the Set Up Purchase Sharing... button, as shown here:
7. You will be asked to confirm whether you want to use your current Apple
ID for purchases or whether you want to use a different payment method,
as shown here. Click Share Purchases to continue with the Apple ID
displayed:
[ 433 ]
Managing Apps and Documents Chapter 10
8. You will then be shown the payment method that will be used for
purchases that are initiated by group members. Click Continue:
9. Next, you will be asked to accept the terms and conditions. Check the box
to agree and click Agree.
10. You will now see a confirmation dialog indicating that you are now sharing
purchases. Click Done.
11. And that's it! You are now ready to share and allow purchases in your
sharing group.
Now that a payment method and purchase sharing have been set up, we can start
sharing purchases with our group members.
[ 434 ]
Managing Apps and Documents Chapter 10
1. Open the App Store (or another Apple app you want to download content
from, such as Music) and make sure you are signed in with the Apple ID
you're using with Family Sharing. To verify that, go to the Store menu and
then click on View My Account [your Family Sharing Apple ID]....
2. Go to the Purchased page. The location of this page depends on the app
you are using:
For iTunes: Click on Store. Purchased will be under Quick
Links on the right-hand side.
Apple Books: Click on Books Store. Purchased will be under
Quick Links on the right-hand side.
App Store: Click on the profile icon or your photo in the bottom-
left corner, as shown in the following screenshot:
[ 435 ]
Managing Apps and Documents Chapter 10
3. Once you've logged in to the App Store, the family member will be able to
see the content that's been shared by other members by selecting a member
from the Purchased by dropdown, as shown here:
Open the Photos app, tap the Albums tab in the left-hand
menu, select Family under Shared Albums, and then add the photos and
videos you want to share to that album, as shown here:
[ 436 ]
Managing Apps and Documents Chapter 10
Open the Calendar app and click the Family tab, as indicated in the
following screenshot, to add, view, or change events and reminders in the
family calendar:
If, for any reason, you don't want to share the family photo album, calendar, or
reminders, you can unsubscribe from them on your Mac or also on iCloud.com.
Now that you know how to enable Family Sharing and purchases, let's explore how
to disable these features.
[ 437 ]
Managing Apps and Documents Chapter 10
You can also stop family purchase sharing so that your group members lose access to
all shared purchases and will not be able to make new shared purchases. To do this,
perform the following steps:
1. In the Purchase Sharing tab, click the Turn Off... button that appears in the
bottom-right corner, as shown in the preceding screenshot.
2. You will see a warning asking you to confirm this action. Click Stop
Purchase Sharing if you are sure.
[ 438 ]
Managing Apps and Documents Chapter 10
You can also disable Family Sharing altogether. Perform the following steps to do
this:
1. From the Family Sharing preferences page, select the Family tab.
2. Click the Details... button to the right of the organizer's name.
3. You will see a dialog where you can confirm the action. Click Stop Family
Sharing if you are sure, as shown in the following screenshot:
In this section, we learned how to use the Family Sharing feature with groups of
family members and friends. We saw how to enable it, as well as how to disable it. In
the next section, we will transition from apps to documents as macOS also has many
features that help make document management easier. We will cover those features
next.
Managing documents
Managing documents is as important as managing apps for both administrators and
users. In this section, we will review the macOS features that simplify document
management for users. The features we will explore are as follows:
Launch Services
Quick Look
Quick Actions
Autosave
Resume
[ 439 ]
Managing Apps and Documents Chapter 10
Versions
Locking
I have divided the preceding features into two parts for your convenience, as features
tend to be grouped together according to what you can do with a document before it's
opened and what you can do while working with a document.
Launch Services
Quick Look
Quick Actions
Launch Services
Launch Services is a process that maintains a database of filename extensions and
apps that can open documents with those extensions. This is how, when you double-
click on a document, macOS knows exactly which app to use in order to open it.
If the application to open a specific type of file is not installed on your system, Launch
Services can open the file using its built-in preview mode. Still, you can configure it to
open the file with the application you indicate, which will override the Launch
Services database.
By the way, macOS does not show file extensions. This is the default configuration.
But if, like me, you find it useful to see the extensions since they help you identify the
app the file should be opened with, you can configure that via the Finder
Preferences:
[ 440 ]
Managing Apps and Documents Chapter 10
Bear in mind that this is a global setting; therefore, it will apply to all files. If you want
to see extensions on a per-file basis, instead of using the previous procedure, select
the file that you want to see the extension for and then open the Info window by
pressing Command + I. You will see an option to hide the extension. Deselect it. You
will now see the extension just for that file, as shown in the following screenshot:
[ 441 ]
Managing Apps and Documents Chapter 10
Now, if you want to change which app a specific file will open with, you can do so
from the same Info window. You will see that there is an Open with: section, as
shown in the following screenshot. From the drop-down menu, you can select the
application you want to use to open that file. Bear in mind that this change is
permanent unless you change it back again via the same method:
If you don't want this action to be permanent, you can use another per-file method.
This can be achieved through the contextual menu. Right-click on the file and choose
the Open With option, as shown here:
[ 442 ]
Managing Apps and Documents Chapter 10
If you want the change to be permanent for this file, select the file while holding
down the Option key to reveal the Always Open With option, as shown here, and
save the change to the file's metadata:
[ 443 ]
Managing Apps and Documents Chapter 10
You can also apply the change to all the files with that extension. For that, click the
Change All button when you are presented with the warning prompt.
The changes to Launch Services are per user. Other users will have
to make the changes in their own accounts.
Now, let's examine the next feature, which allows you to preview many types of files.
Quick Look
This is a technology that, with the help of plugins, enables you to preview files of
nearly any type without having to open the application. The application doesn't even
have to be installed in order for this feature to work. The plugins that make this
happen are located in the Library folders.
However, previewing files is not all you can do with this feature. You can also edit,
mark up, or annotate these files without ever opening another application.
The plugins included by default in macOS allow you to preview and edit the
following types of files:
Finder
Time Machine
Email
Most open-and-save browser dialogs
Printer queues
Any application that supports Quick Look
[ 444 ]
Managing Apps and Documents Chapter 10
To use the Quick Look preview feature, all you need to do is select a document and
press the Space bar.
Another way to use the Quick Look preview feature is by right-clicking on the
document and selecting the Quick Look menu option, as shown here:
To quit the Quick Look window, press the Space bar again or click the Close button.
The Quick Look technology is also used in other macOS features, such as the icon
views in the Finder and the inspector or Info window:
When multiple files are selected, you can navigate those files with the
arrow keys near the top-left of the window or press the Left Arrow and
Right Arrow keys.
If a document has several pages, you can also navigate down.
When Quick Look is engaged, you have other options you can use from the
title bar menu, such as opening the item and using the share button. The
sharing options will depend on the type of file, as well as other settings.
As we mentioned earlier, you can perform several useful actions on a file
with Quick Look engaged; these are called Quick Actions, which we will
see in the next section.
Next, let's explore the last feature in this group; that is, Quick Actions.
[ 445 ]
Managing Apps and Documents Chapter 10
Quick Actions
This feature allows you to perform quick actions on a selected file. The built-in actions
that are available will depend on the type of file you're looking at. You can use the
Quick Actions feature either with Quick Look engaged or without it being engaged:
If Quick Look is engaged, the actions are available from the title bar menu.
If Quick Look is not engaged, the actions will be available when you right-
click on the file and select Quick Actions from the contextual menu.
Quick Actions can also be used when you're viewing a file in Column or
Gallery mode. In the following screenshot, the photo is being viewed in
Gallery mode, and we can see the Quick Actions in the right panel, below
the file details.
Here are the built-in actions that are available directly from the Finder:
[ 446 ]
Managing Apps and Documents Chapter 10
To rotate a file, click Rotate Left. By default, you can rotate to the left, but if
you press the Option key, you will be able to rotate to the right.
To mark up an item, click the Markup button.
To trim an audio or video file, perform the following steps:
1. Click the Trim button, and then drag the yellow handles.
2. To see a preview of your changes, click Play.
3. Click Revert to restore your original version.
4. Once you're satisfied with the changes, click Done to save them
and choose to replace the original file or create a new one.
Customize: This option appears when you click on More.... With this
option, you can open the Extensions preferences and choose which Quick
Actions will appear in the Finder's preview pane.
The next set of features are useful when you are already working with documents, as
we will see next.
Autosave
Versions
Locking
Resume
Autosave
The Autosave feature allows certain apps to save a file when changes have been
made. A user working on a document with this feature enabled only needs to save the
document once; the rest of the time, it will be done automatically.
[ 447 ]
Managing Apps and Documents Chapter 10
You can identify an app that supports autosave when it has the following options in
its File menu:
Duplicate
Rename
Move To
For example, if you open the Preview app and examine the File menu, you will notice
that it has a Duplicate option instead of Save as..., and that it also has the Rename
and Move To options.
Some apps in macOS, such as Photos, iTunes, and Preview, already use this feature
by default because using autosave with these apps is very natural. Some of
the applications that support this feature are TextEdit, Pages, Numbers, and Keynote.
When you create a new document with TextEdit, for example, when you want to
close the document or quit the application, you will be asked whether you want to
save the changes. You must choose the location and save the document the first time
this happens. After that, the document will be saved automatically when you make a
significant change, close the application, select the Finder, or attempt to access the
document from another app. Also, if you are working on a document for a long
period of time, without pausing, it will be saved every 5 minutes.
However, you should know that you can also use Save as.... by pressing the Option
key to reveal it in the app's File menu.
If you have saved the original document at least once, when you use the Save as....
option, and you have made changes, you will be asked whether you want to apply
the changes to the original document as well.
The duplicate option will create a copy of the same document in the same location,
but with the word Copy appended to the name. It is useful to keep a copy of the
original file without modifications and to make changes to the duplicate file.
If you don't feel comfortable using autosave, or if you prefer to save the file yourself,
this feature can be disabled in System Preferences, in General Preferences, by
selecting the Ask to keep changes when closing documents option (Figure 10.66).
The next feature we will explore is related to autosave, and allows the use of
versioning.
[ 448 ]
Managing Apps and Documents Chapter 10
Versions
The Versions feature works in combination with Autosave. Apps that support
autosave also support document versions. This feature allows you to revert to any
previously saved version of the document easily.
What's interesting about this feature is that you can navigate to a version of the
document and restore the whole version or insert just sections of the document into
its latest version.
To revert to a previous version of the document, just go to the app's File menu, and
then select Revert To, Last Saved, or Last Opened.
You can see the whole history of a document by going to the app's File menu,
selecting Revert To, and then choosing the Browse All Versions option. The interface
you will see will be very similar to that of Time Machine. You will see the current
version on the left side, and on the right-hand side, you will see the previous
versions. You can use the arrows to scroll up or down the versions, or you can click
directly on the date of the version you are looking for:
Once you have found the version you are looking for, just click Restore.
If you want to restore just a section of the changes, select the section, copy
it, and paste it into the current version.
Locking
What this feature does is prevent a document from being changed or from autosaving
unwanted changes. A locked document or folder cannot be moved, modified, or
deleted. Any app that supports autosave can use the Locked feature.
To use this feature, select the document you want to lock and open the Info window.
Next, select the Locked checkbox. We explored how to use this file flag in Chapter
7, Understanding Ownership and Permissions.
When a document is locked, you will see a warning that will suggest duplicating the
file to create a new copy that you will be able to modify while keeping the original
unchanged.
[ 449 ]
Managing Apps and Documents Chapter 10
When a document is locked, this is indicated in the title bar, as shown in the
following screenshot. You can also lock/unlock a document from the title bar:
Resume
The Resume feature allows applications to be reopened automatically when you log
out or shut down your computer, either on purpose or because of a power failure.
When an application quits for these reasons, not only are any opened documents
automatically saved, but the application's state is also saved. When the Mac is
restarted, or the user logs back in, it returns to how the user left it when it was quit,
including documents or windows being restored – even the position of where you
last scrolled to on a window.
This feature is enabled by default on macOS for logging out actions. If you wish to
disable it, you can do so by deselecting the Reopen windows when logging back
in checkbox in the dialog that appears when you're logging out, as shown here:
[ 450 ]
Managing Apps and Documents Chapter 10
Finally, if the option is disabled, you can temporarily enable this option by holding
down the Option key when logging out. In this case, it will only work the next time
you log back in.
In the final section on managing documents, we will learn how to take advantage of
iCloud so that you can have access to your documents from any device.
[ 451 ]
Managing Apps and Documents Chapter 10
You can keep files and folders up to date across devices: iPhone, iPad,
iPod touch, Mac, or PC, and iCloud.com.
You can create new files and folders from apps using iCloud.
You can work on a single file across multiple apps.
You can access files from your Mac desktop and Documents folder.
You can share files with anyone.
You can store any type of file in iCloud Drive, provided that it is 50 GB or less in size.
However, Apple recommends that you don't store app folders, libraries, or .tmp files.
Also, make sure that you are not exceeding your iCloud storage limit. When you first
set up iCloud, you automatically get 5 GB of free storage. If you need more space,
there are plans that you can access for a fee to increase your storage limit.
Perform the following steps to set up iCloud Drive on your Mac (this procedure may
vary, depending on the macOS version you're using):
[ 452 ]
Managing Apps and Documents Chapter 10
3. Select the iCloud tab and activate the iCloud Drive checkbox, as shown in
the following screenshot:
[ 453 ]
Managing Apps and Documents Chapter 10
4. You will see an Options button appear beside iCloud Drive. Click on it,
and then select the apps whose files you want to sync in iCloud Drive, as
shown here:
Also, when you have iCloud Desktop & Documents enabled on one Mac and you
then enable it on another Mac, the Desktop & Documents content on the other Mac
computer will be moved into subfolders in the iCloud Desktop & Documents folder.
For example, if you add a second Mac called Mac2 to iCloud Desktop & Documents,
you will have a folder called Mac2 with a subfolder called Desktop, along with
another subfolder called Documents, in the iCloud Desktop & Documents folder.
[ 454 ]
Managing Apps and Documents Chapter 10
If you disable iCloud Desktop & Documents on your Mac, the items will be moved
to a subfolder in iCloud Drive, and a new local empty desktop and Documents folder
will be created in the local user account. If you want to copy your files to the new
empty folder, you will have to do so manually.
And with this section on iCloud documents, we have reached the end of this chapter.
Be sure to check out the summary for a quick recap on what was covered.
Summary
In this chapter, we explored a variety of supported macOS environments, including
native macOS, universal binary, Unix, and open source-based app environments. We
saw what happens with 32-bit apps in the latest versions of macOS. Then, we saw
how to use the App Store and create an Apple ID to make the most of its features. In
the following section, we saw how to install and manage apps, including app
extensions. Next, we discovered how to share apps with family members and friends
through a feature called Family Sharing. Finally, we looked at multiple features,
including Quick Look, Quick Actions, Autosave, Versions, Locking, and Resume, that
macOS offers to manage documents quickly and efficiently, including syncing your
documents across devices through the use of iCloud Drive.
Now that you have finished this chapter, you are fully equipped to manage apps and
documents, and also take advantage of all the features macOS provides you with in
order to do so thoroughly and efficiently.
In the next chapter, we will examine the backup and archiving options in macOS,
including Mac's proprietary tool, Time Machine.
[ 455 ]
11
Backups and Archiving
Optimizing your storage, as well as keeping your data safe and available in case of
any potential loss, is vital for good administration. macOS provides several
options for this purpose. Archiving and backing up are two different ways of
managing storage, safeguarding your information, and saving space.
In the first section of this chapter, we will explore the archiving methods that
are available in macOS. You will learn how to use them and in which cases they are
most suitable. Also, macOS has a proprietary tool known as Time Machine, which
was designed exclusively for backing up your data and managing your storage. In the
second part of this chapter, you will learn how to configure and use Time Machine for
your backups.
By the end of this chapter, you will know how to use archiving techniques, as well as
Time Machine, to archive and back up your data safely and efficiently on macOS.
Archiving in macOS
Using Time Machine for backups
Before we start, let's look at the technical requirements for this chapter.
Backups and Archiving Chapter 11
Technical requirements
This is what you will need for this chapter:
Archiving in macOS
Archiving is a recommended practice that allows you to save space and keep your
files organized. On macOS, this can be achieved through just one method or a
combination of at least two methods. As opposed to backing up, archiving is usually
a manual task requiring user involvement. However, it could be automated with the
use of third-party software or specific scripts.
In this section, we will cover the technologies macOS uses to facilitate archiving. We
will examine two easy-to-use archiving methods that you can utilize in macOS, which
are as follows:
ZIP archives
Disk images
Let's explore when it is best to use a ZIP archive instead of a disk image.
ZIP archives
Archiving through ZIP files involves a combination of multiple files to create a
compressed file destined for long-term storage or for faster and more efficient
network transfer. A ZIP file is just a compressed archive. Compression in these types
of files is variable, and the amount of compression that can be accomplished depends
on the types of files being compressed. For example, a 50% compression can be
achieved if you include text files, such as Word documents. However, in the case of
media files, most of them are already compressed, and there will be virtually no
difference when they are included in a ZIP file. Compressed files of this type are easy
to recognize because they have the .zip extension.
[ 457 ]
Backups and Archiving Chapter 11
In macOS, ZIP files are managed through both Finder and Archive Utility. Both tools
work together to offer you a convenient way to compress and expand files. We are
already well-familiarized with Finder and how to access it.
Archive Utility is macOS's built-in tool for file compression and expansion. It is
located in the /System/Library/CoreServices/Applications folder, as shown
in the following screenshot:
However, the quickest way to access it is through the Spotlight tool and the
contextual menus in Finder. Files that have been compressed using this tool will have
either the .cpgz extension by default or the .zip extension, depending on whether
you're using the tool directly or through the contextual menus in Finder. You can
change this behavior through the utility's preferences, as we will see in this section, so
that it always compresses as a .zip file.
[ 458 ]
Backups and Archiving Chapter 11
1. In Finder, select the file or files you want to compress. You can hold down
the Shift key to select several items adjacent to each other or use the
Command key to select several items that are not adjacent.
2. Choose File, then Compress, as shown in the following screenshot, or use
the secondary click to achieve the same result through the contextual menu:
Depending on the size of your files, the time it will take to complete this
process will vary. As soon as it is completed, by default, a ZIP file with the
name of the file, or with the name Archive.zip if you compressed several
files, will appear in the same folder as the original file(s).
Follow these steps to create a ZIP archive directly through Archive Utility:
1. Open Archive Utility using Spotlight and select File, then Create Archive...,
as shown in the following screenshot:
[ 459 ]
Backups and Archiving Chapter 11
2. Then, select the folder or file you want to archive. Take into account that
you cannot choose several items at a time with this tool, but you can select
a folder.
3. As we mentioned earlier, you will see that the file that's been created has
the .cpgz file extension. We will learn how to permanently change this
behavior shortly.
Take into account that you don't have the option to extract
individual items from a ZIP archive using Finder.
And that's it! As you can see, using ZIP files in macOS is very easy. In the next
section, we will see when it is best to use disk images instead of ZIP files.
[ 460 ]
Backups and Archiving Chapter 11
Disk images
Disk images are files that look and act like mountable volumes. These images can be
compressed, encrypted, and secured. Also, permissions can be set; for example, you
can make them read-only. They are widely used for distributing macOS software over
the internet. You can create a disk image of virtually any size, as long as you have the
local storage capacity for the size you want to create. Disk images have the .dmg
extension.
The following is a list of criteria for when it is best to use disk images:
However, although they offer more flexibility and options, you must take the
following into account:
Take into account that, in general, disk images created in macOS can
only be used by Mac computers. You would need third-party
software to open .DMG files from other operating systems, such as
Microsoft Windows.
In macOS, you can use Disk Utility to create a disk image or use
the hdiutil command in Terminal.
In the following subsections, we will explore how to use Disk Utility to create disk
images. More specifically, we will look at the following options:
[ 461 ]
Backups and Archiving Chapter 11
Blank disk image for storage: This is an empty disk image that you can
add data to. You can then use this image to create disks, CDs, or DVDs so
that you can archive your data.
Disk image from a disk or connected device: This disk image contains
data, as well as free space, on a physical disk or another connected device,
such as a USB device. As long as there is free space, you may keep adding
data to it. You can use it to restore the disk image to another volume later
on.
Disk image from a folder or connected device: This disk image includes
the contents of a folder or connected device, such as a USB device, but
unlike the previous type of disk image, it doesn't copy the device's free
space to the disk image; therefore, you cannot add more data to it. As in the
previous case, you can restore that disk image to another volume at a later
date.
Secure disk image: You can create an encrypted disk image if you want to
archive sensitive or confidential information that should be kept protected
and accessible only to authorized users.
Next, we will walk through how to create the first type of disk image described – a
blank disk image for storage purposes.
You can explore how to create all the available types for disk images
by going to https://support.apple.com/guide/disk-utility/
create-a-disk-image-dskutl11888/mac.
[ 462 ]
Backups and Archiving Chapter 11
1. Open Disk Utility. Then, select File, then New Image, and finally Blank
Image..., as shown in the following screenshot:
2. You will see the following dialog window. Enter a name in the Save As box
and indicate Where you want to save the image:
[ 463 ]
Backups and Archiving Chapter 11
3. In the Name field, enter the name of the disk image. This is the name that
will appear in Finder's sidebar, once you've opened the disk image. The
default name is Untitled.
4. Next, enter a Size value for the disk image. The default is 100 MB.
5. In the Format pop-up menu, choose one of the following options:
If the disk image will be used with a Mac running macOS 10.13
or later and has a Solid-State Drive (SSD), choose APFS or
APFS (Case Sensitive).
If the disk image will be used with a Mac running macOS 10.12
or earlier, choose Mac OS Extended (Journaled) or Mac OS
Extended (Case-sensitive, Journaled).
6. If you want to encrypt the disk image, click the Encryption pop-up menu,
and select the type of encryption. You can choose 128-bit AES encryption
(which is recommended) or 256-bit AES (which is more secure but
slower). If you choose to encrypt, you will be asked to provide a password.
7. In the Partitions pop-up menu, choose a partition layout. The options you
have here are as follows:
CD/DVD
Single partition – Apple Partition Map
Single partition – GUID Partition Map (default option)
Single partition – Master Boot Record Partition Map
No partition map
[ 464 ]
Backups and Archiving Chapter 11
8. In the Image format pop-up menu, choose one of the following options:
Once you have selected an option, click Save, and then Done. For this
example, we will use the default option.
9. This process can take a while, depending on the amount of data you have
and the format you've selected. However, you will see a dialog that will
allow you to monitor the disk image's creation progress. Click Done when
it's finished.
10. You will see that the image has been saved where you indicated, with the
.dmg extension.
11. To mount it, just double-click the disk icon on your desktop or in the
Finder's sidebar.
12. And that's it! You can add the files you want to add, and when finished,
you can eject the disk image.
If you decide to change the disk image format later, you can do so; we will learn how
to do just that next.
[ 465 ]
Backups and Archiving Chapter 11
1. Select Images from the Disk Utility's top menu, and then choose Convert...
as shown in the following screenshot:
2. Choose the image you want to convert. For example, let's choose
the .dmg image we created in the previous section.
3. You will have the option to choose a new name, a location to save to, the
encryption type, and the image format, as shown in the following
screenshot:
[ 466 ]
Backups and Archiving Chapter 11
In this case, you can choose from the following Image Formats:
read-only: The disk image can only be read and can't be written to, but they
open faster and are easier to create.
compressed (default option): The data is compressed, making the disk
image smaller but read-only.
read/write: With this format, you can add data to the disk image once
you've created it.
DVD/CD master: This format includes a copy of all the sectors of the disk
image so that when another DVD or CD is created using the disk image,
the data is copied as-is. Therefore, it can be used with third-party apps.
It's a good idea to select compressed (the default option) as the image format to save
space.
Finally, we will learn how to restore this disk image to a physical disk.
Follow these steps to restore a disk image with a single volume to a disk:
1. Open Disk Utility and select the volume that you want to restore in the
sidebar. Beware that this needs to be the disk/volume that was erased for it
to hold the copy.
2. Once you've done this, click the Restore icon at the top and choose the
volume you want to copy, as shown in the following screenshot:
[ 467 ]
Backups and Archiving Chapter 11
3. If you're restoring from a disk image, click the Image... button and
navigate to the disk image, as shown in the following screenshot:
To restore a disk image that contains multiple volumes to a disk, you will need to
partition the destination disk first and then follow the process explained here to
restore each volume individually. If you need to review how to partition a disk, you
can review Chapter 6, The macOS File System: Disks, Volumes, and Partitions, where
this is explained in detail.
[ 468 ]
Backups and Archiving Chapter 11
For detailed information about disk images, read the manual (man)
page by entering the man hdiutil command in the Terminal.
With this, we have covered the essential aspects of archiving in macOS, including the
use of ZIP archives and disk images. However, there is another important task related
to data security and archiving that we will cover in this chapter. Backing up is
perhaps the most essential and often neglected task in terms of data security and
recovery, in terms of the potential data loss that all systems are at risk of, for countless
reasons. Therefore, in the next section, we will explore the tool macOS provides for
this purpose.
[ 469 ]
Backups and Archiving Chapter 11
Time Machine is efficient because it ignores files that don't need to be backed up. This
includes files that can easily be recreated after a restore, such as temporary files or
any other files that can be considered as caches, indexes, and the items in your Trash.
During app development, developers can also include directives so that Time
Machine doesn't back up specific app data that doesn't need to be backed up. By
default, the system excludes locally attached volumes to prevent backups of backups.
Time Machine copies files without compressing them, which makes it easier to access
them. The first time you use the application, Time Machine creates a backup of almost
your entire filesystem, except for the ignored items mentioned earlier. Other items
can also be defined as "exempt" in Time Machine's preferences and will be ignored as
well. After that, subsequent backups are done by tracking the original filesystem's
changes in the background. When a user is connected to the backup system, the next
backup is performed automatically in the background, but after that, only the
changed items are copied into the backup volume. The unchanged items are included
through hard link pointers to the previous backup in order to simulate a full
filesystem backup. This is also another way this system can save a lot of space.
Now that you understand how Time Machine works, let's examine where you can
store your backups while using this tool.
If your backup disk becomes full, the oldest backups will be deleted
to make space for the new ones; therefore, it is possible that you
won't be able to restore very old items if they have been erased.
[ 470 ]
Backups and Archiving Chapter 11
Take into account that Time Machine is not efficient at backing up large databases or
files that change too often. This is because it would have to back up the entire
database every time a change is made in the database; it doesn't matter if the change
is very small or large. This means you could run out of space quite quickly. Because
of this, older items will start to get deleted to make space for new backups.
However, Time Machine will warn you if it has to delete items to free up space.
Keep in mind that you cannot change how Time Machine deletes
older items.
Since OS X Mountain Lion, you can select more than one backup disk for Time
Machine backups. If you have two disks configured, backups will be done one at a
time. The backup for the first disk will be done first, and in the following hour, the
backup for the second one will be done.
The external storage devices you can use to back up with Time Machine are as
follows:
Currently, the preferred storage format for Time Machine backups is AFPS or APFS
Encrypted. However, macOS still supports Mac OS Extended (Journaled) or HFS+
and Xsan formats. If you select a disk for the backups formatted with APFS, FAT32,
or another format different from APFS, Time Machine will ask you whether you want
to reformat the disk. Remember that if you reformat the disk, all information
contained in it will be erased. If you're using the Master Boot Record (MBR) partition
scheme, some partitions may not be available for use with Time Machine.
Technically, you could also create a separate APFS volume in your internal disk for
backups, but this is not recommended because if your disk becomes damaged for any
reason, you will lose your backups as well.
[ 471 ]
Backups and Archiving Chapter 11
If you wish to learn more about storage disks for Time Machine
backups, please go to https://support.apple.com/en-us/
HT202784.
If your storage disk is not available for any reason, by default, Time Machine creates
and saves "local snapshots" into the internal disk, provided there is enough space.
Once your Mac has connected to the backup volume again, the snapshots are
converted into regular backups and saved into the backup volume. This is only a
temporary solution that should not be used as a permanent backup strategy. This is
because your internal disk can become full very quickly; if your disk should become
inaccessible for any reason, you will also lose access to your local backups.
Now that you understand how Time Machine works and where you can save your
backups, let's examine how to configure it.
[ 472 ]
Backups and Archiving Chapter 11
The main tool that's used to manage Time Machine can be found in the System
Preferences panel, as shown in the following screenshot:
Time Machine's preferences can also be accessed through the icon at the top of the
menu bar (if the option to show the icon is selected).
[ 473 ]
Backups and Archiving Chapter 11
3. Select the volume/disk you want to use for Time Machine. If you want to
encrypt the backup, enable the Encrypt backups checkbox at the bottom of
the dialog. Note that when you choose this option, you need to take into
account that the content of the volume/disk will be erased since it is a
formatting option; when you're ready, click Use Disk. The backup process
will start 2 minutes after you select the disk:
4. If you select an additional disk, you will be asked whether you want to
replace the previous disk or whether you want to use both.
[ 474 ]
Backups and Archiving Chapter 11
If you're using encryption, when the disk is reconnected, you will be asked for a
password to decrypt the contents. At this point, it is a good idea to include the
password in the keychain system so that you can access it automatically, as well as so
that backups can take place without you having to provide your password every
time. Make sure to save the password in a secure place because if you forget that
password, your encrypted contents will be lost, and there is nothing you will be able
to do about it.
In Figure 11.12, you will notice there is an Options... button, which allows you to
configure which items to exclude (exempt) from your backups. You can define entire
volumes to exclude if you find them unnecessary, or specific user account folders,
such as the Guest user folder, as shown in the following screenshot:
If you are using a Mac notebook, you will have additional options related to battery
power.
You can also stop Time Machine backups if you made a mistake during the
process, as we will explain next.
[ 475 ]
Backups and Archiving Chapter 11
If a backup is in progress and you want to cancel it or eject the disk, you can click the
X button to the right of the progress bar to cancel it.
We mentioned earlier that when your backup disk is not available, a temporary local
snapshot is created until the backup disk is available again. These snapshots can take
up a lot of internal disk space. The only way to avoid these snapshots is to disable
automatic backups by ensuring the Back Up Automatically checkbox (Figure 11.12) is
deselected.
Now that you know how to configure Time Machine, let's discover how to use the
tool to restore a backup.
More specifically, Time Machine offers four different ways you can restore data from
a Time Machine backup. These are as follows:
Which option to use will depend on what you want to accomplish. Let's briefly learn
how to use each of these options.
[ 476 ]
Backups and Archiving Chapter 11
After restoration, your system will go back to the exact state, files, and configuration
it had at the moment of that backup.
Sometimes, we don't want to restore the whole backup, just certain files. Let's learn
how to do that.
[ 477 ]
Backups and Archiving Chapter 11
You will see folders whose names correspond to the date and time of the backup. If
several computers are being backed up, the name of each computer will be included.
Once you've located the file(s) you want to restore, select them and copy/paste or
drag them to your Desktop or another folder on your Mac.
You can also use the Time Machine interface to restore individual items. Just select an
item, and you will be able to preview it. However, take into account that you cannot
modify the items contained in these folders as you normally would in Finder, and
you shouldn't even try because you will corrupt the backups. Once you've located the
file you want to recover, just click Restore.
[ 478 ]
Backups and Archiving Chapter 11
Take into account that you should not use the Migration Assistant to
restore entire systems.
The Migration Assistant can be accessed during the initial system configuration after
installation. It can also be accessed through the Applications/Utilities folder.
In this section, we'll learn how to use the Migration Assitant to restore a Time
Machine backup during macOS installation. The window shown in the following
screenshot will appear during the Setup Assistant process, after installation:
1. Select the first option to restore From a Mac, Time Machine backup or
Startup disk, as shown in the following screenshot:
[ 479 ]
Backups and Archiving Chapter 11
2. Next, select the Time Machine backup disk and click Continue, as shown
here:
3. Next, you will have to select the backup you want to restore. Click
Continue when you're ready.
4. Finally, you will be able to select which information to restore, such as
entire user accounts, other files and folders, and so on. Click Continue
when you're ready.
This process can take some time, depending on how much information you are
restoring. Finally, let's learn how to use Time Machine to restore backups from
macOS Recovery.
[ 480 ]
Backups and Archiving Chapter 11
For this method, you will need to start up from the Recovery system, as explained in
Chapter 2, Installing and Configuring macOS.
3. Next, you will see a dialog containing information about Time Machine.
Review it and click Continue.
4. The system will scan for available Time Machine backup disks and let you
select a disk or local snapshot to restore, as shown in the following
screenshot. Once selected, click Continue:
[ 481 ]
Backups and Archiving Chapter 11
5. Now, select the backup you want to restore and click Continue.
6. And that's it! Wait for the process to finish, and you're done.
Even if your main system disk is damaged, you can still access the Recovery system
from a local Time Machine backup disk since a copy of the hidden recovery volume is
copied into the local backup disk.
1. Start up your Mac while holding down the Option key and select the disk
that contains the Time Machine backup. In a Mac with the Apple M1
silicon, you would press the Power button until you see the Options
screen.
2. The Assistant tool will do a scan to locate backups, or you can select one.
3. Next, follow the same procedure we explained in the previous section
Using the Migration Assistant.
In this section, we saw what Time Machine is and the options we have to store
backups with this tool. We also explored how to configure Time Machine and the
various methods we can use to restore a backup using the Time Machine interface,
Finder, the Migration Assistant, and macOS Recovery.
With that, we have completed this chapter on backing up and archiving. Be sure to
review the summary for a quick recap on the topics that were covered.
[ 482 ]
Backups and Archiving Chapter 11
Summary
In this chapter, we explored the archiving methods available for users in macOS,
including .zip files and disk images. We also learned how to use macOS's built-in
tool called Time Machine for backing up and archiving tasks. You can now use a
variety of archiving methods to organize your old files and store them, using either
ZIP files for small amounts of data or disk images for large amounts of data or
continuous archiving. You also understand how Time Machine works, and you can
now use it to manage your backups or restore data using those backups.
[ 483 ]
12
Networking in macOS
Today, all of our devices are connected to the internet in one way or another. But
that's not all; devices also communicate with one another. How these devices
communicate and transmit/exchange/share information is where "networking" comes
into play. Networking is a very complex topic. It is more than just connecting a user
to the internet; it involves many types and flavors of protocols, software, hardware,
and technologies, many times all used simultaneously. Although it is not possible to
cover that complexity in this book, we will review the essentials of some networking
topics so that you can have an idea of how it all works in macOS and to make the
most of its available networking capabilities.
This chapter covers aspects related to network configuration that are specific to
macOS. We will start with some basic concepts to refresh your knowledge of
networking fundamentals. Next, we will look at the configuration and advanced
options available in macOS. By the end of this chapter, you should feel comfortable
configuring network connections and services in macOS and using the tools available
for this purpose.
Before we start, let's see the technical requirements for this chapter.
Networking in macOS Chapter 12
Technical requirements
For this chapter, you will require the following:
Networking models
Fundamental networking concepts
Let's begin this overview with the very early developments in networking – the
emergence of networking models.
[ 485 ]
Networking in macOS Chapter 12
Networking models
A networking model, sometimes also known as a networking architecture or
blueprint, is a comprehensive set of documents that describe in detail each function,
small and general, required for a network. Collectively, these documents define
everything that should happen in order for a computer network to work (Cisco
certification guide: http://www.ciscopress.com/articles/article.asp?p=1757634
seqNum=2).
Although there are other models we could talk about, we will discuss the two most
significant models for modern networking:
[ 486 ]
Networking in macOS Chapter 12
OSI's main characteristic is that it can be explained through layers, seven layers to be
precise. Each layer explains a part of the networking process; in other words, how
data moves along a network. The following Figure 12.1 can help you quickly
understand what each layer is responsible for:
Figure 12.1 – The OSI model, by Offnfopt, under CC0 1.0; from Wikimedia Commons
[ 487 ]
Networking in macOS Chapter 12
The Data Link layer is the node-to-node message delivery layer. Here's
where we start to deal with the Protocol Data Units, or PDUs, which are
the pieces of information or packets being transmitted at each network
layer. In each layer, the PDU has a different name. In the Data Link layer,
the PDU is known as a "frame." A "frame" is a chunk of data sent as a unit
over the Data layer. When a frame arrives, this layer transmits it to the host
using its MAC address (see more on this in the Fundamental networking
concepts section later in this chapter). Key components in this layer are the
Network Interface Card (NIC) and the host machines' device drivers, as
well as switch and bridge devices. You will find definitions for these two
devices in the Router address section later in this chapter.
The Network layer is where data is transmitted from one host in a network
to another host in another network. The PDU in this layer is known as a
"packet." Packets are segments or chunks of data wrapped in data
structures, which contain the information needed to deliver the data to its
destination. This layer is where packets get routed through the shortest
route, and the sender/receiver IP is attached to the header. This layer is
handled by devices such as routers.
The Transport layer is the heart of the OSI and is operated by the OS. It is
responsible for delivery of the message in full, as well as acknowledging
successful data transmission. PDUs in this layer are known as "segments."
Formatted data is in this layer from the layers beneath and segmented into
smaller chunks or segments.
The Session layer is responsible for session establishment, maintenance,
and termination.
The Presentation layer, also known as the Translation layer, is where
message translation, encryption/decryption, and compression occur in
order to comply with the correct data format for transmission over the
network.
The Application layer, also known as the Desktop layer, is implemented by
the network applications. They produce data to be transferred over the
network. This is also the layer where the user views the data that has been
received. Good examples of these applications are browsers.
In the very early days of the Macintosh, networking was provided by a technology
called AppleTalk. This was a networking system organized as protocols arranged in
layers known as the Apple Talk protocol stack. What's interesting about this model is
that it was based on the OSI model.
[ 488 ]
Networking in macOS Chapter 12
The AppleTalk networking system is no longer in use. Similarly, like the OSI model, it
was deemed too complex and was not widely adopted. However, the OSI model was
the precursor of the Transmission Control Protocol/Internet Protocol (TCP/IP)
model, which was open, simpler, had fewer layers, and, more importantly, was
widely adopted.
The OSI model is really the precursor of modern networking architecture. It did not
detail many of the services and protocols in each layer, but instead described what
should happen in each layer; in other words, it is a descriptive model. Today, most
networking in Apple macOS and iOS devices is done through the TCP/IP networking
model, which we will examine in general terms in the next section.
TCP/IP model
The difference between the TCP/IP model and the OSI model is that the TCP/IP
model focuses on the protocols used at each layer. Therefore, it is very useful for
networking architecture. The hierarchical structure of the TCP/IP protocol suite
doesn't exactly correspond to the OSI reference model, but it has its similarities. The
TCP/IP protocol suite was originally defined as a hardware-based, four-layer
architecture, comprising the application, transport, internet, and link layers.
Although there are many descriptions available, we will use the one Apple uses:
TCP/IP stands for Transmission Control Protocol/Internet Protocol, and is a suite of
open communication protocols aimed at interconnecting devices on a network, which
can be internal or external; for example, communication within an intranet or with the
internet with the purpose of end-to-end data transport. Basically, TCP/IP determines
how devices communicate in order for data to be transmitted over a network. The
TCP part is responsible for ensuring that data arrives in full at its destination, and the
IP part provides network addressing and routing.
The TCP/IP model is composed of four layers, as you can see in Figure 12.2:
[ 489 ]
Networking in macOS Chapter 12
The Data Link Layer, or the Physical Layer, is where hardware connects
with the hosts to transport raw packets from one host to another host in the
same physical network. This layer is where we find "network interfaces,"
which are discussed in more detail below. Each network interface is
generally connected to one or more interfaces, and the connection between
them is known as a "link," hence the name of the layer. From the user's
standpoint, data passes through the following types of links in this layer:
Wi-Fi, Ethernet, cellular networking, and so on.
The IP Layer is the routing layer, where packets travel from one host to
another, and they are able to pass across multiple physical networks,
traveling from router to router, along a path known as a "route." Each link
they follow from one router to another is known as a "hop." Also, in this
layer, packets are split into several pieces (fragmentation or segmentation
process) at one end and reassembled at the other end. However,
fragmentation is not free of problems; especially, in terms of packet loss,
speed, and overhead; therefore, modern TCP systems use techniques to
maximize the available network bandwidth and verify packet loss.
The Transport Layer is actually composed of several transport layers. Data
travels in this layer, as it does in the IP layer, too. But the difference with
the IP layer is that port numbers are added to the picture, allowing a
definition of which services in a host receive which types of messages. At
this layer, the two most common protocols that provide transport from host
to host are the Transmission Control Protocol (TCP) and the User
Datagram Protocol (UDP). These two protocols also depend on another
protocol known as the Internet Control Message Protocol (ICMP), which
is used to detect connection failures. More on these protocols will follow.
[ 490 ]
Networking in macOS Chapter 12
Host
Network interfaces
LAN and WAN
MAC address
IP addresses and subnet masks
Router address
Network protocols
Host
When talking about networking, you will see the word "host" appear quite frequently.
A host is a device connected to a network that acts as an endpoint for network
communication. Hosts can receive or/and send data. A host can be a computer, a
server, and even a portable device, such as a cellphone.
[ 491 ]
Networking in macOS Chapter 12
In general, a network interface is an NIC, and it can be physical or virtual. When they
are physical, they define the physical network connections, known as hardware
network interfaces (Wi-Fi, Ethernet). When they are virtual, they are known as
virtual network interfaces, or Virtual Private Networks (VPNs), and they define
logical network connections that work on top of the hardware network connections.
A host, like a Mac computer, can have many network interfaces. The most widely
known physical network interfaces are Ethernet (wired) and 802.11 (wireless
networking), which you probably know as Wi-Fi. As mentioned earlier, you can also
have Bluetooth and Ethernet in the same host. Each network interface can be
connected to additional interfaces, which may or may not be physical. Either way,
each of these connections is known as a "link." Even if it's not a physical connection,
you can think of this link as a cable or a wire.
macOS includes built-in support for the following physical and wireless hardware
interfaces:
Ethernet
Wi-Fi
FireWire
Thunderbolt Bridge
Thunderbolt
Bluetooth PAN
USB
VPN
PPPoE
6to4
[ 492 ]
Networking in macOS Chapter 12
Ethernet
Ethernet used to be (to a certain extent, and for now, it still is) the most commonly
used wired technology for connecting Local Area Networks (LANs). With this
technology, data travels over a twisted-pair copper cable. It is a protocol that belongs
to the IEEE 802.3 family of standards. It operates at the Data Link layer of the TCP/IP
stack that enables devices to communicate with one another.
Ethernet has been in every desktop Mac since 1997, even offering multiple Ethernet
interfaces in some models. Portable Macs also used to have built-in Ethernet
interfaces, but since wireless technologies started to predominate, and in order to be
consistent with the portable design of these machines, recent portables no longer have
them. However, Apple offers optional USB Ethernet and Thunderbolt-to-Gigabit
Ethernet adapters if you need to use Ethernet in a portable Mac that does not have
this interface built in.
Ethernet is definitely the most widely used "wired" interface today. Let's now review
the most widely used "wireless" interface today: Wi-Fi.
Wi-Fi
Wi-Fi belongs to the IEEE 802.11 family of wireless standards. Today, it is the most
widely used technology for connecting wireless LANs. Wi-Fi has been available in
desktop and portable Macs since 2006. In older Mac computers, Wi-Fi used to be
known as AirPort. This name was still used for some time in relation to the Apple Wi-
Fi network-based stations family (AirPort Express and AirPort Extreme), although
these are now discontinued from sale.
In the next section, we will explore another type of interface, known as the "bridged
network interface," or, as you probably know it better: FireWire.
FireWire
FireWire is the name Apple designated and trademarked for its version of the IEEE
1394 bridged network interface, a high-performance serial bus for connecting devices
to a computer. FireWire was a standard in many older Mac computer models. It
enabled the creation of small ad hoc networks using daisy-chained FireWire cables.
For a while, it seemed that FireWire was the data transfer technology that would
dominate the market and would become the standard across the board. However,
due to the resurgence of more effective technologies, such as Thunderbolt, FireWire
seems to have adopted a less prominent role. You can still use FireWire in Mac
computers with FireWire 400 or FireWire 800 ports (ports that can transfer data up to
400 or 800 Mbps, respectively).
[ 493 ]
Networking in macOS Chapter 12
The difference between FireWire and the next interface we will explore is that
FireWire has a maximum throughput of around 3.2 Gbps, while Thunderbolt can
reach up to 10 Gbps. Let's examine Thunderbolt in more detail.
Thunderbolt Bridge
Thunderbolt Bridge, or the bridge network interface, is standard in most newer Mac
computers and offers better performance compared with its predecessor, FireWire. It
is a very high-speed, high-performance data transfer technology, and it is also very
flexible as it allows many adapters to be used effectively; for example, you can use a
Thunderbolt to FireWire adapter, or a Thunderbolt to Ethernet adapter. It also allows
small ad hoc networks to be set up using daisy-chained Thunderbolt cables. The
Thunderbolt port on your Mac can be used to connect a display, a TV, a storage
device, and more. In macOS, you would use Thunderbolt Bridge in combination with
an Ethernet adapter to connect to a network.
At the same time, Thunderbolt has evolved and improved. Today, there is
Thunderbolt 3, which has a maximum transfer rate of 40 Gbps, twice as fast as
Thunderbolt 2, four times faster than USB 3.1, and eight times faster than USB 3.0.
The Thunderbolt 3 port in portable Macs also allows charging through the same
cable.
In the next section, we will explore a less powerful but widely used interface for
different purposes: Bluetooth.
Bluetooth
Bluetooth is an industry specification for mobile, computer, and other device
communication, using a short-range wireless connection. Bluetooth is the standard
for connecting a range of devices to your computer or mobile phone, such as
headphones, mice, and keyboards. Most Mac computers that have Wi-Fi also support
Bluetooth. macOS and iOS also support Bluetooth as a network bridge for mobile
phones and for hotspots that can be used to provide internet connectivity via a
cellular network.
[ 494 ]
Networking in macOS Chapter 12
Bluetooth PAN stands for Bluetooth Personal Area Network, and it allows you to
use your Bluetooth-enabled mobile phone as a modem to connect your Mac to the
internet. However, take into account the fact that the speed you obtain will be up to
56 kilobits per second (Kbps), and also that your mobile phone service provider has
to allow you to use your phone as a modem.
In the next section, we will cover perhaps the most popular communication interface:
USB.
USB
The Universal Serial Bus, better known as USB, is a plug-and-play interface for
communication between a computer and peripheral devices, such as digital cameras,
cell phones, media players, flash drives, scanners, and printers. "Plug-and-play"
means that the OS will automatically discover and configure a new peripheral device
without the need to restart the computer. macOS and iOS also support USB as a
network bridge for mobile phones and for hotspots that can be used to provide
internet connectivity via a cellular network.
In the next section, we will explore another type of network service, which uses
hardware network interfaces to create a virtual network.
VPN
A Virtual Private Network, or VPN, is a very popular network service. A VPN
creates a logical (virtual) network within a hardware network interface. In simple
terms, it does this by masking your IP address and creating an encrypted tunnel from
your client to the network-routing device that provides the VPN service. VPNs are
quite often used to protect personal information and data. These are some of the cases
where they are used:
[ 495 ]
Networking in macOS Chapter 12
In the next section, we will explore a less well known protocol supported in macOS:
PPPoE.
PPPoE
Point-to-Point Protocol over Ethernet (PPPoE) is a protocol that can be used to
connect to your Internet Service Provider (ISP). In macOS, it is mostly used for
connecting through AirPort Utility. When using AirPort Utility Setup Assistant to set
up a new base station or extend an existing network, it automatically configures the
network settings. This way, you don't need to manually configure the base station's
settings unless otherwise instructed by your ISP or network administrator, who
should provide you with the account name, password, and other information for your
PPPoE account, for a manual configuration of the base station.
Finally, we will examine yet another interface option offered in macOS: 6to4.
6to4
The 6to4 option is straightforward. It allows you to configure a network configuration
port when you need to connect to an IPv6 address, and your ISP or network does not
offer IPv6 connectivity.
In the next section, we will learn how to identify which network interfaces are
available on your specific Mac.
[ 496 ]
Networking in macOS Chapter 12
1. Open the System Information tool. You can find it in the Utilities folder
in the Applications folder, or you can use Spotlight to find it quickly.
2. On the left-hand side, under Hardware, you will see all the interfaces
available for this Mac (Figure 12.3). Select any interface, such as
Thunderbolt and, to the right, you will be able to see the types of
Thunderbolt interfaces available, as well as their characteristics. In Figure
12.3, we see that there are two Thunderbolt ports. We selected the first
Thunderbolt Bus, and we can see in the lower-right section the speed,
whether there is any device connected to the port, and more:
[ 497 ]
Networking in macOS Chapter 12
The System Information tool allows you to see all the hardware interfaces. If you
want to see only the network interfaces, you can use the Network Utility application
(macOS Catalina and earlier; this tool has been deprecated in macOS Big Sur). The
quickest way to find it is by using Spotlight. Perform the following steps:
You can also find out which network interface you are currently using in the
following manner:
[ 498 ]
Networking in macOS Chapter 12
On the left-hand side, you will see the type of interface. If you are using
Ethernet, that's what you will see. If you are using a wireless interface, you
will see wireless or Wi-Fi. If your machine has both interfaces, you will see
both. Typically, portable Macs don't have Ethernet interfaces, while desktop
Macs do. In Figure 12.5, you can see the network interfaces of an iMac, and
this is why you see an Ethernet interface in the list:
In this section, we explored all the network interfaces offered as an option in macOS,
including the most popular ones, such as Ethernet, Wi-Fi, USB, and VPN, as well as
less well known interfaces, such as PPPoE. These network interfaces are used to
connect us to LANs and WANs, which is what we will cover next.
[ 499 ]
Networking in macOS Chapter 12
The main characteristic of a LAN is that all devices on it share the same server in a
limited geographic area. LANs are typically set up in offices and homes to share
resources such as storage, printers, scanners, and communicate with each other.
LANs can be a few users in a home, or hundreds in a large office.
Contrary to a LAN, a WAN, which stands for Wide Area Network, is not limited by a
geographic area. By definition, it should cover a large geographic area. Actually,
several LANs can be interconnected in a WAN through several routers or similar
devices. A good example of an application of a WAN is a large office with several
offices worldwide, each with their own LANs, and all connected through a WAN.
Another good example of a WAN is the internet, which connects LANs and other
larger networks around the world to the internet.
WANs can also be wired or wireless. Examples of wired WANs are Ethernet
connections wired through fiber or optical cables. Wireless WANs can use mobile
technologies such as LTE.
Another important difference between LANs and WANs is that the former are
usually kept private within a local environment, while WANs are rarely privately
owned, although the infrastructure can be leased from a carrier or an ISP for security
and confidentiality purposes.
All devices connected through networks have addresses that help to identify them in
the network. We will see more about these addresses next.
[ 500 ]
Networking in macOS Chapter 12
In Figure 12.6, there are two MAC addresses in this iPhone example, one for Wi-Fi
and one for Bluetooth:
[ 501 ]
Networking in macOS Chapter 12
Depending on the type of Mac you have, and the type of service you are using, you
will usually find this information for your MAC computer by performing the
following steps:
[ 502 ]
Networking in macOS Chapter 12
4. Click the Wi-Fi tab and then look at the bottom of the window:
5. In Figure 12.8, we are looking at the MAC address of the Wi-Fi interface for
this Mac.
We mentioned earlier that, apart from MAC addresses, there are other types of
addresses, such as the router and the IP address. We will see more about IP addresses
next.
[ 503 ]
Networking in macOS Chapter 12
Another difference with the MAC address is that, while the latter is permanently tied
to a physical network interface (or, in other words, it is fixed), the IP address is not
permanently tied, nor is it fixed. The IP address changes as the device connects to
different networks.
There are currently two commonly used types of IP address: IPv4 and IPv6. IPv4 was
the first widely used IP addressing scheme, and it is still in use today. In the next
sections, we will explore the following:
IPv4
IPv6
Subnet masks
IPv4
An IPv4 address is a 32-bit number organized into four groups of three-digit
numbers, known as octets, separated by periods, as illustrated in Figure 12.9. Each
octet can have a value between 0 and 255:
[ 504 ]
Networking in macOS Chapter 12
The bytes of the IPv4 address can be classified into two parts: the network part and
the host part (Figure 12.10):
The network portion specifies the unique numbers assigned to your network and also
identifies the network class (refer to the following link for more information on the
TCP/IP and Data Communications Administration Guide: https://docs.oracle.com/cd/
E19504-01/802-5753/planning3-18471/index.html). In Figure 12.10, the network
part takes up two bytes of the IP address.
On the other hand, the host part is the part of the IP address assigned to each host. It
uniquely identifies the machine on the network. For each host on the network, the
network part of the address will be the same, but the host part will be different.
Today, there is another type of addressing scheme that will eventually push back
IPv4, and we will explore this next.
IPv6
As millions of devices are added to the global market every year, there was concern
that IPv4 might run out of available addresses. The response to this concern was the
IPv6 addressing scheme, which is increasingly being adopted nowadays. The
advantage of IPv6 compared to IPv4 is that it is a much larger number and therefore
allows a huge range of addresses. This way, IPv6 ensures that there are enough
addresses for any device today and in the future. This is because it is a 128-bit
alphanumeric string (IPv4 is only numeric) and it is constructed as shown in Figure
12.11:
[ 505 ]
Networking in macOS Chapter 12
Although the advantages of using IPv6 are clear, there are still some drawbacks,
namely the following:
IPv4 is still widely used. As of the release of this book, Google statistics
(https://www.google.com/intl/en/ipv6/statistics.html#tab=ipv6-
adoption) calculated that IPv6 native adoption was only around 33%
(https://www.google.com/intl/en/ipv6/statistics.html#tab=ipv6-
adoption).
IPv6 addresses are more complex and harder to interpret.
Communication between IPv4 and IPv6 is not natively possible, and it
requires extra equipment.
Making the switch from IPv4 to IPv6 is not an easy process.
Ultimately, it is quite obvious that IPv4 will run out of addresses and, unless another
technology appears to solve the problem, the transition to IPv6 is imminent. So far,
the process has been slow, and we don't know how long it will take, but it is
happening. On June 8, 2011, the World IPv6 Day testing event took place with the
participation of Google, Facebook, and other leading technology companies.
Following a successful test, it was decided to organize the World IPv6 Launch on
June 6, 2012 (www.worldipv6launch.org). The decision to enable IPv6 in products and
services will ultimately depend on ISPs, home networking equipment manufacturers,
and internet companies around the world. As for Apple products, IPv6 has worked
out of the box since macOS X (10.5).
[ 506 ]
Networking in macOS Chapter 12
In macOS, both IPv4 and IPv6 are configured automatically by default, but if you ever
need to configure them manually, you can refer to the instructions in the Advanced
network configurations section later in this chapter.
Using DHCP (default): The computer obtains the IPv4 address using the
Dynamic Host Configuration Protocol (DHCP).
Using DHCP with a manual address: This is when your ISP uses a DHCP
server but provides you with a specific IP address to use.
Using BootP: Your ISP provides IP addresses using the bootstrap protocol
(BootP).
Manually: Your ISP provides you with a specific IP address, subnet mask,
and router address information to use.
Now, in local networks with many hosts, administrators may decide to divide the
network into subnets. When they do this, they will need to assign a subnet number,
and this is where we will see subnet masks.
Subnet masks
Subnet masks are used by network devices to identify the local network range and to
determine whether outgoing data is destined for a particular network device on a
LAN. The subnet number defines the ranges of IP addresses that can be used in a
network. In simpler terms, the subnet mask determines how the IPv4 address is split.
[ 507 ]
Networking in macOS Chapter 12
IPv4 addresses and subnet masks have the same format; that is, a 32-bit number
arranged in four groups of octets. The InterNIC organization (www.internic.net),
which administers internet domain names, divides IP addresses into classes. The
most common of these are classes A, B, and C. Class C networks use a default subnet
mask of 255.255.255.0. To know which subnet mask you need depending on
which class your IP belongs to, you need to look at the most significant IP address
byte (starting from the far left):
0-127: Class A
128-191: Class B
192-xxx: Class C
Why "mask"? Because that is what a subnet mask does. A good way to explain it is
this: If a computer's IP address is 192.168.1.102, for example, and its subnet mask
is 255.255.255.0, then the computer (and every other device attached to the same
network) will assume that every IP on that computer's local network will be in the
format 192.168.1.xxx, with xxx being the only part that will change (https://
superuser.com/questions/54802/what-is-a-subnet-mask-and-the-difference-
between-a-subnet-mask-of-255-255-255-0).
In the same way, the number represented by the "0" in the subnet mask means that
IPs in that network can be anything from 192.168.1.104.0 to
192.168.1.104.255.
It is important to mention that with IPv6, the subnet ID is built into the address. In an
IPv6 address, the first 48 bits are the network prefix, the next 16 bits are the subnet ID
used for defining subnets, and the last 64 bits are the interface identifier, as illustrated
in Figure 12.12:
Finally, we have a different type of address, the router address, that we also need to
be aware of, and we will explore this next.
[ 508 ]
Networking in macOS Chapter 12
Router address
Before talking about the router address, it is important to differentiate between
several pieces of hardware: modem, router, bridge, and switch.
On the other hand, a router is an appliance (physical or virtual) that creates a network
among the devices in your LAN and directs the traffic from the internet to the
devices. In more technical terms, a router identifies a packet header's destination IP
address, determines the best route for the packet to reach its destination, and then
forwards it. A router is a traffic director: where two or more networks meet, that is
where a router will be present.
Now, from the first dial-up modems (the ones that used to make that very distinctive
noise those in my generation remember quite well) to the present day, these devices
have gone through great transformations. Modems no longer work in the same way
as the old ones, but the name remained because it is familiar. Today, it is common to
have a device that combines the functions of a modem and a router, and most of them
also include Wi-Fi technology for wireless connections to the internet.
On the other hand, a switch is a device that moves data between devices. It is mostly
used for transferring data packets among various network devices, such as routers
and servers. It allows you to connect multiple devices to a router; in order words,
they expand the router's capabilities, and they are generally built into the router since
they participate in routing traffic to the appropriate devices.
Routers and switches use routing tables to determine where the network traffic
should go. Remember that a router identifies a packet header's destination IP address.
It does that by examining the routing table to identify where the device IP is located
or to which switch it is connected to send it that way.
[ 509 ]
Networking in macOS Chapter 12
Having defined all that, all routers have two IP addresses: a private address on the
local network, and an external, public address used for communicating with other
networks on the internet. The external facing address managed by a router is set
when it connects to the ISP. Normally, routers will have the first available address in
the local address range. Most ISPs will assign these common router private addresses:
192.168.0.1 or 192.168.1.1.
Why would you need to know this address? You will normally need this address to
access the manufacturer's panel in order to perform network configurations such as
changing the network password or name. You will also need it to perform ping tests
and to configure static addresses for IoT devices.
In macOS, you can ascertain the IPv4, IPv6, and router addresses here:
[ 510 ]
Networking in macOS Chapter 12
In Figure 12.13, you can see a typical configuration. This machine has an IPv4 address
of 192.168.0.16, a subnet mask of 255.255.255.0 (which makes sense since this is
a "Class C" IPv4 address), and a router address of 192.168.0.1, the first available
address in the range this network can have. The subnet is telling us that the network
this machine is connected to can assign IP addresses from 192.168.0.1 to
192.168.1.255. On the other hand, this ISP provider is not using IPv6 addressing
yet.
To use networking in macOS, we need to use network protocols. We will explore how
that is done next.
Network protocols
We mentioned earlier that TCP/IP is a suite of protocols. A network protocol is a set
of rules and processes that define how devices communicate over a network.
Next, we will review some of these protocols because we will most likely encounter
them when configuring networking in macOS. The protocols that we will explore in
this section are the following:
DHCP
DNS
TCP and UPD
ICMP
Let's begin with the protocol on which TCP/IP relies heavily for configuration: DHCP.
What is DHCP?
The default protocol macOS uses to acquire the TCP/IP configuration and assign IPv4
addresses is known as the Dynamic Host Configuration Protocol (DHCP). This
protocol enables the assignment of an IP address to a computer automatically from a
defined range of addresses configured for a network, thereby assisting in the
automatic configuration of network clients. This is very useful in large networks with
many clients, where manual configuration would take too much time and be prone to
human error. It is common for routers to provide the DHCP service, or an
independent server can also provide it.
Another essential protocol for networking configuration is DNS. Let's explore this
now.
[ 511 ]
Networking in macOS Chapter 12
Of course, none of this would work without a transport protocol that allows data to
travel between hosts and networks. We will explore the most popular ones next.
[ 512 ]
Networking in macOS Chapter 12
Apple's Developer site recommends that, as a rule, when developing for Apple
devices, you should generally avoid UDP unless you have to support an existing
protocol that uses it (https://developer.apple.com/library/archive/
documentation/NetworkingInternet/Conceptual/NetworkingConcepts/
NetworkingLayers/NetworkingLayers.html).
On the other hand, these two protocols also depend on another protocol, ICMP,
because it helps detect data transmission failures. We will explore this protocol next.
ICMP
TCP and UDP depend on another protocol known as ICMP, which is used to detect
connection failures through ICMP packets. Although ICMP is not mandatory for TCP
and UDP sockets to connect successfully, detecting connection failures is significantly
reduced. ICMP packets are also required for the ping tool, which is used to diagnose
network problems.
In this section, we have explored the fundamental networking concepts you need to
be familiar with in order to properly manage networking in macOS. We reviewed
what network interfaces (Ethernet, Wi-FI, USB, and so on) are, you learned how to
identify which interfaces are available in your Mac, we reviewed what a LAN and a
WAN are, what MAC, IP, and router addresses are and how to find them in your
Mac, and finally we reviewed the main protocols that participate in this
communication process (DHCP, DNS, TCP/UDP, and ICMP).
Now that we have finished reviewing some of the most important networking
concepts and have a clearer idea of how it all works, let's move on to our options for
configuring networking in macOS.
[ 513 ]
Networking in macOS Chapter 12
All network preferences and configuration options are managed from System
Preferences through the Network panel (Figure 12.15):
[ 514 ]
Networking in macOS Chapter 12
Take into account the fact that network preferences can only be
managed and modified by users with administrative privileges. If
you are a non-administrative user and want to make changes, you
will have to authenticate as an admin to do so.
Let's now go into the details, starting with the initial network configuration that
happens when macOS has just been installed.
During the initial network configuration, the Setup Assistant plays a major role. As
we have seen in Chapter 2, Installing and Configuring macOS, the Setup Assistant is
deployed when you power up a new Mac or when a fresh macOS installation has
been performed. This assistant is very easy to use. What happens during this setup is
that any active interfaces will be identified and enabled. This includes an automatic
connection to unrestricted (open) wireless networks. Also, the configuration of the
TCP/IP network protocol via DHCP will be attempted. DHCP is enabled by default
for Ethernet and Wi-Fi interfaces, which means that, in most cases, network
configuration will be performed automatically. Most users won't have to do anything
to configure their network connectivity, aside from entering their network
authentication passwords.
[ 515 ]
Networking in macOS Chapter 12
If, after the initial configuration, you wish to make changes or configure additional
networks, you can do so from the Network panel in System Preferences. If you are
using a version earlier than macOS Sierra, you can also use a tool called Assist Me,
which can be found at the bottom of the Network panel. What this option does is
bring back the Setup Assistant to help you configure your network and to provide
some diagnostics.
Let's now explore in more detail the connection to the most popular network
interfaces, starting with Wi-Fi.
Connecting to Wi-Fi
Connecting to Wi-Fi in a Mac is a pretty basic task. As mentioned earlier, a recently
installed machine will connect automatically to "open" Wi-Fi networks (that is,
networks that don't require any authentication). A secure wireless network will, of
course, require you to enter the network authentication password. However, a Mac
that has already been configured can remember and reconnect automatically to
authenticated Wi-Fi networks.
For secure wireless networks, macOS supports the following Wi-Fi authentication
protocols:
[ 516 ]
Networking in macOS Chapter 12
When joining a secure network through WEP or WPA authentication, the system
automatically saves the password into the system keychain. This means that the Mac
will automatically reconnect to any Wi-Fi network to which it has connected in the
past. You can verify the authentication protocol in the Network panel, in the Wi-Fi
tab, as seen in Figure 12.16:
There may be closed or hidden networks that cannot be seen for security reasons, but
you can find them through their SSID. The SSID, or Service Set Identifier, is used to
identify a Wi-Fi network name and its associated configuration. The SSID is basically
the network name. In Figure 12.17, we can see that the SSID is ARIAS NETWORK,
but we could log in to other SSIDs, such as DASHEN ESTUDIO, if we know the
password.
[ 517 ]
Networking in macOS Chapter 12
If you know the SSID name and password of another Wi-Fi network you want to
connect to, you can use the information to connect to that network. Perform the
following steps to do so:
[ 518 ]
Networking in macOS Chapter 12
The same can be achieved from the Wi-Fi status menu, but for that, make
sure the Show Wi-Fi status menu option, located at the bottom, is enabled
(Figure 12.17). If that is the case, you will see the Wi-Fi icon appear in the top
menu bar, as shown in Figure 12.18, and you can click Other Networks to
join another network:
Figure 12.18 – Joining other networks through the Wi-Fi status icon
When you select the Network Name menu or the status menu, macOS
automatically scans all available networks for you to select from. macOS
always remembers any networks it has connected to at any time in the past.
If it detects that one of these networks is nearby, it will reconnect
automatically. If no Wi-Fi networks are found, then you could try the Join
Other Network... option.
4. Enter the exact network name or SSID in the Network Name field, and
then select the Security authentication protocol and the password (Figure
12.19):
[ 519 ]
Networking in macOS Chapter 12
You can find out which type of authentication protocol you are using by logging in to
your router address to verify the information. Remember that the router address is
usually something like 192.168.0.1, and you need to know the login information,
which, by default, is something generic, such as admin (user) and password
(password), unless you or someone else changed it. Once you log in to see your router
information, you can identify the type of authentication protocol. If you have access
to your router dashboard, you can also change the SSID name and the password
provided by your ISP to a different SSID name and password. The procedure will
change depending on the router brand you are using. You can always ask your ISP
for this information.
However, connecting to wireless networks is not all you can do in macOS, so let's see
some other examples next of how you can use other types of networks.
Ad hoc networks
Enterprise
[ 520 ]
Networking in macOS Chapter 12
Ad hoc networks
Ad hoc networks are also known as computer-to-computer networks, which are
temporary wireless networks that allow one-time connections, useful for sharing files
or to share internet connectivity with other devices, such as PCs and iOS devices.
Although this type of network might seem very similar to, or even the same as, the
AirDrop feature in macOS and iOS devices, it is not. AirDrop can only be used
between Apple devices, whereas ad hoc networks can also be used with other non-
Apple OSes, such as Windows.
You can create these ad hoc networks using your Wi-Fi connection. The following are
the steps required to do that. Be aware that these instructions are for macOS Catalina
and earlier. For macOS Big Sur, please refer to the section following these
instructions:
3. Enter a name and leave the default Channel 11 (or choose another one). For
this example, we will call this network Temporary. When ready, click
Create (Figure 12.21):
[ 521 ]
Networking in macOS Chapter 12
Notice that the Wi-Fi icon has changed and that Network Name has
changed, as seen in Figure 12.22:
[ 522 ]
Networking in macOS Chapter 12
Now, all Wi-Fi-enabled computers or devices nearby will be able to join the
network by selecting it from the status menu or by using the network name,
as we can see in this nearby iPhone in Figure 12.23:
This feature has been deprecated in macOS Big Sur; however, you can still enable an
ad hoc network. To do so, perform the following steps:
Take into account the fact that for joining networks on some
computers, such as PCs, other settings might be required.
[ 523 ]
Networking in macOS Chapter 12
Once you are done, disable the network since it would be a security risk to leave it
enabled. To disable an ad hoc network, just do any one of these two actions:
Turn off the Wi-Fi hardware interface through the button that appears in
Figure 12.23.
Choose another Wi-Fi network from the list.
When you perform any of the preceding actions, the ad hoc network will disappear
from the list.
In the next section, we will discuss briefly another type of network you can create
with macOS.
Enterprise
Enterprise networks are set up and authenticated through the WPA/WPA2 Enterprise
(802.1X) protocol. This configuration is created by an enterprise network
administrator who will provide you with the authentication details to join the
network. Only network administrators can grant access to a WPA/WPA2 Enterprise
authenticated network, and it will require them to modify the system keychain.
This authentication method is mostly used in an enterprise setting where your Mac is
configured to use a directory service and MDM. This topic is not covered in this book,
but you can find more information here: https://support.apple.com/HT207431.
Actually, in macOS, you can use several services simultaneously, each with its own
set of preferences and configurations. The feature that makes this possible is network
locations. We will examine how this feature works next.
[ 524 ]
Networking in macOS Chapter 12
Although only administrative users can define and save network locations, other non-
administrative users can switch between locations from the Apple menu if more than
one exists.
Something to always take into account is the fact that macOS has at least one default
active network location at all times. If for any reason, you need to turn off networking
in your machine, you can accomplish this by creating a network location with all
network interfaces disabled. This way, your Mac is completely off the radar of any
network.
To identify the default active network location in macOS, perform the following steps:
If there is more than one network location, the system will automatically attempt to
connect the first location in the list in order to establish a TCP/IP connection via
DHCP.
Here are some examples of network location configurations, just to give you an idea
of what you could do:
Take into account that this will affect all users. Locations are system-
wide settings.
[ 525 ]
Networking in macOS Chapter 12
[ 526 ]
Networking in macOS Chapter 12
5. Next, enter a name for the location. For this example, we will name it No
connection and then click Done:
6. A location with default settings will be created. If you made a mistake, you
can use the Revert button (Figure 12.26), which will revert to the previous
active network configuration. We don't wish to revert, so we will continue
with the steps for this scenario:
[ 527 ]
Networking in macOS Chapter 12
7. Next, we will select each of the services on the left-hand side and click the -
(Delete) button to remove them, as explained in Figure 12.27:
8. To apply the location, administrative users can select it from the Location
drop-down menu and then click Apply.
9. And that's it! You now have an additional location you can use according
to the situation.
[ 528 ]
Networking in macOS Chapter 12
Now, if non-administrative users log in to their profile and see that there is no
connection, they can change the network location from the Network panel or by
selecting the Apple menu and then selecting a location that has interfaces enabled,
such as Automatic, as seen in Figure 12.28. This way, the user regains access to a
location where there are active interfaces:
Be aware that the Location menu does not appear in the Apple
menu when only one location exists.
Perform the following steps to prevent a user from changing the location without
authorization. Refer to the Custom Wi-Fi configuration section in the last section of this
chapter.
[ 529 ]
Networking in macOS Chapter 12
1. Follow steps 1-4 from scenario 1, and name the connection No Wi-Fi.
2. With the location just created selected in the Location menu, select the Wi-
Fi interface, and then select Make Service Inactive from the gear menu, as
seen in Figure 12.29:
[ 530 ]
Networking in macOS Chapter 12
3. Click Apply.
4. A non-administrative user cannot reactivate the Wi-Fi service for that
location. So, unless there is another location with an active Wi-Fi service to
which they can switch, they won't be able to access Wi-Fi.
As you can see, network locations can be very useful for changing full configurations,
from simple ones to configurations for specific purposes, places, or specific
restrictions.
However, apart from the network services listed by default in the Network panel list
that appears to the left (the ones we deleted earlier), you can add additional services,
and that's what we will cover next.
Thunderbolt Bridge
Thunderbolt
Bluetooth PAN
Wi-Fi
Ethernet*
VPN
PPPoE
6 to 6
[ 531 ]
Networking in macOS Chapter 12
Take into account that this list may vary according to the type of Mac you have and
the model. For example, some older Mac machines still have FireWire interfaces,
while others don't, and portable Macs don't have Ethernet interfaces. We have
already described these interfaces earlier in this chapter (What are network interfaces?).
* If your Mac doesn't have an Ethernet port, you can use a USB to
Ethernet adapter or a Thunderbolt to Gigabit Ethernet adapter.
VPN configuration
VPN configuration can be done in two ways: through a configuration profile and
manually. The use of configuration profiles is beyond the scope of this book, but
installing them will normally be as easy as double-clicking on the configuration file,
unless your service provider gives specific instructions.
You can verify whether you have any profiles installed in System Preferences
| Profile preferences. Be aware that if no profiles are installed, the Profile preferences
will not appear.
[ 532 ]
Networking in macOS Chapter 12
5. Enter a name for the new VPN service or leave the default, and then click
Create.
6. Once the connection is created, you will see the new service appear on the
service list, as seen in Figure 12.31, and you can see the basic configuration
to the right:
[ 533 ]
Networking in macOS Chapter 12
7. Enter the VPN server address and account name if using user-based
authentication.
8. And that's it! You can select this connection at any time from the network
services list.
[ 534 ]
Networking in macOS Chapter 12
You can have multiple VPN configurations in the same interface. To do that, perform
the following steps:
1. While in the Network panel, select the VPN service from the list.
2. Go to the Configuration drop-down menu and select Add
Configuration..., as seen in Figure 12.32. In this menu, you can also rename
and delete a configuration that you created:
[ 535 ]
Networking in macOS Chapter 12
By default, the system sends traffic through the VPN only if the VPN server defines
routing information. Also, by default, VPN interfaces are placed at the bottom of the
network services list, which means that it will not be the first choice to use as a
network service interface. You could manually reorder the services and put the VPN
connection at the top of the list to be processed first. This behavior can also be
changed through the following steps:
Once the configuration connection is authenticated and established, the TCP/IP and
DNS settings are automatically configured by the PPPoE protocol.
In short, VPN configuration will very much depend on the VPN service provider's
instructions, so be sure to review their instructions carefully.
[ 536 ]
Networking in macOS Chapter 12
So far, we have seen the most common and useful network configuration options that
you are likely to encounter as an administrator. But there is much more you can do.
However, for most connections, Mac makes it as simple as it can be, and we will see
the technology behind that next.
Bonjour
Bonjour is Apple's implementation of the zero network configuration standard, which
allows the automatic and efficient discovery of services and devices on a local
network. The Bonjour protocol allows the advertising and discovery of services
through multi-cast DNS (MDNS) and link-local addressing. It was initially designed
to help locate Apple services on a network with one router, but it quickly became
popular and started to be implemented outside of Apple environments.
Bonjour works out of the box in macOS, iOS, and iPadOS in Apple, but it can be
installed in Windows computers and integrated into applications, such as Safari. On
macOS, Bonjour is enabled by default; there is nothing you need to do to enable it.
If you want to take a look at how it works, you can examine which devices are being
broadcast through Bonjour. For that, you would need to download and install the
Bonjour browser, which is now named Discovery, from the Apple Store.
Once it is installed, when you open it, you will be able to see and browse Bonjour-
enabled devices on your networks, such as other computers, printers, and more. The
most important detail is that you will be able to see important information belonging
to each device, such as their IP addresses. This is very useful in large networks with
many devices.
Now that we have seen the basic network configurations in macOS, including the
initial network configuration, connecting to Wi-Fi, creating other types of networks,
such as ad hoc networks, configuring network locations, and adding additional
network services, let's look at some of the advanced network configurations that are
possible in macOS.
[ 537 ]
Networking in macOS Chapter 12
As mentioned earlier, all custom network settings in macOS are managed from the
Network panel in System Preferences by selecting the network interface you want to
customize and then clicking the Advanced button. You will require administrator
privileges to make changes in this section.
Let's review some of the available configurations accessible through the Advanced
button.
[ 538 ]
Networking in macOS Chapter 12
By default, these options are allowed. Therefore, if you want to restrict users
from performing these actions, you can check the appropriate optional
boxes (Figure 12.34):
[ 539 ]
Networking in macOS Chapter 12
You could also include these restrictions within a network location configuration.
When you add them as part of a network location, they will apply only when that
location is active.
Deleting a network is easy. Just select it and click the - (Delete) button that appears
below the network list (Figure 12.34).
Let's now explore the next option as regards advanced configuration: manual TCP/IP
configuration.
[ 540 ]
Networking in macOS Chapter 12
3. Enter the details for the IPv4 address, subnet mask, and router, as provided
by your ISP.
[ 541 ]
Networking in macOS Chapter 12
When you configure TCP/IP manually, you will probably have to configure the DNS
settings:
1. While in the Advanced section, click the DNS tab. You will notice that
automatic settings are cached from the DHCP service, as seen in Figure
12.37, but you can change these settings.
2. To edit an address, double-click its entry in the list:
3. After making any changes, always click OK and then Apply to save the
settings.
To add a DNS server's IP address, click the + (Add) button (Figure 12.37).
If configuring multiple DNS servers or search domains, the system will prioritize
them according to the order in which they appear in the list.
Let's now explore the next option as regards advanced configuration: NetBIOS/WINS.
[ 542 ]
Networking in macOS Chapter 12
NetBIOS/WINS
Windows Internet Name Service (WINS) is Microsoft's implementation of the
NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer
names. Older Windows computers use them to provide network identification and
service discovery. From a practical point of view, this is used by other Windows
machines to discover Mac machines dynamically. You can use it, for instance, to share
printers from your Mac with Windows clients. macOS provides support for both on
any active network interface (except for VPN connections).
The Mac computer's NetBIOS name is configured automatically, as you can see in
Figure 12.38, but in some cases, you will need to select the NetBIOS Workgroup
manually. Workgroups are used to facilitate navigation in large networks with lots of
users. This is done by grouping devices into smaller workgroups. In networks with
few computers, there is usually just one workgroup. Perform the following steps to
manually configure the NetBIOS and WINS settings:
1. While in the Advanced section, select the WINS tab and enter a unique
name, if necessary. Note that NetBIOS and workgroup names are always in
capital letters and cannot contain spaces or special characters.
2. Select a workgroup from the menu or enter another name:
3. Next, click the + (Add) button at the bottom of the WINS configuration and
enter the server's IP address. If several servers are configured, they will be
accessed in the order in which they appear on the list.
4. Click OK and then Apply to save the changes.
In the next tab, we have the settings for the 802.1X protocol. Let's see what we have
there.
[ 543 ]
Networking in macOS Chapter 12
802.1X configuration
As mentioned earlier, the 802.1X protocol is an enterprise option for wired and
wireless networks. There are two configuration options in this case:
In both cases, the details are provided by a network administrator. When configuring
through a profile, the profile file provided by the administrator is installed just by
double-clicking on it.
Be aware that when using this protocol, no changes can be made through the
Advanced configuration. This is why you see a profile configuration when you go to
the 802.1X tab (Figure 12.39). Details will only appear when a profile has been
installed:
In the next tab, we have the Proxies configuration. Let's now explore the options
available in this case.
Network proxies
A proxy server is an intermediary between a client, like a computer or another server,
from which another client requests a service. It is a way to avoid direct access to the
computer or server providing the service. A network administrator will normally
provide this type of configuration.
[ 544 ]
Networking in macOS Chapter 12
You can manually configure the proxy settings by checking the appropriate boxes
next to each protocol and enter the connection information provided by the network
administrator for each protocol. In Figure 12.40, we can see the details that need to be
provided for configuring a web proxy (HTTP):
[ 545 ]
Networking in macOS Chapter 12
If you want any specific hosts and domains to bypass the proxy, you configure these
as well in the bottom box provided for that purpose.
The final tab in the Advanced configuration section is the Hardware tab, which is
essentially the Ethernet configuration. We will explore this next.
1. While in the Network panel, select the Ethernet service you want to
configure from the list and then click Advanced.
2. Choose Manually from the Configure menu:
3. Settings such as speed, duplex, and MTU in the Hardware tab are
automatically cached and pre-populated. Therefore, you can take
advantage of that and change only what you need to change.
4. Once you are done making any changes, don't forget to click OK and then
Apply to save them.
And with this review of the advanced network configuration options, including
manual Wi-Fi, TCP/IP, DNS configuration, and more, we have reached the end of this
chapter. Make sure to read the summary for an overview of what we covered and
what is coming next.
[ 546 ]
Networking in macOS Chapter 12
Summary
Now that you have reached the end of this chapter, you should feel comfortable
configuring network connections and services in macOS and using the tools available
for that purpose. You have revisited essential networking concepts, such as the OSI
model and the TCP/IP model, and how they work to make networking possible. You
have also reviewed other important concepts, such as network interfaces and network
protocols, as well as which ones are supported by macOS. By now, you can connect to
Wi-Fi and other networks, create network locations for specific places and/or
restrictions, and configure other network services, such as a VPN network. At the
same time, you are able to make advanced changes to the network configuration.
In the next chapter, we will go into network services in greater detail, including how
to use the sharing services available in macOS to make your work faster and easier.
Further reading
The Internet, by Jens Lechtenbörger (https://oer.gitlab.io/oer-courses/cacs/
Internet.html#/slide-1)
[ 547 ]
13
Using macOS Network
Services
In the previous chapter, we learned about the many network protocols macOS
supports. In this chapter, you will learn about network services that take advantage of
those protocols to access various network and sharing services. These services
provide perhaps the most essential functionalities for Mac users. We are talking about
key services such as email and calendar and other, more advanced services such as
file sharing and screen sharing. Also, there is a feature that was introduced in one of
the latest releases of macOS, called Continuity. This feature lets users use those
services seamlessly on all their devices. In this chapter, we will explore those essential
network services, as well as the Continuity feature. Advanced sharing services will be
covered in the next chapter.
Before we get started, let's see what we'll need for this chapter.
Technical requirements
This is what you will need for this chapter:
Let's start by understanding what network services are in the context of macOS.
Network services in this context are not to be confused with services such as Ethernet
and Wi-Fi. The network services we will be talking about here refer to client and
server software and services that communicate with each other through network
protocols and standards.
Besides network services and protocols, there's another important component in this
communication process, when it comes to accessing a service: the appropriate
authentication process. Once authentication has been passed, the authorization
process proceeds, and the connection is established.
macOS has many proprietary pieces of client software that allow users to access
essential network service functionalities such as email, calendar, messaging, and
more.
[ 549 ]
Using macOS Network Services Chapter 13
At the same time, there are different types of network services available in macOS;
we'll explore them next.
Standalone dedicated
Integrated
Standalone services are dedicated apps, such as email clients and web browsers. On
the other hand, integrated services mean they are integrated into the OS; they don't
require you to install any extra software and they work out of the box. An example of
such a service is a printing service.
In general, network services are detected through any of these three methods:
In the next section, we will look at the different types of service accounts that are
available in macOS for standalone dedicated services.
Mail
Notes
Calendar
Reminders
[ 550 ]
Using macOS Network Services Chapter 13
Contacts
Messages
FaceTime
Safari
Mail
The Mail app is a proprietary app for managing all email communications in macOS.
These are some of the app's features:
macOS's Mail app supports all standard email (encrypted and non-encrypted)
protocols, as well as several authentication standards. More specifically, it supports
the following:
Post Office Protocol or POP on TCP port 110 (encrypted POP will use TCP
port 995)
Internet Message Access Protocol or IMAP on port TCP 143 (encrypted
IMAP on port 993)
Simple Mail Transfer Protocol or SMTP on port 25 (encrypted SMPT on
ports 25 and 465) and 587 for iCloud, depending on the mail server's
functionality and the administrator's preferences
The IMAP and SMTP protocols are the default for iCloud.
To learn more about how to use the Mail app, visit this link: https:/
/support.apple.com/HT204093.
[ 551 ]
Using macOS Network Services Chapter 13
In the case of Exchange, since this service doesn't use standards for mail
communications, but instead uses Exchange Web Services (EWS), it relies on the
standard ports for web traffic (that is, TCP port 80 for standard transport and port
443 for secure transport).
If you wish to check out the full list of ports the Apple products and
services use, visit this link: https://support.apple.com/HT202944.
Notes
The Notes app offers an enhanced experience that sets it apart from other note taking
apps. Here are some of its features:
To learn more about how to use the Notes app, visit this
link: https://support.apple.com/guide/notes/welcome/mac.
Your notes can also be available on multiple devices when you're using iCloud. You
can also use other non-iCloud accounts, but they will rely on EWS or IMAP. In that
case, the app will create special mailboxes for your notes. These mailboxes will not be
used by your Mail app but will be managed by the Notes app.
[ 552 ]
Using macOS Network Services Chapter 13
For example, in the following screenshot, we can see a Google account that has been
configured to handle macOS Notes in Gmail. As you can see, a Notes folder has been
created and there is a single note inside it:
Single notes can be shared via Messages, AirDrop, Reminders, and more through the
Share button on the Notes toolbar, as shown in the following screenshot:
[ 553 ]
Using macOS Network Services Chapter 13
In macOS Big Sur, you have an additional sharing option for collaboration purposes.
You can assign permissions to specific users through the Share this note with others
button, as shown in the following screenshot. The permissions you can assign are as
follows:
[ 554 ]
Using macOS Network Services Chapter 13
Users upgrading to macOS from older versions of Mac OS X, when the enhanced
notes app was not available, will be asked to upgrade to the new Notes service in
order to use its media and sharing capabilities. In this case, what happens is that the
existing Notes service will be moved to iCloud and will only be compatible with the
Notes app on Mac computers with El Capitan or later. If you are using older versions
of OS X, you will still be able to access your notes through the iCloud website.
In the next section, we will examine another popular service, the Calendar.
Calendar
The Calendar app was previously known as iCal. This app allows you to integrate
your calendar with many other calendar services that use EWS or the CalDAV
protocol. We will explore this protocol in more detail later in this chapter.
Configure multiple accounts; for example, you can have your events from
iCloud and also from Google accounts.
Use colors to code each calendar for quick identification.
Send and receive event invitations.
Add locations with maps to show the exact location of the event.
Share your calendar with family and friends.
To learn more about how to use the Calendar app, visit this
link: https://support.apple.com/guide/calendar/welcome/mac.
The Calendar app supports several network calendar services; we'll look at what
those are next.
[ 555 ]
Using macOS Network Services Chapter 13
CalDAV
Internet-based
Exchange-based
Web Pub/Sub
Email invitations
Another useful app in macOS that takes advantage of network services is the
Reminders app. We will explore it now.
[ 556 ]
Using macOS Network Services Chapter 13
Reminders
The Reminders app was redesigned for macOS Catalina. Before Catalina, Reminders
was pretty much integrated with the Calendar app.
To learn more about how to use the Reminders app, visit this
link: https://support.apple.com/guide/reminders/welcome/mac.
Use it with one account or with multiple accounts and access all your
reminders in a single list
Have multiple lists
Set up subtasks for each reminder
Use location-based reminders so that they are fired when you arrive at a
certain location
The following screenshot shows what the interface looks like on macOS Big Sur:
[ 557 ]
Using macOS Network Services Chapter 13
Contacts
The macOS Contacts app was previously known as Address Book. With this app, you
can do the following:
To learn more about how to use the Contacts app, visit this
link: https://support.apple.com/guide/contacts/welcome/mac.
This app also integrates with contact network services such as EWS, Card Distributed
Authoring and Versioning or CardDAV, and the Lightweight Directory Access
Protocol or LDAP.
Exchange-based contact services use TCP port 80 for standard transport and port 443
for secure transport.
Contacts databases can be searched via LDAP, the standard for network directory
services. LDAP uses TCP port 389 for standard transport and port 636 for secure
transport.
Next, we will explore yet another popular and useful communication app: Messages.
[ 558 ]
Using macOS Network Services Chapter 13
Messages
The Messages app was previously known as iChat. Messages is an enhanced version
of the former messaging app since you can do much more than just send and receive
messages. The Messages app works with your iCloud/Apple ID account. With the
Messages app, you can do the following:
Send unlimited messages between Mac, iPhone, iPad, or iPod touch devices
(through iMessage).
Add images or files to a conversation.
Use high-resolution messages.
Use audio recordings.
Use FaceTime to start an audio or video conference (more details about
FaceTime will be provided shortly).
Use screen sharing and remote screen sharing.
Use file sharing.
Create and manage groups.
Share your location.
Use Siri to send, receive, and reply to messages (macOS Sierra and later).
To learn more about the Messages app, visit this link: https://
support.apple.com/HT202549.
The next app we will look at is related to the Messages app; they work together to
provide messaging and video conference services to users, and it's called FaceTime.
FaceTime
FaceTime is the audio and video conferencing app for Apple devices.
To use a Mac computer for FaceTime audio or video calls, there are some
requirements you need to meet:
[ 559 ]
Using macOS Network Services Chapter 13
To learn more about the FaceTime app, visit this link: https://
support.apple.com/HT208176.
Make group calls with up to 32 people (who have the FaceTime app
installed on another Mac, iOS device, or iPadOS device and are connected
to the internet).
Use Animoji, stickers, and more.
Use the front and back camera.
Use Live Photos (macOS Mojave 10.14.3 and later).
Safari
Safari is the web browsing app for all Apple devices. There is virtually no
configuration needed for Safari, but you do have advanced options you can take
advantage of.
To learn more about the Safari app, visit this link: https://support.
apple.com/safari.
[ 560 ]
Using macOS Network Services Chapter 13
With that, we have finished reviewing all the standalone network services apps that
come bundled with macOS for easily configuring essential network services, such as
email, notes, calendar, reminders, contacts, messages and chat, video conferencing,
and web browsing. Next, we will learn how to configure these services.
Automatically
Manually
Through configuration profiles
At the same time, some services are configured differently than the rest. We will learn
how to configure the following services separately:
iCloud
Microsoft Exchange
Google
Yahoo
AOL
[ 561 ]
Using macOS Network Services Chapter 13
Configuring some services will also configure other related services. For example,
configuring the Google service will allow you to configure four services. Let's see
how that works.
[ 562 ]
Using macOS Network Services Chapter 13
3. Click on a service provider from the list on the right. For this example, we
will choose Google:
[ 563 ]
Using macOS Network Services Chapter 13
6. Once authorized, you will see the following window, which will ask you
which services you want to configure with this account. In this case, we
select to configure Mail, Contacts, Calendars, and Notes with this single
Google account, as shown in the following screenshot:
7. Once you have checked the services you wish to use with this account,
click Done.
And that's it! You have configured four network services with a Google account
quickly and easily. In the next section, we will learn how to configure accounts
manually, if you need to do that.
[ 564 ]
Using macOS Network Services Chapter 13
3. You will see the following account options that you can configure
manually:
Mail
CalDAV
CardDAV
LDAP
Game Center:
[ 565 ]
Using macOS Network Services Chapter 13
4. Choose one of these options and enter the details for the account you want
to configure, as provided by your administrator.
With that, we have learned how to configure accounts automatically and manually.
Now, let's explore specific configurations that are done a little differently than what
we just saw.
[ 566 ]
Using macOS Network Services Chapter 13
You will find the Mail general configuration option, as well as configurations for each
mail account you have set up by going to the Mail menu and then clicking the
Preferences menu option. These preferences allow you to manage your email
accounts and set up preferences such as fonts and colors, view options, message
composing, adding signatures, and rules, as shown in the following screenshot. The
Accounts tab also allows you to add additional email accounts; all you need to do is
click on the + (Add) button and follow some steps that are similar to the ones we saw
earlier:
So, now that your Mail, Contacts, Calendar, and Notes apps have been configured,
let's learn how to configure many services that will be synced across all your Apple
devices.
[ 567 ]
Using macOS Network Services Chapter 13
But if you want to configure the most services with a single account, the
recommendation is to use an iCloud account. Configuring with iCloud also allows
you to set up additional services such as iCloud Drive, iCloud Keychain, Find My,
Photos, and more, and ensures your information will be synced across your Apple
devices. Let's explore how this configuration works:
[ 568 ]
Using macOS Network Services Chapter 13
Now that you know how to configure your network services with a third-party
provider such as Google and how to enable many other services when using iCloud,
let's find out how to configure the Messages service.
Configuring Messages
The Messages app also requires an Apple ID, but it is not configured by going
through the same procedure we saw earlier; you will need to do it separately. To use
the Messages app, you will need to set up iMessage with your Apple ID. iMessage is
an instant messaging service that is developed by Apple exclusively for Apple
devices. If your Apple ID is not configured yet, you will be asked to provide it the
first time you open the Messages app, as shown in the following screenshot:
And with this configuration, we have reached the end of this section on setting up
network services, including essential services such as email, notes, calendar, and
more, and learned how they can be configured automatically and manually. We also
learned how to take advantage of many other network services when using an iCloud
account and an Apple ID, as well as sync capabilities across all your Apple devices.
Furthermore, Apple has implemented a nice feature that extends the capabilities of
these services so that you can use them seamlessly across your Apple devices. This
feature is called Continuity, and we will explore it in the next section.
[ 569 ]
Using macOS Network Services Chapter 13
Continuity
Continuity is a series of features that allow you to move your work between your
Apple devices seamlessly; that is, to start working on one device and continue to
work on the other without interruption or loss of information. Several individual
features make up the Continuity feature as a whole. At the time of writing this book,
these are the features that are included in the Continuity set:
Sidecar
Continuity Markup and Sketch
Text Message Forwarding
Cellular Calls
Continuity Camera
Auto Unlock
Handoff
Universal Clipboard
AirDrop
Apple Pay
Instant Hotspot
The following are the general requirements you will need to use the Continuity
feature:
Each device needs to be signed into iCloud with the same Apple ID.
Each device needs to have Bluetooth turned on.
Each device needs to have Wi-Fi turned on (or cellular data for iPhone).
Most devices require a specific feature to be enabled on each device.
Also, to use these features, your devices need to meet certain device
requirements, depending on the device's type. You can verify these
requirements here: https://support.apple.com/HT204689.
Note that AirDrop was covered earlier in this chapter. You can find more details on
each feature and how they work for all devices by going to https://support.apple.
com/HT204681.
Next, we will provide a brief overview of each of the Continuity features. Let's begin
with Sidecar.
[ 570 ]
Using macOS Network Services Chapter 13
Sidecar
Sidecar is a Continuity feature that lets you extend your workspace by using an iPad
as a second display. You can also use your iPad to mirror the main display and show
the same content so that you can share what you are doing with others.
This feature works perfectly in combination with Apple Pencil to design, edit photos,
or create 3D models.
Two other Continuity features related to this one are Markup and Sketch, which we'll
describe next.
The Continuity Sketch feature allows you to sketch on your iPad or iPhone, and those
changes will automatically be inserted into a document on your Mac.
The general requirements that apply for this feature to work are as follows:
Devices need to be signed into iMessage with the same Apple ID.
The iPhone needs to be turned on and connected to Wi-Fi or a cellular
network.
1. Open the Messages app and select Preferences from the top Messages
menu.
2. Select the iMessage tab. Make sure you are signed in with the appropriate
Apple ID (the same one you used on the device you want to use the
features with).
[ 571 ]
Using macOS Network Services Chapter 13
4. Choose your Mac's name and any other additional devices that you want to
use to send and receive text messages that appear on the list.
And that's it! You will now see any text messages that have been sent to your iPhone
appear on your selected device (Mac or other).
Note that Continuity can be applied not only to SMS but to calls as well, as we will
see next.
Cellular Calls
This feature allows you to make and receive calls from your Apple devices in the
same network as your iPhone. You can answer or receive a call, send a voicemail, or
send a message to the caller. This works with Mac, iPhone, iPad, or iPod touch.
[ 572 ]
Using macOS Network Services Chapter 13
For this feature, in addition to the general requirements for the Continuity features
that we saw at the beginning of this section (except the Bluetooth requirement), you
also need the following:
Each device needs to be signed into FaceTime with the same Apple ID.
Each device needs to be connected to the same network through Wi-Fi or
Ethernet.
1. Open the FaceTime app and choose Preferences from the top FaceTime
menu.
2. Ensure you are signed in with the appropriate Apple ID (the same one you
used on the device you want to use the features with).
3. Then, make sure the Enable this account checkbox is selected.
4. Select the way you want to be reached for FaceTime. If your other device is
logged in with the same Apple ID and it is enabled as well, you should see
the number appear to enable it by selected the checkbook, as shown in the
following screenshot:
[ 573 ]
Using macOS Network Services Chapter 13
5. You will now be able to move the mouse over any phone number in
Contacts, Calendar, Safari, or any other app that automatically detects
phone numbers, as shown in the following screenshot. Click the arrow in
the box that highlights the phone number and choose to call using
iPhone or FaceTime Audio:
Another way to call is by opening the Contacts app; for example, searching
for a contact, right-clicking the call button, and selecting an option such
as Call Using iPhone, as shown in the following screenshot, or opening the
FaceTime app, entering a phone number, and clicking the call icon:
[ 574 ]
Using macOS Network Services Chapter 13
Note that a notification will appear when you receive a call to your iPhone. Click on it
to answer the call.
Another excellent feature in this set is the Continuity Camera, which we will examine
next.
Continuity Camera
With this feature, you can use a photo you've taken on your iPhone, for example, or a
scanned document, and have it available on your Mac to use immediately.
This feature has some requirements that you should take into account:
Both the Mac and Apple device(s) must have Wi-Fi and Bluetooth turned
on.
Both the Mac and Apple device(s) must be signed into iCloud with the
same Apple ID (using two-factor authentication).
The Mac must have macOS Mojave or later installed.
The iOS device must be using iOS 12 or later.
Finder
Keynote 8.2 or later
Mail
Messages
Notes
Numbers 5.2 or later
Pages 7.2 or later
TextEdit
If you have met these requirements, then follow these steps to use it with your Mac.
In this example, we are using the Continuity Camera with an iPhone:
1. On your Mac, open a supported app. For this example, we will open the
Mail app.
2. Go to the File menu, select Insert from iPhone (or use the Photos icon to
the right of the Mail app, as shown in the following screenshot), and click
on Take Photo:
[ 575 ]
Using macOS Network Services Chapter 13
3. A message will appear in your application, similar to the one shown in the
following screenshot. Look at your iPhone, and you will see that it has
become activated to take a picture. Once you can see that your iPhone is
ready, take a photo:
[ 576 ]
Using macOS Network Services Chapter 13
4. Next, click Use on your iPhone, and the image will appear in your email
message, as shown in the following screenshot. You can use the Image Size
dropdown to the right-hand side to select whether you want to use the
image's Actual Size, as shown in the following screenshot, or a smaller size
that might be more appropriate for email transfer:
Figure 13.19 -Using the photo you took on a device on your Mac
And that's it! At this point, you can see how incredibly useful this feature is. Let's
continue exploring other Continuity features.
Auto Unlock
Auto Unlock works in combination with an Apple Watch when it's close to your Mac.
The way this works is that when you're using an Apple Watch, your Mac recognizes
that you're nearby and automatically logs you in.
Apart from the general requirements for Continuity, you can verify whether your
Mac supports Auto Unlock as follows:
1. Go to the Apple menu and, while clicking the Option key, select System
Information.
2. From the left menu, scroll down to the Network section.
3. Select the Wi-Fi option.
4. If your Mac supports Auto Unlock, it will appear in the window to the
right, as shown in the following screenshot:
[ 577 ]
Using macOS Network Services Chapter 13
Handoff
With the Handoff feature, you can start working on a device with a supported app
and switch to another device nearby to seamlessly continue working on the same
thing. The following apps are supported for use with the Handoff feature:
Mail
Maps
Safari
Reminders
Calendar
Contacts
Pages, Numbers, and Keynote
Some third-party apps
[ 578 ]
Using macOS Network Services Chapter 13
A similar feature to Handoff is the Universal Clipboard, which we will explore next.
Universal Clipboard
The Universal Clipboard feature allows you to copy content from one Apple device
and paste it on another. It works with text, images, photos, and videos.
For the Universal Clipboard to work, Handoff has to be enabled on both devices.
Refer to the previous section to learn how to turn it on.
[ 579 ]
Using macOS Network Services Chapter 13
As you can see, using this feature is very simple and useful. The next feature we will
look at is a popular one among Apple device users: AirDrop.
AirDrop
AirDrop is a feature that allows you to quickly share documents, photos, videos, and
more to a nearby Mac, iPhone, iPad, or iPod touch. We will cover this feature in more
detail in Chapter 14, Using macOS Sharing Services.
The next feature we will explore has to do with payment capabilities for online
shopping, and it's called Apple Pay.
Apple Pay
Apple Pay allows you to add credit, debit, or prepaid cards and use them seamlessly
on Mac, iPhone, iPad, or Apple Watch for your purchases. Take into account that to
use this feature on more than one device, you will need to add each card to each
device.
An eligible device
Visit this link to verify which devices are eligible for Apple Pay:
https://support.apple.com/HT208531.
[ 580 ]
Using macOS Network Services Chapter 13
Instant Hotspot
With this feature, you can share an internet connection from your iPhone or iPad
(with Wi-Fi and cellular capabilities) to your Mac without having to enter a password.
In addition to the general requirements for Continuity, you need to make sure your
carrier allows Personal Hotspot.
To use Instant Hotspot with an iPhone, for example, follow these steps:
And with this overview of the individual features of Continuity, we have reached the
end of this chapter on network services. Be sure to check out the following summary
for a quick review of what was covered.
[ 581 ]
Using macOS Network Services Chapter 13
Summary
In the first section of this chapter, we learned how network services work in macOS,
how to use them, and how to configure them. You should now feel comfortable
configuring all types of network accounts for daily work tasks, such as the Mail,
Notes, Calendar, Reminders, Contacts, Messages, FaceTime, and Safari apps. In the
second section, we looked at the Continuity set of features, which allow you to
seamlessly extend your work from your Mac to other devices in the Apple ecosystem,
such as your iPhone, iPad, and so on. These features are Sidecar, Markup and Sketch,
Text Message Forwarding, Cellular Calls, Continuity Camera, Auto Unlock, Handoff,
Universal Clipboard, AirDrop, Apple Pay, and Instant Hotspot. You now know what
these features do, their requirements, and how you can take advantage of their
capabilities.
In the next chapter, we will look at another group of network services, this time
related specifically to sharing, including services such as remote controlling and
screen sharing.
[ 582 ]
14
Using macOS Sharing
Services
n the previous chapter, we learned about the many network protocols macOS
supports, and we explored how to configure related essential services such as email,
calendar, and messaging. In this chapter, you will learn about network services that
take advantage of those same protocols to access additional network and sharing
services. These services provide perhaps the most practical functionalities for users of
a Mac computer. First, we will talk about services such as file sharing and screen
sharing. In the latter half of this chapter, we will explore the various ways to remote
control a Mac and use other sharing services, such as printer sharing.
Technical requirements
This is what you will need for this chapter:
In this section, we will see how file sharing works in macOS, including a very popular
sharing feature among Mac users: AirDrop. We will cover the following topics related
to the sharing services on macOS:
On macOS, you can share files and folders with others on your network. You can
even share your entire Mac or specific folders with everyone or just with specific
users.
[ 584 ]
Using macOS Sharing Services Chapter 14
FTP/FTPS
SFTP
SMB
AFP
NFS
WebDAV
[ 585 ]
Using macOS Sharing Services Chapter 14
FTP on macOS uses TCP ports 20 and 21 for standard transmission and
TCP ports 989 and 990 for SSL-encrypted transmission (FTPS).
With macOS, you don't need a client such as FileZilla to connect to FTP. You
can connect directly from the Finder. However, take into account that the
Finder only supports read capabilities with FTP/FTPS: you can view, copy,
and download files to your computer, but you can't copy files into the
server, nor can you rename or delete files. If you need to perform those
tasks, you will have to install an FTP client, though you can also use
Terminal to access both FTP and FTPS.
Take into account that it is not possible to share Apple File System
(APFS) volumes over AFP.
[ 586 ]
Using macOS Sharing Services Chapter 14
Now that we know which file-sharing protocols macOS supports, let's examine the
practical aspects of file sharing on macOS.
[ 587 ]
Using macOS Sharing Services Chapter 14
[ 588 ]
Using macOS Sharing Services Chapter 14
10 users can connect simultaneously (if more users need to connect, you
will need to use macOS Server).
The Public folder for each user is shared automatically.
Any user that's been set up in the Users & Groups preferences will be able
to connect to the Mac over the network.
An administrator will have access to the entire Mac.
[ 589 ]
Using macOS Sharing Services Chapter 14
Guests will be able to access shared folders if this has been enabled in the
Users & Groups preferences.
For sharing files, you will be able to select the following types of users:
Users with accounts on your Mac
Users from the network users or network groups
A person from your Contacts, for whom you can create an
account
Read & Write: Allows users to see and copy files from the folder.
Read Only: Allows users to view the contents of the folder but not copy
files to it.
Write Only (Drop Box): Allows users to copy files to the Drop Box folder
but not view its contents.
No Access: Users cannot see nor copy files to the folder (only available for
the Everyone group).
To enable file sharing (this should be done on the machine you want to connect to
from another Mac), follow these steps. Take into account that only an administrator
can enable and modify file-sharing settings:
1. Open System Preferences and click the Sharing icon (shown in Figure
14.1).
2. Select the File Sharing checkbox, as shown in the following
screenshot. When you do this, you will see a green dot, and the state will
change to On. You will also notice that each user's Public folder is then
automatically shared:
[ 590 ]
Using macOS Sharing Services Chapter 14
1. Click the + (Add) button at the bottom of the Shared Folders list.
2. Browse the folder, select it, and click on the + (Add) button.
1. Select the folder in the Shared Folders list and click - (Remove).
We mentioned earlier that you could select three types of users to share files. If you
select a user from Contacts, you will need to create an account for that contact:
[ 591 ]
Using macOS Sharing Services Chapter 14
3. Create a password for that user and click Create Account. Take into
account that this action will create a Sharing account (not a Standard
account). You can verify this if you go to the Users & Groups preferences.
4. You will be asked to authenticate as an administrator. When ready,
click Modify Configuration.
5. By default, the user will have Read Only permission, which means they
will be able to view files in the folder but not copy to it. To change this
behavior, make sure the folder you want to share is selected in Shared
Folders, select the user from the list of Users, right-click on the user, and
change the permissions to Read & Write, as shown in the following
screenshot. You can do this action for each folder in the list:
[ 592 ]
Using macOS Sharing Services Chapter 14
You will notice that there is an Options... button. If you click on it, you will see that,
by default, only the SMB protocol is enabled. On versions prior to macOS Big Sur,
you will also see Share files and folders using AFP. This option no longer exists in
macOS Big Sur as the ability to share files and folders using AFP has been deprecated.
Here, you can also choose which users you want to allow for Windows File Sharing:
Also, remember that guests can access shared folders on a Mac. To turn off Guest
access, follow these steps:
[ 593 ]
Using macOS Sharing Services Chapter 14
And that's it! You have now enabled file sharing and granted permissions to a specific
folder for a user.
[ 594 ]
Using macOS Sharing Services Chapter 14
Later in this chapter, we will learn how the shared folders appear when we're
connecting from another computer (scenario 2's example).
Now that we have seen how to configure file sharing on macOS, we will now
examine how to connect to file shares.
Automatic discovery
Authentication
Manual connection through SMB and AFP
Manual connection through NFS, WebDAV, and FTP
Creating automatic connections
Automatic discovery
Automatic discovery works by simply browsing the services that have been
discovered dynamically through the Finder. This can be done from two locations in
the Finder:
[ 595 ]
Using macOS Sharing Services Chapter 14
For the first option to work, it has to be enabled in the Finder preferences:
1. Go to the Finder preferences, the General tab, and select all the checkboxes
to enable mounted network volumes to appear on Desktop, as shown in
the following screenshot. You can enable the same in the Sidebar tab as
well if you want:
The sidebar list will show up to eight discovered services. If you need to see
more than eight, click All at the bottom of the list. This link will actually
take you to the Finder's Network folder.
What you will see will depend on how big your network is. In a large
network, you might see several subfolders, each representing a domain, and
inside them, the shared resources that have been configured for that
network area. In a small network like this one, you will see only one level.
With the second option, when file shares are mounted, they will appear in the open
dialog of any application, as shown here:
[ 596 ]
Using macOS Sharing Services Chapter 14
When you want to access a file share, you need to authenticate. We will learn how to
do that next and save the authentication information so that you don't need to do it
every time.
Authentication
To access shared resources from another Mac or even a Windows computer that
already appears in your Network folder, you will need to authenticate. If the location
you want to connect to has not appeared yet in the Network folder, it means you
need to configure the connection. Don't worry; we will see that in the coming
sections.
[ 597 ]
Using macOS Sharing Services Chapter 14
Take into account that when you see the Network folder in the List or Gallery View,
you will not see the button to authenticate. You will need to change the view to
Columns to see the button, as shown here:
To authenticate to a network location that appears in the Network folder, follow these
steps:
1. Go to the Network folder and select the Connect As... button, as shown in
the preceding screenshot. You will have these options to select from:
Guest
Registered User
Using an Apple ID:
[ 598 ]
Using macOS Sharing Services Chapter 14
[ 599 ]
Using macOS Sharing Services Chapter 14
Using an Apple ID: This third option only appears when the local Mac and
the other computer where the share is are both linked by an Apple ID.
Otherwise, you will only see the first two options.
You can save this information on your Keychain at this point to avoid having to enter
this information and connect automatically by activating the Remember this
password in my keychain option (Figure 14.10).
Sometimes, automatic discovery will not find what you are looking for. In that case,
you can attempt to connect to shares manually. We will explore how we can do that
next.
[ 600 ]
Using macOS Sharing Services Chapter 14
2. You can find this address in a Mac with file sharing turned on. Go to
the Sharing preferences and select File Sharing. When enabled, you will
see the address that other computers can use to access (in the following
screenshot, this is the address with the red underline). Here, we can see the
SMB address, but you can also use AFP in versions before macOS Big Sur:
[ 601 ]
Using macOS Sharing Services Chapter 14
3. On the other Mac, the one you want to use to access the file share, go to
the Finder top menu, select the Go menu, and select Connect to Server...,
as shown here:
4. In the Server Address field, enter the address you found in step 2. If you
don't specify a prefix, the Mac will attempt to guess whether it's SMB or
AFP.
5. At the end of the address, you can include the name of the specific folder or
item you want to connect to.
6. At this point, you will have two options: Browse or Connect.
7. If you click Browse, you will be taken to the Network folder; at this point,
you will be able to authenticate through the methods indicated earlier, or if
the information is in Keychain, it will connect automatically.
8. If you click Connect, you will either connect automatically, or you will
have to enter the login information.
9. Once authenticated and connected, you will see the list of volumes you can
access.
10. Select the one(s) you want to mount and double-click.
[ 602 ]
Using macOS Sharing Services Chapter 14
If you have used the Connect to Server option before, you will have two options to
make connection easier:
Apart from SMB and AFP, there are other protocols we talked about. We will explore
how to connect to them in the next section.
When using these share services, you will need to use the appropriate prefix; the
following are examples:
These addresses will have to be provided by the target server administrator. Let's see
some practical connection examples.
[ 603 ]
Using macOS Sharing Services Chapter 14
1. From the Mac you want to use to access the file share, go to
the Finder sidebar, select the Go menu, and click Connect to Server...
(Figure 14.13).
2. In the Server Address field, enter the FTP address provided by the server
administrator, as shown in the following screenshot.
3. At the end of the address, you can include the name of the specific folder or
item you want to connect to:
4. Click Connect. You will see a message that alerts you that you are trying to
connect. Click Connect again.
5. Leave the default to log in as Registered User and enter the FTP server
login information (FTP address, username, and password) provided by the
server administrator as-is. Once the details have been entered correctly,
click Connect.
6. Once authenticated and connected, you will see the list of volumes and
folders you can access, as shown in the following screenshot.
7. Depending on your Finder preferences, you might also see the volume
appear on the desktop:
[ 604 ]
Using macOS Sharing Services Chapter 14
8. You can double-click on that volume anytime to mount it. If the login
credentials were saved to Keychain, the connection will be automatic next
time.
[ 605 ]
Using macOS Sharing Services Chapter 14
4. For the next step, you will need to know the name of the Mac you are
looking for (also known as the NetBIOS name); you need to take note of the
name that appears in the Network preferences, Wi-Fi Advanced
preferences, in the WINS tab, as shown in the following screenshot. At the
end of this section, you will find out how you can change this name:
5. Once you know which name to look for, on your Windows computer,
open File Explorer, click Network, and locate the Mac you want to connect
to. In the following screenshot, we can see the name of the Mac we saw
earlier appear in the Windows Network folder. If you don't see any
location in the folder, it probably means you have to configure sharing for
the Windows computer first. Check out this article (https://support.
apple.com/guide/mac-help/mchlp1659/11.0/mac/11.0) to set up
Windows computers to share files with Mac. Make sure the Mac is
powered on and connected to the same network as the Windows
computer. It may take a moment for the Windows computer to show that
the Mac is on the network:
[ 606 ]
Using macOS Sharing Services Chapter 14
6. Double-click the Mac's name, then enter the account name and password
for the user account you selected in step 3.
7. Once authenticated, you will see the directories you are allowed to see, as
per the configuration in the File Sharing preferences. If you leave the
default options as-is, with all Public folders shared, you will see the
following:
The passwords of user accounts that have been used for Windows
sharing may be less secure. To protect your system, turn off the
account when it's not being used, and then turn off Windows
sharing.
Take into account that network sharing is not available when the Mac is in sleep
mode. You can change this behavior in the Energy Saver preferences.
[ 607 ]
Using macOS Sharing Services Chapter 14
There are a few ways to connect to a Windows computer from a Mac computer. If you
want to review all the methods available, you can visit this link: https://support.
apple.com/guide/mac-help/mchlp1660/11.0/mac/11.0. In this example, we will
show one of the available methods:
1. On your Mac, go to the Finder's top menu, select Go, then Network, and
then go to the Network folder.
2. Identify the computer's name and double-click on it. If you don't see any
location in the folder, this probably means you have to configure sharing
for the Windows computer first. Check out https://support.apple.com/
guide/mac-help/mchlp1659/11.0/mac/11.0 for instructions on setting up
Windows computers to share files with Mac. If you see several names and
you are not sure which one is the Windows computer you want to connect
to, go to the Windows computer, click the Windows menu (usually at the
bottom-left corner), select the Configuration icon, select System, and at the
bottom of the left menu, click About. The computer's name will appear
next to Device name, as shown in the following screenshot:
[ 608 ]
Using macOS Sharing Services Chapter 14
3. Back on the Mac, locate the name you identified in the shared computer on
the Network folder and double-click on it; in this example, we have already
identified it. You might need to select the network area or workgroup name
for the shared computer in large environments. You can get that
information from your network administrator:
As a next step, you can create an automatic connection so that it is even easier to find
and connect to the share. We will see that in the next section.
[ 609 ]
Using macOS Sharing Services Chapter 14
1. Through the Users & Groups preferences login options. Take into account
that you will need to authenticate as an administrator to use this method.
Follow these steps:
1. Log into the account where you want to create the automatic
connection.
2. Authenticate as an administrator.
3. Use the Finder and go to the Go menu to open the share's exact
location, which will then appear in the Network folder.
4. Open the Users & Groups preferences. Make sure the user you
want to create the share for is selected in the list of users and
select the Login Items tab.
5. Drag the share to the user's login items from the Network folder
into the Users & Groups preferences, as shown in the following
screenshot. An alternative to dragging and dropping is to use the
+ (Add) button to add the share:
[ 610 ]
Using macOS Sharing Services Chapter 14
[ 611 ]
Using macOS Sharing Services Chapter 14
If the share does not appear immediately, try browsing to another place in
System Preferences and go back to Login Items to verify this. In the
following screenshot, you can see that a share and a folder inside the share
have been added to Login Items:
And that's it! These shares will now open automatically the next time you
log into the account where they were added; in this case, the administrator
account.
2. Using shortcuts: Just drag the share to the right-hand side of the user's
Dock (Figure 14.24). The share will automatically connect when you double-
click on it.
[ 612 ]
Using macOS Sharing Services Chapter 14
3. Using aliases. Create an alias and place it in the Dock (Figure 14.24). We
saw how to do this in Chapter 8, System Resources and Shortcuts, if you
would like to review this:
You cannot drag items from the Finder sidebar or the network
browser to the login items or the Dock. You need to be in the actual
location.
[ 613 ]
Using macOS Sharing Services Chapter 14
Earlier in this section, we learned how to identify the NetBIOS name for sharing with
a Windows computer. Actually, the Mac has a default name based on the DNS name
or the name that was created by the user when macOS was installed. An
administrator can change this name in the Sharing preferences. On this Mac, for
example, the name is Herta's MacBook Pro:
You can change the Mac's name by clicking the Edit... button in the
Sharing preferences menu (Figure 14.25). When you change the name, the system will
also configure the names for all the other discovery protocols.
For example, if we changed this machine's default name to something simpler, such
as Herta's Mac, then the NetBIOS/WINS name will become HERTAS-MAC, and
the Bonjour name will be Hertas-Mac.local.
[ 614 ]
Using macOS Sharing Services Chapter 14
So, now that you know how to connect to file shares either through automatic
discovery as well as manually, and also know how to create automatic connections,
let's find out how to disconnect these mounted shares.
You can do this by using the Eject button that appears in the Finder, beside the
mounted share.
If a network share gets disconnected because of a power outage, for example, when
the power is back on, a reconnect will be attempted. If the Mac cannot reconnect after
several minutes of attempting, the system will fully disconnect from the share.
Now, besides the more sophisticated file-sharing options we have just seen, Apple
offers a quick, practical way of sharing files, and we will see that next.
What is AirDrop?
AirDrop is a secure peer-to-peer service that allows you to share and receive files,
photos, videos, websites, locations, and more from/to other Apple devices through an
ad hoc network connection via Wi-Fi and Bluetooth. AirDrop does not use your
standard Wi-Fi connection but a different radio frequency. It creates a closed network
(ad hoc) between local Apple devices. It uses Bluetooth for discovery and Wi-Fi for
file transfer. AirDrop handles file sharing through Transport Layer Security (TLS). It
does not allow you to browse for files; instead, it is a send-and receive-only, short-
range type of sharing.
[ 615 ]
Using macOS Sharing Services Chapter 14
Mac OS X Yosemite or later, and iOS 7 or later for the latest implementation
of AirDrop, which uses Bluetooth for wireless discovery and Wi-Fi for data
transfer.
The legacy implementation of AirDrop is only available for sharing among
computers running OS X Lion or later since it only uses Wi-Fi.
The Wi-Fi and Bluetooth interfaces have to be turned on.
Here's how you can verify whether your Mac supports AirDrop:
Here are some details you should take into account to use AirDrop:
Make sure the device of the person you want to share with is within the
Bluetooth range (usually around 30 ft).
Verify that you and the other person's devices have Wi-Fi and Bluetooth
turned on.
Personal Hotspot needs to be turned off.
If you're not in the other person's Contacts, make sure their AirDrop is set
to Everyone in order to receive the file. Otherwise, have them add you to
their Contacts.
1. Open Finder and select the AirDrop icon from the sidebar.
2. You can also select AirDrop from the Finder's Go menu.
3. Press Shift + Cmd + R.
When the AirDrop interface is open, it will automatically scan for other compatible
devices within range.
[ 616 ]
Using macOS Sharing Services Chapter 14
Drag and drop the file you want to send to the icon that represents the
other device, as shown in the following screenshot:
Alternatively, select the file you want to share and use the Share button in
the context it appears in; for example, the Finder.
When you are receiving a file, these options will be presented to you:
Accept, in which case the file that's received will be saved to the
Downloads folder.
Accept & Open, which saves the file in the same location, but also opens it.
[ 617 ]
Using macOS Sharing Services Chapter 14
Decline, which cancels the transfer and notifies the other user:
We have reached the end of this section on sharing services, where we have explored
the file-sharing service protocols macOS supports, learned what file-sharing services
are, how to use them on macOS, including how to connect to different types of file
shares, such as FTP, computers in the same local network, and even a Windows
computer, and how to share files quickly and easily between Apple devices with
AirDrop. Now that we have a good idea of the sharing possibilities on macOS, let's
move on to yet another practical sharing feature: remote controlling and screen
sharing.
[ 618 ]
Using macOS Sharing Services Chapter 14
The client software for these methods is included in macOS. However, the
administrative software for ARD that is used to control other Mac systems is sold
separately.
[ 619 ]
Using macOS Sharing Services Chapter 14
3. When you enable Remote Management for the first time, a prompt will
appear, asking you what you want to allow, as shown in the following
screenshot. Select all the appropriate options, such as Observe and
Control, and click OK. These options can be accessed and modified at any
time by clicking the Options... button (Figure 14.28):
4. You can modify the default setting and change it to All users or Only these
users (Figure 14.28).
5. The Computer Settings... button allows you to add more operating systems
so that you can access your screen sharing service. When you attempt to
access screen sharing, the currently logged-in user on the Mac that will be
shared will have to authorize this action. By default, only local authorized
users and groups are allowed to request permission to use screen
sharing. You can change this behavior by selecting Anyone may request
permission to control screen, as shown here:
[ 620 ]
Using macOS Sharing Services Chapter 14
Here, you can see that another option in these settings is for VNC viewers to control
the screen with a password. Standard third party means users cannot authenticate
using the macOS methods we will describe next. If you enable this option, you can
specify the password for VNC access.
Take into account that VNC viewers cannot use the clipboard copy,
file copy, or virtual desktop features.
There are also third-party solutions for remote access that you might want to
explore. macOS screen sharing is backward compatible with OS X Lion and later, and
it can control previous OS X systems with ARD remote management. Let's examine
the three methods mentioned previously for remote controlling in more detail.
Now that remote controlling is enabled on the target computer we want to connect to,
let's discover how we can actually connect through the methods listed previously. We
will begin with System Screen.
To remote control a computer through this method, make sure the target computer
has remote management or VNC enabled. For the connection to succeed, the target
Mac must have at least screen sharing enabled, but to use remote management
features, they have to be enabled as well.
[ 621 ]
Using macOS Sharing Services Chapter 14
1. Connecting
2. Authenticating
3. Controlling
4. Adjusting settings
Connecting
Connecting to a remote Mac to control it via System Screen starts with any of these
two methods involving the Finder, which allows connection to the shared screen in
the first place.
1. Open the Finder sidebar and then browse and select the computer from the
list. Alternatively, open the Network folder.
2. Once you have located the computer you want to control, click the Share
Screen... button, as shown here:
[ 622 ]
Using macOS Sharing Services Chapter 14
Next, you will need to authenticate. We will see the authentication methods in the
next section.
1. While in the Finder sidebar, choose the Go menu option and then Connect
to Server.
2. Enter VNC, followed by the computer's IP address, DNS hostname, or
Bonjour name. For this example, we will enter the IP address shown here:
3. Click Connect.
Next, you will need to authenticate. We will see the authentication methods in the
next section.
Authenticating
Authentication can take place in many scenarios, and it can be done through the
options we already described previously: Guest, Registered User, and Using an
Apple ID.
The default option to authenticate is Registered User. What happens next will
depend on the status of the target computer you are trying to connect to. Let's
examine the most common ones.
First, make sure the target computer is turned on. If the computer is in sleep mode, it
will need to be configured for network wake in the Battery preferences (Energy
Saving preferences in versions before macOS Big Sur). The following scenarios
assume the remote computer is on.
[ 623 ]
Using macOS Sharing Services Chapter 14
Scenario 1: The target computer is a Mac running macOS or OS X, but there isn't any
logged-in user. In this case, you can immediately connect to the Mac as a standard or
administrative user.
1. Ask for permission. In this case, the administrative user that's logged into
the target Mac will be prompted to allow or deny your connection (Figure
14.33). To accept, the target Mac should click Share Screen:
2. Log into a virtual desktop. In this case, you can immediately connect to
your standard account through a virtual desktop.
Take into account that, in this scenario, the other user will not know
you are remotely using the virtual desktop on the computer. They
can verify this by checking the Fast User Switching menu or the
Users & Groups preferences.
Now that we have established a connection with the target Mac and we have
authenticated it, let's explore how to control it.
[ 624 ]
Using macOS Sharing Services Chapter 14
Controlling
Once connected and authenticated, a new window will open on the Mac you are
using to access the target Mac remotely. At this point, you will be able to see the
remote Mac and perform the following tasks:
If you see a binoculars icon, this means that you can watch but not control the
system.
If you see a pointer, this means you can control it. In this case, the Control button will
also be active:
Now that we are successfully controlling the target Mac, let's look at the additional
settings we can adjust.
[ 625 ]
Using macOS Sharing Services Chapter 14
Adjusting settings
You can adjust the default screen size and quality from the Screen Sharing
preferences. For that, go to the Screen Sharing menu at the top left. Select
the Preferences menu option. You will see the options shown here:
Take into account that the screen's quality will also depend on the quality of your
network connection. If you have a bad connection, you might have to wait a few
seconds until the screen renders correctly.
In the Toolbar menu, you will see other useful options, such as Scaling and
Clipboard. The latter option lets you use the Shared Clipboard to Get or Send
clipboard elements.
To quit screen sharing, just go to the Screen Sharing menu and select Quit Screen
Sharing.
Now that we have seen remote controlling via System Screen, let's see the second
remote controlling method, via Messages Screen Sharing.
[ 626 ]
Using macOS Sharing Services Chapter 14
The interesting part of this option is that you can use on-demand screen sharing when
the system screen sharing service we just saw is not enabled. This means that screen
sharing does not have to be enabled in the Sharing preferences, as required for the
previous method. This is possible because the Messages app uses its own
communication services to initiate screen sharing.
[ 627 ]
Using macOS Sharing Services Chapter 14
3. Once the user is selected, send a message and click the Details icon.
4. Click the Share icon. You will have two options: Invite to Share My
Screen or Ask to Share Screen.
5. If you select the second option on the remote computer, the user will see a
message asking them to Accept or Decline the request:
If the remote user clicks Accept, and this is a user you know and
frequently share the screen with, it is a good idea to save their
information in Contacts at this point. This way, the screen-sharing
session will start immediately the next time you initiate it, without any
messages asking the other user to accept.
6. If the user accepted, you will see the remote Mac. Click the pointer (Figure
14.34) to request permission to control.
7. At this point, the remote user will get a message asking for permission to
control the Mac. From the Screen Sharing menu, the remote user can also
allow you to control the screen without asking for permission.
You can also explore additional options for customizing the view, very similar to the
previous method.
Finally, let's take a look at the third option for remote controlling, this time via ARD.
[ 628 ]
Using macOS Sharing Services Chapter 14
The current version of ARD is compatible with macOS Mojave 10.14.6 and later.
And with this information, we have reached the end of this section. We explored the
remote controlling options in macOS through screen sharing via System Screen, the
Messages app, and ARD. In the next section, we will briefly explore additional
sharing services in macOS.
Internet Sharing
Printer Sharing
Bluetooth sharing
Remote Apple Events
Remote Login
Media Sharing
Internet Sharing
Through the Internet Sharing option, you can share your internet connection with
other users on your local network. You can do this even over an Ethernet connection.
This is practical when you are connected through Ethernet, and you need to share
your internet with another local computer, or the opposite; that is, if you are
connected through Wi-Fi and need to share your internet to computers using
Ethernet.
[ 629 ]
Using macOS Sharing Services Chapter 14
In this example, we will explain how to share the internet from a Mac connected
through Wi-Fi to another local machine using Ethernet:
In the same way you can share the internet, you can also share peripheral devices.
Let's see how that works next.
Printer Sharing
This section explains sharing printers with another Mac computer. These instructions
are for non-network (or non-wireless) printers that are plugged directly into your
computer. Yes! You can share those printers with other computers.
For this to work, the computers must be on the same local network and running OS X
10.4 or later.
[ 630 ]
Using macOS Sharing Services Chapter 14
If you add users to the users' list, access to the shared printer is No Access by default
for all users (Everyone) on your network. To change this behavior and grant access to
the printer to Everyone, click the triangle and choose Can Print.
To remove a user, select it from the list and click the - (Remove) button. Take into
account that you can't remove Everyone.
Bluetooth Sharing
Bluetooth sharing in macOS is useful for controlling how your Mac handles files that
have been exchanged between devices through Bluetooth; for example, when you're
exchanging files between your Mac and an Android phone.
However, if you wish to share files between Mac and iOS devices, the best choice is to
use the following tools:
The method explained here is for controlling how files are shared between a Mac and
other Bluetooth devices, such as Android phones:
[ 631 ]
Using macOS Sharing Services Chapter 14
Another sharing option is the ability to use Remote Apple Events. Let's explore it
next.
[ 632 ]
Using macOS Sharing Services Chapter 14
The next option in the Sharing preferences that we will explore is Remote Login.
Remote Login
When Remote Login is enabled, you can allow a remote computer to access your Mac
through Secure Shell (SSH). This is useful when you need to access and perform
advanced administrative tasks on your computer remotely by connecting through the
command line.
Take into account that you can't use Telnet to log into your Mac.
[ 633 ]
Using macOS Sharing Services Chapter 14
3. In the following screenshot, we're selecting Patrick as the only user that can
remotely log in:
4. Open Terminal or an SSH client from the remote computer you want to use
to access your Mac.
5. Type in the ssh command and then press Return.
6. Then, follow this format to log in: ssh username@IPaddress. For this
example, we will use Patrick's username since we enabled him in step 3. If
you don't know your Mac's username and IP address, open the Remote
Login pane of the Sharing preferences. Your username and IP address are
shown below the "Remote Login: On" indicator:
$ ssh patrickjohnson@192.168.0.12
7. Follow the prompts in Terminal, enter Patrick's password, and press Enter:
[ 634 ]
Using macOS Sharing Services Chapter 14
Here, you can see that the user is now connected from the remote computer to
Patrick's Mac account and is now able to perform tasks by using the command line.
Finally, we will review one more sharing option available in the Sharing preferences:
CD or DVD sharing.
Media Sharing
The Media Sharing option allows other devices on your network to browse and play
downloaded music, movies, and TV shows.
To activate it, go to the Sharing preferences, activate the Media Sharing checkbox,
and select the appropriate options.
Media Sharing is turned on when you select one of these two options: Home Sharing
or Share media with guests. The first option allows you to access your media library
on all your devices where you're signed in with the same Apple ID. The second
option allows you to share your media library with other computers on the same
network.
And with this information, we have reached the end of this chapter. Make sure you
check out the summary for a quick review of what we have covered.
[ 635 ]
Using macOS Sharing Services Chapter 14
Summary
In this chapter, we have looked at some very useful features in macOS for sharing
services, including various file-sharing services, how to use them, and how to use
AirDrop for quick, short-range file-sharing. We also saw how to use remote
controlling via System Screen, Messages, and ARD. You can now enable and
configure file-sharing services, including connecting to popular protocols such as FTP
and connecting to file shares on other Macs and even Windows computers. Using
AirDrop to send and receive files from nearby Apple devices is also a task you can
perform with ease. You now know how to remote control a Mac through the different
methods we covered. Finally, you are now aware of other sharing services available
on macOS, such as internet, printer, Bluetooth, Remote Apple Event Events, Media
Sharing, and how to log in remotely to your Mac using SSH.
In the next chapter, we will look at some important measures, tools, and technologies
that are available on macOS.
[ 636 ]
15
Managing Security in macOS
In this day and age, it is crucial to consider all the security measures and technologies
available to protect our company's, clients', and users' security and privacy. We will
see various security tools and features macOS has available to increase protection.
Apple Platform Security ensures all Apple devices' operating systems are protected in
all five main areas: hardware, system, data, applications, and services. In this chapter,
we will explore the most important tools and features to understand how security is
approached in macOS in those five areas. Take into account that most of the tools and
measures we discuss in this chapter require administrative privileges.
System security
Hardware security
Application security
Data security and encryption
User and services security
By the end of this chapter, you will know how to use and apply these tools and
features to improve security on the macOS machines you administer. Let's begin with
the technical requirements for this chapter.
Managing Security in macOS Chapter 15
Technical requirements
This is what you will need for this chapter:
Let's review these features and measures and how they can help you.
Signed system volume or SSV: macOS now uses a signed system using a
cryptographic technology that prevents the execution of files (and/or
access) that don't have a valid Apple signature. This means that the
integrity of system content is verified at runtime, and any data that doesn't
have a valid cryptographic Apple signature is rejected. This also allows
software updates to run in the background without user involvement.
[ 638 ]
Managing Security in macOS Chapter 15
System extensions: Since macOS Big Sur, Kernel Extensions (or KEXTs)
are being deprecated and replaced by system extensions. This improves
security because extensions will not have access to the macOS kernel
anymore and will run in user space. Developers are now instructed to
transition their software out from KEXTs and provide support to System
Extensions. If an app is using a deprecated KEXT, this will trigger a prompt
to contact the developer. And that's what you should do if this happens:
The developer has to provide you with an alternative or, in some cases, if
the extension is not deprecated yet, you will be able to temporarily allow it
from the System Preferences, as shown in Figure 15.1.
[ 639 ]
Managing Security in macOS Chapter 15
App permission: Apps now require your permission before accessing files
in Documents and Desktop folders, iCloud Drive, and other external
volumes. In Figure 15.2, we can see the prompt that appears when an app
installer is trying to access files in your Desktop folder. You can choose to
allow it according to whether you trust the application installer or not.
Find My: This app allows you to locate a missing or misplaced Mac, even if
it's offline or sleeping in some cases. And you could potentially lock the
Mac and/or erase the system disk. We explore this feature in more detail in
the Understanding User security section at the end of this chapter.
Activation Lock: Works in combination with Find My, and it is covered in
the same section mentioned earlier.
macOS built-in firewall: Unlike other traditional network firewalls, the
macOS built-in firewall allows or denies connections on a per-app basis
and not based on network port numbers. It even has a stealth mode, which
prevents the Mac from responding to unauthorized network connections,
including ping, traceroute, and port scan. This tool is explored in more
detail in the same section mentioned earlier.
System Integrity Protection (SIP): This feature is covered in detail at the
end of this section.
Malware protection: macOS has two built-in technologies for malware
protection: XProtect and the Malware Removal Tool (MRT). They are
covered in more detail in the Understanding Application security section later
in this chapter.
Besides these features, there are other measures and tools you can take advantage of.
Let's begin by reviewing some recommended practices to increase security.
[ 640 ]
Managing Security in macOS Chapter 15
Make sure automatic updates are turned on for system data files and
security updates: In order to receive security updates, including XProtect
and MRT, automatic updates must be turned on in the System Preferences.
Review the section on System Updates in Chapter 2, Installing and
Configuring macOS, for more information on the procedure.
Require users to log in with their own accounts: Remember that the first
account created after installing macOS is an administrative account. You
should make sure that other users logging into the same machine have
their own accounts so they can have their own files and settings separated
from the other users. If it's a one-time use, you can always take advantage
of guest accounts. User and guest accounts are covered in detail in Chapter
4, User Accounts Management.
Require users to use secure passwords: Make sure users don't use
passwords that are easy to guess (such as 1234 or 0000). The account
creation process in macOS offers a tool to create secure passwords.
Passwords are covered in detail in Chapter 5, Managing User Security and
Privacy.
Lock the machine when it is not in use: This is important so that no one
can access your machine while you are away. This can be achieved by
configuring your Mac to log out after being idle for a certain period of time.
Follow these steps to configure this:
1. Open System Preferences.
2. Click the Security & Privacy icon.
3. Make sure you are in the General tab.
4. Click the lock to authenticate as an administrator.
[ 641 ]
Managing Security in macOS Chapter 15
[ 642 ]
Managing Security in macOS Chapter 15
Using hot corners to lock your screen: This will automatically start the
screen saver when your Mac is inactive for some time, and it allows you to
use a shortcut by placing the pointer at a corner of the screen to activate it
yourself. Figure 15.5 shows the four hot corners that can be configured in
macOS.
[ 643 ]
Managing Security in macOS Chapter 15
[ 644 ]
Managing Security in macOS Chapter 15
6. Click the pop-up menu of the corner you want to configure and
select the Start Screen Saver option or any of the actions
available in the drop-down. In the example that follows, we
choose the top-left corner. You can choose to configure one or all
four hot corners. You can also configure to start the action by
pressing the Control, Option, Shift, or Command keys with a hot
corner; press the key you want to use (such as Shift) while
clicking the configuration drop-down menu. In Figure 15.7, we
configured the top-left hot corner to Start Screen Saver and the
lower-left hot corner to Disable Screen Saver but with the Shift
key. Click OK when ready.
7. Now, whenever you position the pointer on the hot corner you
just configured, the selected action will be executed. In the case
of the lower-left hot corner, the action will execute when we
position the pointer in that corner and press Shift at the same
time.
[ 645 ]
Managing Security in macOS Chapter 15
However, although its benefits are clear for users, developers, and administrators
should be aware of the security implications.
Bonjour uses Multicast DNS (mDNS) for performing DNS-like operations on the
local link in the absence of any conventional Unicast DNS server. It works even when
no infrastructure is present and also during infrastructure failures.
Finally, let's explore a key component of Apple's security implementation for their
devices: System Integrity Protection.
[ 646 ]
Managing Security in macOS Chapter 15
It does this by preventing users and processes (including malicious software) from
altering core macOS items, even if these users have advanced permissions
(administrator or root privileges). It even restricts the root user account from certain
actions on protected parts of the system. This system also protects core macOS apps
(apps bundled with the OS), such as Safari, Messages, and so on.
/System
/usr
/bin
/sbin
/var
Pre-installed core apps bundled with the macOS installer
If an app you want to use is not able to run because of compatibility issues with SIP,
the best recommendation is to ask the developer to provide a compatible version.
Otherwise, you can disable SIP following these steps:
1. Restart the Mac and enter the Recovery interface as appropriate for your
Mac model (Intel-based or M1 chip).
2. Open the Terminal from the Utilities menu.
3. Enter the csrutil disable command.
4. Enter reboot to reboot the Mac.
Because of the security risk of disabling SIP, you should reenable it as soon as
possible. To reenable SIP, follow these steps:
Take into account that the SIP setting is saved to the computer's firmware; therefore,
resetting the Parameter RAM (PRAM) will also reenable SIP. Resetting PRAM is
covered in Troubleshooting Tips. Performing a software update may also re-enable
SIP.
[ 647 ]
Managing Security in macOS Chapter 15
And with this explanation, we have reached the end of this section. We reviewed the
tools and features macOS offers to protect system security, including the latest
features introduced in macOS Big Sur and Catalina, such as the Signed System
Volume (SSV) and the Read-Only system volume. We also saw the recommended
security measures that should be implemented, and what you could do if you are
concerned about mDNS. Finally, we saw how System Integrity Protection (SIP)
protects your system resources.
In the next section, we will explore the available tools macOS offers for hardware
security.
Firmware password
T2 Security Chip (Intel-based Macs)
Macs with the Apple M1 silicon chip
Both these tools are managed through the Startup Security Utility, which can be
accessed through the Recovery system as we will see later in this section. Let's learn
more about these features.
Firmware password
The firmware password is used to prevent your Mac from starting up from any disk
other than the one configured as the startup disk. Its primary purpose is to prevent
unauthorized users from using startup shortcuts (such as the Option key) to bypass
other passwords in place to access the computer's operating system and make
changes. Take into account that the firmware password is no longer supported in
Macs with the Apple M1 silicon chip. We explained this tool in detail, as well as how
to configure it in Chapter 5, Managing User Security and Privacy, if you would like to
go back to review it.
The firmware password is not the only tool available at the startup level. In the next
section, we will see another, more recent and more powerful, feature.
[ 648 ]
Managing Security in macOS Chapter 15
You can follow these steps to find out whether your Mac has the T2 chip:
1. Go to the Apple menu and press the Option key to reveal the System
Information option.
2. On the left menu, look under the Hardware section.
3. Select the Controller option; if you have the T2 chip, it will display here, as
seen in Figure 15.8:
[ 649 ]
Managing Security in macOS Chapter 15
Here, we will explore the three main security features used in combination with the
T2 Security Chip:
Secure Boot
External Boot
Activation Lock
Secure Boot
This feature works only in computers with the Apple T2 security chip. Secure Boot
ensures only a legitimate and trusted operating system loads at startup.
Full Security: This is the default setting, offering the highest level of
security. It ensures only your current OS or, otherwise, an Apple trusted
and signed OS, runs on your computer. The OS is verified during startup
and, if it cannot be verified as legitimate, the Mac will connect to Apple to
download additional information to verify it. If despite this attempt, the OS
cannot be verified, this happens:
In the case of macOS, an alert will be displayed to download
a software update to reinstall macOS or choose another
startup disk that will also be verified before allowing it to
run.
If you are attempting to run Windows, an alert will be
displayed to inform you that you need to install Windows
through Boot Camp Assistant.
Medium Security: This allows any version of a signed OS (macOS or
Windows) to run. This means that even an OS that once was trusted by
Apple but no longer is will be able to run. If the OS cannot be verified, this
happens:
In the case of macOS, an alert will be displayed to download
a software update to reinstall macOS or choose another
startup disk that will also be verified before allowing it to
run.
[ 650 ]
Managing Security in macOS Chapter 15
You can configure Secure Boot through a tool called Startup Security Utility:
1. Turn on your Mac, or restart it, and press Command + R as soon as you see
the Apple logo to start up from the macOS Recovery interface.
2. When you see the Recovery interface, go to the Utilities menu at the top,
and select Startup Security Utility.
3. Authenticate as administrator.
4. You will see the Startup Security Utility configuration window. You will
notice that, by default, Full Security (Figure 15.9) is selected. You can leave
this default, recommended setting, or change it according to your
requirements.
Now that you understand what Secure Boot does and how to use it, let's examine
another feature that is available with the T2 chip: External Boot.
[ 651 ]
Managing Security in macOS Chapter 15
External Boot
This feature allows you to control startup from external media, such as an external
drive or a flash drive. It also works in combination with the T2 chip. By default, it is
set to Disallow booting from external media.
In some cases, for example, when you need to reinstall from external media, you will
need to modify this configuration to allow booting from external media. Follow these
steps to modify the default, recommended setting:
1. Follow the steps stated in the previous section to open Startup Security
Utility.
2. Next, in the External Boot section at the bottom, select Allow booting from
external media and quit Startup Utility.
3. Then, you can go to the Apple menu and choose the Startup Disk menu
option.
4. Select the external disk you want to boot from.
5. You will now be able to restart the Mac to boot from the external
disk. Alternatively, you can use the Option key at startup to choose a disk to
boot from (if a firmware password is configured, you will need to provide
it to continue).
Finally, let's explore the third feature that works when a T2 chip is available on a Mac
machine.
Activation Lock
This is another feature that works in combination with the T2 security chip. It helps
prevent anyone from using your Mac without authorization. This is useful if your
Mac ever gets stolen, lost, or misplaced. It also works in combination with the new
feature Find My. If you meet the requirements, just enable Find My, and Activation
Lock will be enabled automatically. You will find more details on using the Find
My and the Activation Lock features in the Understanding User Security section at the
end of this chapter.
macOS also has technologies and features in place to protect apps, as we will discover
next.
Next, we will explore how these features are different in Macs with the Apple M1
silicon chip.
[ 652 ]
Managing Security in macOS Chapter 15
As a consequence, Startup Security Utility in Macs with the M1 chip has changed and
been renamed Startup Security Utilities. You now have the following options:
1. Turn on your Mac, or restart it, and press and hold the Power button until
you see the Options gear icon.
2. Select Options and click Continue.
3. Select a known administrator and enter the password. Click Next to
continue.
4. When you see the Recovery interface, go to the Utilities menu at the top,
and select Startup Security Utilities, as seen in Figure 15.10:
[ 653 ]
Managing Security in macOS Chapter 15
5. You will see the Startup Security Utilities configuration window (Figure
15.11). As you can see, the Firmware password option no longer appears
and we now see the options described earlier. You can leave the default,
recommended setting (Full Security), or make changes according to your
requirements.
In this section, we saw the tools provided for hardware-related security, including the
firmware password, and the features used in combination with the T2 chip in Intel-
based Macs. We also saw how these features change in Macs with the M1 silicon chip.
In the next section, we will examine application security.
[ 654 ]
Managing Security in macOS Chapter 15
The topics we will explore will be divided into two main sections:
App sandboxing
Code signing
File quarantine
Gatekeeper
Malware detection
Notarization
Let's explore briefly what they are, and how they help to protect the system and
users.
App sandboxing
Through sandboxing, apps are isolated from the rest of the user and system resources
and are allowed access only to the resources they need. In other words, this
technology prevents apps from accessing user files and folders they don't need to
carry out their functions. An easy way to explain how sandboxing works is that apps
"play" inside a container that has no, or very limited, access to system and user files.
Naturally, this technology increases system and user security. As of June 2012, it is a
requirement for all apps available from the App Store to use app sandboxing. There is
nothing the user needs to do to take advantage of app sandboxing; it is really
developers who have to integrate it during development.
[ 655 ]
Managing Security in macOS Chapter 15
Code signing
The system uses code signing to verify software authenticity and integrity. It verifies
whether the app is from a known developer and that it hasn't been tampered with
since it was last signed. App developers have to take into account that before their
apps can be submitted to the App Store, they must be signed with a certificate issued
by Apple. Developers must obtain their unique Developer ID to be able to generate
Developer ID certificates. The App Store verifies the certificate and makes sure it
hasn't been altered. If it finds a problem, the app is removed. This is why the safest
place to download apps is the App Store.
If you choose to download apps from the internet or directly from a developer's
website, macOS still protects your Mac through two other technologies: File
quarantine and Gatekeeper, which both work in combination with code signing; let's
explore the first one next.
File quarantine
File quarantine is a feature that validates apps that download files from the internet.
In this case, when a user attempts to open an item downloaded from an unknown
source (the internet, for example), the system displays a warning, like the one seen in
Figure 15.12.
Take into account that this feature only works with specific "quarantine-aware" apps
that can include quarantine attributes in files from external sources:
When you open a file through any of these quarantine-aware apps, you will see a
warning like the following:
[ 656 ]
Managing Security in macOS Chapter 15
If the user that downloaded the file opens it, the quarantine attributes are removed.
However, if other users open the file, the warning will display every time. Take into
account that the user who downloaded the file is the only one who can remove the
quarantine attributes by opening the file.
Applications other than the ones mentioned previously will now display
the quarantine warning.
Copying a file from external media, such as a USB, to the Finder will not
activate the quarantine warning.
A code-signed app will not display a quarantine warning.
This feature works in combination with another feature that we will look at next.
Gatekeeper
Gatekeeper is another Apple technology that works in combination with file
quarantine and code signing. It is designed to ensure only trusted software runs on
your Mac and that it does not contain malware. A signed app will not trigger a
warning when opened as it is considered to be safe. But, if you download apps from
the internet or directly from a developer's website, macOS still protects your Mac
through Gatekeeper. In this case, Gatekeeper checks the Developer ID signature to
verify the developer's identity, and it verifies that the app has not been altered. If the
app is not signed by an identified developer or notarized, Gatekeeper will prevent
you from opening it. However, if you are sure the app you downloaded is safe, you
can bypass this protection that prevents it from opening. The procedure is explained
in the Verifying app security settings section.
Gatekeeper also protects your system from malicious plugins that may be included
with apps. Gatekeeper opens the apps from read-only locations, which prevents the
loading of harmful plugins included with apps.
[ 657 ]
Managing Security in macOS Chapter 15
Next, let's examine the built-in technology macOS uses for malware detection.
Malware detection
Malware detection works in combination with the quarantine and notarization
features. Since Mac OS X Snow Leopard, the macOS update system automatically
updates a list of known threats. When you open a quarantined file, the system verifies
malware included in the list of updates.
macOS uses two technologies for malware protection: XProtect and the Malware
Removal Tool (MRT):
Finally, let's explore another technology that works in combination with malware
detection.
Notarization
Notarization works in combination with malware detection. It is a process that
informs you that Apple has carried out a security check and confirms that no
malicious software was found. macOS Catalina and later requires software to be
notarized and requests your approval before opening software that has not been
signed or notarized to make sure you understand the risks of doing so.
[ 658 ]
Managing Security in macOS Chapter 15
When you open an app that has been notarized by Apple, you will see a message like
the one in Figure 15.12.
In the next section, we will explore how to verify the configuration of the security
settings related to the technologies we just saw and how you can make some changes
to bypass the protections that prevent you from opening certain apps.
[ 659 ]
Managing Security in macOS Chapter 15
If your Mac is still configured with the default settings, and even if it's configured to
Allow apps downloaded from: App Store and identified developers, you might not
be able to install an app that was not downloaded from the App Store. Let's see next
what to do in that case.
[ 660 ]
Managing Security in macOS Chapter 15
3. You should see a notice at the bottom that indicates the app was blocked
(Figure 15.15). Click the button to Open Anyway:
4. A new warning will appear with the option to Open the app. Click on
Open Anyway.
5. In this case, we are sure this app is safe, therefore, we will go ahead and
open it. When you choose Open Anyway, an exception will be recorded in
the security settings, and you will be able to open the app from that point
on.
In this section, we explored the technologies related to app security, such as app
sandboxing, code signing, and more. Also, we saw how to verify your app security
settings and make the necessary changes to open apps from unknown developers. In
the next section, let's explore the technologies that allow you to keep your data safe.
[ 661 ]
Managing Security in macOS Chapter 15
Types of encryption
FileVault
Encryption in Macs with an M1 chip
Encrypting external media
Types of encryption
macOS offers two types of encryption:
Although the SSDs of computers that have T2 chips are encrypted automatically, it is
recommended to turn on FileVault for extra protection. This way, decryption is not
performed automatically, but a password is required to decrypt the data instead. We
will explore FileVault in the next section.
[ 662 ]
Managing Security in macOS Chapter 15
What is FileVault?
FileVault is a macOS encryption technology that helps to protect user data. It
accomplishes this through the seamless conversion of the standard system volume
into a protected system volume.
FileVault is available since OS X Lion (10.7) and later. The current version of FileVault
is also sometimes referred to as FileVault 2, in order to distinguish it from the older
version running in Macs with versions older than OS X Lion, now known as FileVault
Legacy; however, most Macs now use the new version.
FileVault can be used both with Mac computers with the T2 security chip or without
it. The difference will be the type of encryption available for the system volume:
When FileVault is enabled, what happens is that your Mac will always require your
user account password to log in. The FileVault technology includes account password
synchronization, and this means that if you change your user account password, it
will automatically sync with FileVault. You won't need to do anything. There's no
need to re-encrypt the volume when users change their password, and that's one of
the advantages of this technology. Also, there's minimal impact on the user
experience since you can continue to work on your computer while the encryption is
being completed. In fact, most processes and applications will continue to behave as
usual and won't be affected by the volume encryption. The time it takes to encrypt
will depend on the amount of data in the disk.
Take into account that when FileVault is turned on, the Guest
account will only be able to use Safari; it won't have access to the
encrypted disk, and it won't be able to create files.
In this section, we will learn how to manage FileVault, including the following:
FileVault Recovery
Enabling FileVault
Turning off FileVault
[ 663 ]
Managing Security in macOS Chapter 15
Let's find out how to enable FileVault, but first, we need to decide which recovery
option we will be using.
FileVault Recovery
There are a few methods, depending on your version of macOS, to unlock a system
when the user forgets or lose their password so that they or an administrator can
regain access to the computer and reset the user account password:
These methods will be explained in detail later in this section; we mention them here
because you need to know which method you will use when you enable FileVault. If
you need more detail on how each method works, you can review the section that
details each method before you enable FileVault.
Enabling FileVault
In older versions of macOS, it was possible to enable FileVault during the initial
configuration of a recently installed or upgraded Mac through the Setup Assistant. In
macOS Big Sur, you can enable it by following these steps:
[ 664 ]
Managing Security in macOS Chapter 15
6. Next, you should select how you want to unlock the disk and reset your
password if you forget it. This is very important since you won't be able to
access the disk if you forget your password. For this example, we will
choose the first option in Figure 15.17, Allow my iCloud account to unlock
my disk:
[ 665 ]
Managing Security in macOS Chapter 15
7. When the procedure completes, you will see the message FileVault is
turned on for the disk "[disk name]".
8. Restart the computer for FileVault to start asking for a password to log in
and access the data.
Now, the next time you turn on your Mac, you might see the screen is now light gray,
and you will need to enter your user account password for the system disk to
decrypt. Login will take a little longer now as the disk has to be decrypted.
If there are other users on the same machine, they are authorized to decrypt the disk
as well. However, in older versions of macOS, you may see a window prompting you
to enable each user to access the protected disk. Just click the Enable User... button for
each user.
If for any reason, you no longer need to encrypt your startup disk, you can turn off
FileVault as easily as you turned it on. The procedure is explained next.
And that's it! The next time your restart the Mac, you will no longer be asked to
provide your user account password to decrypt the disk.
[ 666 ]
Managing Security in macOS Chapter 15
Now, if you want to change your recovery key, you can do it by following the
procedure explained next.
If you have lost access to your Mac, for example, because you don't remember your
user account password, you can recover access through the method you selected
when enabling FileVault or even through other user account password recovery
methods, as we will see next.
These methods are explained in Chapter 5, Managing User Security and Privacy; we
won't repeat them here. Please, feel free to go back to that chapter to review them in
detail. Let's see a quick overview of each next.
[ 667 ]
Managing Security in macOS Chapter 15
If neither method is useful for you because you lost access to your iCloud account or
you don't remember where you stored the local Recovery Key, then you can try the
regular account password reset methods explained below.
Through the Users & Groups preferences: This method assumes you have
lost access to your account, but an administrator has access and can help
you through the Reset Password... button in the Users & Groups
preferences.
Using the Reset Password assistant: If FileVault is turned on and you
forgot your account password, you can use the Reset Password assistant.
Using the resetpassword command: This method requires you to enter
Recovery mode and use Terminal.
Using your Apple ID: If the option is enabled, you can use it as well to
reset your user account password.
In this section, we saw how FileVault provides encryption for your system disk, how
it works, how to enable it and turn it off, and how to recover access to your encrypted
disk if you lose access to your account.
[ 668 ]
Managing Security in macOS Chapter 15
Macs with the Apple M1 silicon chip don't require the T2 chip anymore, as the
features it provided are transferred to the new chip. Therefore, Mac models that
today have the T2 chip will not have it anymore when released in the M1 chip model
version.
In the next section, we will see how we can also encrypt external disks with macOS.
1. Open Finder.
2. Select the external volume/media you want to encrypt, either on the sidebar
or on the desktop.
3. Right-click the volume/media and select Encrypt.
4. You will be asked to enter a password. IMPORTANT! Copy this password
in a safe place so that you will remember it. This is not the same password
as your user account. If you lose this password, you will permanently lose
access to the data stored in the volume/media. There is no recovery method
in this case.
[ 669 ]
Managing Security in macOS Chapter 15
And that's it! When the process completes, your volume/media will be encrypted, and
you will be required to enter a password to decrypt it and access the data on that
media.
In this section, we explored the tools and technologies macOS offers for data security.
We examined how macOS uses encryption, which types of encryption are available,
and the main technology macOS uses to encrypt and protect the system disk, called
FileVault. We also saw how to encrypt external media to protect your data further.
You can now use these tools to ensure your clients' and your users' data is safe.
Now that we have examined most of the tools and measures for system, app, and
data security, let's now look at some additional tools to enhance user security.
Two-factor authentication
Login Options
Firewall
Screen Time
Find My
Guest account
Family sharing
[ 670 ]
Managing Security in macOS Chapter 15
In the latest macOS versions, the iCloud Security Code is a number generated from a
two-factor authentication device enabled for your Apple ID and iCloud. This is
because now when you create an Apple ID, you are requested to provide a trusted
phone number for verification purposes, and two-factor authentication is turned on
by default. When you associate your Apple ID with your account on a Mac, iCloud is
set up with two-factor authentication turned on as well in the same way, by
providing a phone number.
The code generated will appear on the phone or another Apple device you provided
and associated with your iCloud account. If you don't have access to either of those
devices, then the code will be accessible on the first device, usually the Mac where
you activated the Apple ID initially. But this code will most likely be pointless
because if you forgot your login password, it is very likely that you won't be able to
access that Mac. It's a good idea to have other devices associated with this Apple ID if
you want to recover login access through the Apple ID.
When you are trying to authorize a new device to use your Apple ID, you will see a
message like the one in Figure 15.18 on the device you provided as the second factor.
[ 671 ]
Managing Security in macOS Chapter 15
When you click on Allow, you will see a security code on the second-factor device, as
seen in Figure 15.19:
Next, you will need to enter that code on the device you are trying to approve for
using the Apple ID. In the example in Figure 15.20, we enter the verification code in
the Mac we want to authorize:
[ 672 ]
Managing Security in macOS Chapter 15
When you first enabled the iCloud keychain service for a given Apple ID, you were
prompted to enter the security code. It was not mandatory to set it, but if you didn't,
you would have needed to have physical access to the original device where the
service was initially set up to authorize access to the information stored in the iCloud
keychain for a new device. As mentioned earlier, if you lost access to all your devices,
you could regain access to your iCloud keychain by adding a new device through this
code. If you lost access to all your devices and didn't have a security code, the only
option was to reset the iCloud keychain, but in this case, all the contents of your old
keychain would be lost.
This is why the process has been simplified by using two-factor authentication by
default to authorize other devices. However, we detail this information here since this
change is recent, and there might be users using older versions of macOS.
Code Plus Verification was the default method for adding this code, and it works in
combination with an SMS text message validation. With this method, you would be
asked to choose a six-digit code and provide a phone number for the text messages.
Complex Security Code was an advanced method for a more complex and more
secure code. It comprised a code of up to 32 characters.
Random Complex Security Code was also an advanced method where a random,
complex code of up to 32 characters was generated. However, in this case, you would
need to provide a phone number since the method was combined with text message
validation.
If you lost access to the phone number for the text message
validation, you would need to contact an authorized support
professional for assistance.
[ 673 ]
Managing Security in macOS Chapter 15
To see, edit, or disable the iCloud security code, you would go to iCloud
Preferences and click the Options button next to the keychain item. In macOS
Catalina and later, the Options button no longer shows, but you can go to the Apple
ID preferences, click the Password & Security menu, and click the Edit button to add
trusted phone numbers, get a verification code, or turn on the Recovery Key feature
(Figure 15.21):
Of course, you can also manage two-factor authentication from your Apple ID
account on the Apple ID website: https://appleid.apple.com. Another way you can
increase user security is by restricting the login options. Let's explore how that works.
[ 674 ]
Managing Security in macOS Chapter 15
Login options
In the Users & Groups preferences, you have extra options that can be used to
enhance user security and privacy. These are as follows:
Automatic login
Display of usernames
Automatic login
This option allows you to automatically log in as a specific user when the Mac is
turned on, without the need to enter a password. This option is disabled by default,
and it should stay that way if more security is desired.
[ 675 ]
Managing Security in macOS Chapter 15
You could also choose any user from the list and enable Automatic login for that user
if you are certain that it does not constitute a security risk.
Let's explore another setting in the same location that you can use to protect your
users' privacy.
Display of usernames
These extra options in the Users & Groups preferences allow you to protect your or
your users' privacy better. For example, you can do the following:
Change the login window to display as Name and password instead of List
of users. This will show blank name and password fields instead of the
username (Figure 15.22).
Change the Show fast user switching menu option from Full Name to
Account Name or even Icon for more privacy (Figure 15.22).
Next, we'll explore a built-in tool that protects against unwanted connections from
outside.
[ 676 ]
Managing Security in macOS Chapter 15
4. After enabling it, you should be able to click on the Firewall Options...
button.
5. You will be presented with more options to customize the firewall (Figure
15.24):
Block all incoming connections: If enabled, it will block all
incoming connections from nonessential services and apps,
allowing only essential connections such as DHCP, Bonjour,
IPSec, and so on. If you enable this option, you might have
problems using certain apps. For this reason, it is disabled by
default. If you choose to use it, you have Add (+) and Remove (-)
icons below to add applications for which you wish to allow
connections.
Automatically allow built-in software to receive incoming
connections: This option is selected by default. It allows built-in
apps and services signed with a valid certificate to be
automatically added to the list of allowed apps.
Automatically allow downloaded signed software to receive
incoming connections: This option is selected by default. It
allows downloaded apps and services signed with a valid
certificate to be automatically added to the list of allowed apps.
[ 677 ]
Managing Security in macOS Chapter 15
[ 678 ]
Managing Security in macOS Chapter 15
Screen Time
This feature, available since macOS Catalina, replaces the parental controls that were
available in previous versions of macOS. This tool is very helpful for monitoring kids'
screen time usage and restricting the type of content they can see. More specifically,
Screen Time allows you to do the following:
Track usage
Limit usage
How to enable Screen Time and use its features is explained in detail in Chapter 4,
User Accounts Management.
Next, we will see another important feature designed to offer you recovery options if
your Mac is misplaced, lost, or stolen.
Find My
Find My is a feature (available since macOS Catalina) that combines Find My iPhone
and Find My Friends to allow you to locate and even protect your Mac if it's
misplaced, lost, or stolen.
An Apple ID.
An iCloud account.
Location Services must be turned on.
Access to iCloud on another device or the internet.
Your Mac and devices must be updated to the latest macOS version (at
least iOS 13 for devices and iPadOS for iPad) and watchOS if you plan to
use your Apple Watch.
To enable this feature, we need first to make sure Location Services is turned on:
1. Open System Preferences and click on the Security & Privacy icon.
2. Select the Privacy tab and then Location Services, as shown in Figure 15.25.
3. Next, click on the lock icon at the bottom to authenticate as an
administrator.
[ 679 ]
Managing Security in macOS Chapter 15
6. Make sure the Find My Mac checkbox is enabled, as seen in Figure 15.26:
[ 680 ]
Managing Security in macOS Chapter 15
1. After enabling Find My Mac in the previous steps, you will see an Options
button besides Find My Mac (Figure 15.27). If you see a Details button
instead, it means you need to enable Location Services, as indicated earlier.
[ 681 ]
Managing Security in macOS Chapter 15
2. Click the Options button; you will have these options to configure (Figure
15.28):
Find My Mac: This enables locating, locking, or erasing the Mac.
Find My network: This new feature enables locating the Mac
even if it's not connected to Wi-Fi or a data network. This is
possible thanks to a crowdsourced network of millions of Apple
devices that use Bluetooth technology to detect a nearby device
and report the approximate location to the owner.
If your Mac is misplaced or stolen, and Find My is set up, this is what you can do:
1. Sign in to iCloud.com (or open the Find My app on your iPhone, iPad, or
iPod touch).
[ 682 ]
Managing Security in macOS Chapter 15
2. Click on Find.... Don't worry if it says Find iPhone as in Figure 15.29; in this
section, you will find all your Apple devices that have Find My enabled,
including your Mac:
3. By default, you will see the location of all your devices on a map, but you
can select a specific device from the All Devices drop-down list, as seen in
Figure 15.30:
[ 683 ]
Managing Security in macOS Chapter 15
4. Select your device from the list. You will see a window open with actions to
perform (Figure 15.31). We will see these actions in more detail in the next
section. You can also choose Directions to open the location in the Maps
app and obtain directions.
Let's examine another action we can perform after the Mac has been located on the
map.
Playing a sound
Once you have located your Mac on the map, you can do a few actions; one of them is
playing a sound. This is useful if your Mac is misplaced in a large office, for example.
For playing a sound to work, your Mac must be nearby and online. If your Mac is
offline, it will play the sound when it connects to a network:
As you can see in Figure 15.31, the Lock and Erase Mac options will also appear in the
same location as the Play Sound button; however, there are specific requirements for
locking and erasing that we will describe next.
[ 684 ]
Managing Security in macOS Chapter 15
Activation Lock turns on automatically when you configure Find My. If you see
Disabled instead, it means Find My is not enabled or your Mac does not have the T2
security chip.
[ 685 ]
Managing Security in macOS Chapter 15
Once these verifications are done, you can proceed to lock your Mac:
Make sure to disable Activation Lock if you sell or give away your Mac. This can be
achieved through two methods:
Another action you can perform is to erase your Mac to protect your information if
you have no other choice. Let's see how you can do that.
[ 686 ]
Managing Security in macOS Chapter 15
Take into account the following important information if you decide to erase the Mac:
And with this, we have covered pretty much everything about the Find My feature.
We saw how to enable it and use the actions enabled, such as locating your Mac on a
map, playing a sound, locking it, and even erasing it.
Next, we will discuss a couple more features that require your attention to keep your
users and data secure.
Guest accounts
Guest accounts allow any person to temporarily use your Mac without having to
create an account, protecting your data at the same time. The important detail to
remember about guest accounts is that all data and settings will be removed after the
user logs out of the guest account. (Make sure anyone using a guest account knows
that! Many users don't.)
[ 687 ]
Managing Security in macOS Chapter 15
Family Sharing
Family Sharing is a feature that allows you to share App Store purchases and
subscriptions with other family members without having to share your personal
Apple ID. Besides protecting your Apple ID, it allows you to control children's
permissions in combination with the Screen Time features. With Family Sharing and
Screen Time, you can approve purchases and downloads.
Family Sharing is covered in detail in Chapter 10, Managing Apps and Documents.
And with this feature, we have reached the end of this section, where we explored
tools, features, and practices to protect user security. We examined the iCloud
Security Code, how to enable two-factor authentication, and the login options that can
help you protect user privacy. We also reviewed features that are quite recent, such as
Screen Time, and others that have been around for some time but have been
improved, such as Find My.
We have also reached the end of the chapter. Be sure to check the summary below for
a quick recap of what we covered.
Summary
In this chapter, we explored tools, measures, technologies, and features macOS offers
to help you protect your security and privacy, as well as your users'. We saw them
grouped into five main areas: system, hardware, application, data and encryption,
and user security. You are now aware of which macOS security features protect the
system, such as System Integrity Protection (SIP), and the recommended security
measures that you should implement to promote a safe environment, such as always
requiring the use of secure passwords. At the same time, you know how to enable a
firmware password for extra security to avoid unauthorized users bypassing the
system startup through keyboard shortcuts. You also know how to use FileVault for
full-disk or full-system encryption to protect your data. Finally, you are now aware of
the extra features that help you and your users be more secure, such as Screen Time
and Find My.
In the next chapter, we will explore some advanced techniques for administration
through the use of the command-line Terminal.
[ 688 ]
16
Using the Command Line
The command line is an advanced and powerful way to interact with macOS without
the use of the GUI. Although most fundamental administrative tasks can be done
using the macOS GUI, sometimes it can be more practical to execute them through the
command line. Some advanced administration tasks can only be executed through
this tool.
The macOS command-line tool is based on the Unix operating system. Take into
account that there are hundreds of Unix commands; there's a lot you could do!
However, in this chapter, we will explore how this tool works in macOS. We will see
some examples of some of the most used commands, when and why you should use
the command line in macOS, when you should use the sudo command, and other
common commands you can use to manage files and monitor the system.
Remember that this tool is very powerful and that you can
potentially render your system unstable or unusable if you don't use
it correctly. Proceed with caution.
Technical requirements
This is what you will need for this chapter:
Regardless of how you connect to the command-line tool (we will explain the
different ways you can access it shortly), you obtain access to the input and output of
a Unix shell process or shell scripting. Different shells have different features and
may use a different syntax. More specifically, this is what we will discuss in this
section:
Let's start by examining when and why you should use the command line.
[ 690 ]
Using the Command Line Chapter 16
[ 691 ]
Using the Command Line Chapter 16
In the following screenshot, % is the default zsh prompt symbol. Other shells use
other symbols; for example, bash uses $. We will learn more about the default shell in
macOS later in this chapter. We can see that the machine name is macos-big-sur, the
username is administrator, and the current directory is the home folder, represented
by ~, which is a short way to point to the user's home folder:
Now that you know the command-line prompt's structure, let's talk about the
command-line string. It has four parts:
Name
Options/flags
Arguments
Extras
The general form of a UNIX command can be represented in the following way:
[command] [-option(s)/flag(s)] [argument(s)] [extra(s)]
The command portion is the command name or the "verb." It describes what
you want to do and what the command does.
Think about the option(s)/flag(s) part as if they were the "adjectives," which
modify how the command will run.
The argument(s) are the objects that the command will act on, typically a
directory path or a file.
The extra(s) part is any extra options.
[ 692 ]
Using the Command Line Chapter 16
What this command will do is remove the directory specified and all the contents in
it, as indicated by the -r flag.
Now, take into account that if you want to run commands as a superuser or as a user
different from the currently logged-in user, you will need to use the sudo command.
Let's take a brief look at the sudo command.
You don't need to enable the root user account to use this command, but you do need
to be at least an admin to use it.
To run commands using sudo, you need to access macOS's built-in command-line
tool or use other tools that support shell scripting.
sudo is the command that grants this user administrative rights for this
action.
ls is the command or action that stands for "list."
[ 693 ]
Using the Command Line Chapter 16
-l is the option that stands for "long," which means the command will be
displayed in long filename format.
/Users/johnadams/Documents is the argument that shows the path to
the directory the command should run on.
Once the command is executed, we will see some output that provides information
such as the owner of the files, the permissions, and the group they belong to. This can
be seen in the following screenshot:
In the following section, we will explore Terminal, the utility provided in macOS to
access the command line.
In this section, we will explain how to access Terminal and configure the
aforementioned features. We will cover the following topics:
[ 694 ]
Using the Command Line Chapter 16
You can access Terminal via the Recovery interface. Just to recap, you can
do that by holding down the Command + R (Intel-based) key combination or
by holding down the Power button (Apple M1) when your Mac is starting
up. If you need to review more about the Recovery system, check
out Chapter 2, Installing and Configuring macOS. When presented with the
Recovery interface, go to the Utilities menu and select Terminal, as shown
in the following screenshot:
[ 695 ]
Using the Command Line Chapter 16
You can also use remote login, which will usually be an SSH connection
that you can establish through an app such as WinSCP
(www.winscp.net/). It is an open source software that will let you connect
via SSH to a remote Mac, usually from a Windows computer. There are
other configurations necessary to use remote login, and we talk about them
in Chapter 14, Using macOS Sharing Services.
Finally, you can use single-user mode, which shows you a minimal UNIX
command-line environment that's useful mostly for attempting to repair
the startup drive, mounting drives, reading and writing files, and starting
some system daemons. We learned how to enter this mode in Chapter
3, The Start Up Process, if you want to review it.
If you will be using Terminal, you can take advantage of many features this tool
offers. Here are some of the most useful ones:
Customized profiles: macOS Terminal has predefined profiles, but you can
use customized profiles as well. You can customize many elements of the
Terminal experience, such as colors, fonts, background, and more.
Marks and bookmarks: Terminal output can quickly become very long.
You can add marks and bookmarks to navigate this output more easily.
Customize windows: You can use the inspector or Info window to
customize the windows, including changing their titles and background
colors.
[ 696 ]
Using the Command Line Chapter 16
4. Explore the options in the Text, Window, Tab, Shell, Keyboard, and
Advanced tabs to customize your profile even further:
[ 697 ]
Using the Command Line Chapter 16
You can also apply a profile to a specific Terminal window. To do that, follow these
steps:
Besides customizing your Terminal experience, you can also take advantage of some
of the features to manage your Terminal's output by using marks and bookmarks, as
we will explore next.
Marks are used mostly to mark command-line prompts and lines in the
Terminal's output. The Terminal app uses brackets [ ] as marks, as shown
in the following screenshot:
[ 698 ]
Using the Command Line Chapter 16
You can change this behavior so that prompts are not marked anymore. To
do this, with the Terminal app open, go to Edit in the top menu, next to
Marks, and make sure Automatically Mark Prompt Lines is deselected.
Bookmarks use heavier vertical bars, and they are mostly used to mark
sections of content. However, you can also bookmark rows or insert them
into specific parts of your output with either a timestamp or
name/timestamp. The Terminal app uses vertical bars, |, to mark
bookmarks, as shown in the following screenshot:
To remove a mark or bookmark, select the rows, right-click, and then choose Unmark
from the contextual menu or the Edit top menu option.
[ 699 ]
Using the Command Line Chapter 16
3. Note that the bookmark will be inserted just above the next available
command prompt, as shown in the following screenshot:
To locate a mark or a bookmark, go to the Edit top menu option, select Navigate, and
choose one of the options to jump to a bookmark, as shown in the following
screenshot:
[ 700 ]
Using the Command Line Chapter 16
[ 701 ]
Using the Command Line Chapter 16
In this section, we learned how to customize the macOS Terminal to make advanced
administration through the command line more convenient. If you are familiar with
the command line, then you probably know that the macOS Terminal works with
Unix shells. macOS has a default shell, but you can change it according to your
requirements, as we will see next.
[ 702 ]
Using the Command Line Chapter 16
zsh or the Z shell (www.zsh.org) is preferred over bash these days because it has
many improvements. These are some of the most important ones:
Remember that, since macOS Catalina, zsh is used as the default login and interactive
shell. Therefore, if you've recently upgraded to macOS Catalina, you will see a
warning similar to the one shown in the following screenshot:
There are at least two ways you can configure or update your shell:
Follow these steps to configure the shell through the Terminal application:
[ 703 ]
Using the Command Line Chapter 16
3. In the General tab, in the Command (complete path) field, enter the path
to the shell you want to use. In the following screenshot, the path is
/bin/zsh. Change it as you wish:
To configure the shell through the Users & Groups preferences, follow these steps:
[ 704 ]
Using the Command Line Chapter 16
Figure 16.16 - Updating the shell through the Users & Groups preferences
You can visit this support article for more information on changing
the default shell for the macOS Terminal: https://support.apple.
com/HT208050.
5. Select the login shell you wish to use from the drop-down menu, as shown
in the preceding screenshot.
Once you have the shell set up, you will be able to use the commands available for
that shell. Many commands are available. In the next section, we will look at some of
the most essential commands.
[ 705 ]
Using the Command Line Chapter 16
You can look at the list of commands built into the specific shell you are using, known
as "builtins," by using the following commands for specific shells. These commands
will return a list of the specific shell's built-in commands, as well as examples of their
use:
Shell Command
tcsh builtins
bash help
zsh man zshbuiltins
Common commands
Uncovering hidden files and folders
Hiding specific files and folders
Let's begin with the first section, where we will cover commonly used commands.
Common commands
You can use many commands with macOS Terminal, but the following are some of
the most popular and commonly used commands and key combinations that you will
probably learn off by heart very quickly. The following screenshot shows a table of
commonly used commands:
[ 706 ]
Using the Command Line Chapter 16
[ 707 ]
Using the Command Line Chapter 16
The following are some key combinations you will also find very handy:
We will only look at some examples for a few commands, along with some
screenshots, for you to get a good idea of how they are used. Let's get started:
[ 708 ]
Using the Command Line Chapter 16
This will change the Documents folder's permissions to 755, which means
read, write, execute permissions for the Owner; and Read Only for Group
and Everyone.
To use this command and the next one, you need to have a good
understanding of Unix ownership and permissions. We describe
macOS ownership and permissions in Chapter 7, Understanding
Ownership and Permissions.
In the following screenshot, in the Info window, we can verify that the file's
permissions for the Documents folder have changed after running the chmod
command:
[ 709 ]
Using the Command Line Chapter 16
ls: In the following example, we will use the ls –l command. This allows
us to see the file and folder permissions in a specific directory; in this case,
the user's home directory:
[ 710 ]
Using the Command Line Chapter 16
mkdir: The syntax for this command is very simple: mkdir [new
directory].
pwd: Earlier, we changed to the Documents directory. The following
command shows the full path to that directory, as shown in the following
screenshot:
In the next section, we will look at another very important use of the command line,
which is to uncover hidden files and folders.
In this section, we will learn how to uncover all hidden files and folders
through Terminal. In the next section, we will learn how to pick specific items and
hide them; perhaps a folder you don't want anyone to see.
[ 711 ]
Using the Command Line Chapter 16
If you go to Finder now, you will see many other hidden files and folders, as shown
in the following screenshot:
To revert to the original Finder with the hidden files and folders, just use
Terminal again and type:
defaults write com.apple.finder AppleShowAllFiles FALSE
This will reset the Finder window and show the files as usual again.
[ 712 ]
Using the Command Line Chapter 16
Just like you can access files and folders hidden by default by macOS or uncover
them all through Terminal, you can also pick specific items and hide them yourself;
perhaps a folder you don't want anyone to see. This is what we will see in the next
section.
The first is a Unix method, and it hides the item from Finder and Terminal when
you're listing items.
The second is a Mac feature, which consists of enabling the file flag so that it's not
visible in Finder. Take into account that this method will not hide the item in
Terminal.
Follow these steps to use the first method. In this example, we will hide the file
named test.rtf, located inside the administrator's Documents folder:
1. Open Terminal.
2. Change directory to the folder that contains the file you want to hide with
the cd command (replacing this with your actual path) and
press Enter when you're ready:
cd /Users/administrator/Documents
[ 713 ]
Using the Command Line Chapter 16
To undo what you just did and show the file again in Finder, follow the same steps
you followed previously, but do the opposite to rename the file with the period to one
without a period:
1. After changing the directory to where your file is located, use the same
command, but use the file with the period first. Then, press Enter when
you're ready:
mv .test.rtf test.rtf
You might have to close and reopen the Finder window for the file
to be visible again.
Now, let's learn how the second method works. To hide a folder called Secrets
inside the Documents folder, follow these steps:
1. Open Terminal.
2. Change directory to the Documents folder using the cd command.
3. Enter the following command, followed by a space at the end (but don't
press Enter yet):
chflags hidden
4. Next, enter the folder's path if you know it, or drag and drop the folder into
Terminal, as shown in the following screenshot, so that the path will be
automatically entered:
5. You should see the full path after dragging and dropping the folder, at
which point you can go ahead and press Enter:
[ 714 ]
Using the Command Line Chapter 16
You can use the Tab key to autocomplete filenames, pathnames, and
command names in Terminal.
Use the Go to folder... option in Finder. Click on the Go menu item and
select Go to Folder.... Next, enter the exact folder path. You can type the
whole path, or if the folder is located in your user's home folder, you can
just use the abbreviated form; that is, ~/Desktop/Secrets:
To quickly view the folder or any other hidden items, you can use the
shortcut combination Command + Shift + . (period). As soon as you do that,
the folder will appear again in Finder, but in a slightly lighter color:
[ 715 ]
Using the Command Line Chapter 16
To undo what you just did and make the folder permanently visible again in Finder,
follow these steps:
1. Open Terminal.
2. This time, enter the chflags nohidden command, leaving a space at the
end (and don't press Enter yet).
3. You should now enter the path to the folder you want to uncover or use the
temporary method to make it visible through the Command + Shift + .
(period) key combination. Then, you should be able to drag and drop the
folder into the Terminal.
4. Once the path shows as complete in Terminal, press Enter; the folder will
be visible again in Finder.
In this section, we explored the command-line interface, as well as when and how
you can use it to perform a variety of advanced administration tasks in macOS. We
also saw how the command line works in macOS, the default shell that's currently
used, as well as additional shell commands. Moreover, we discovered how to uncover
hidden files and folders using this tool.
In the next section, we will look at the commands we can use to monitor and diagnose
the system.
To use this command, you need to restart your computer in single-user mode so that
the system disk is unmounted. You can review how to enter single-user mode by
rereading Chapter 3, The Startup Process.
Through the use of flags, you can perform extra actions. For example, the -f flag
forces journaled filesystems to be verified, such as HFS, while the -y flag answers
with "Yes" to any prompts fsck might encounter, so use it with caution. In the case of
APFS volumes, you can use the -n flag to verify without performing any repairs.
[ 716 ]
Using the Command Line Chapter 16
For example, once you are in single-user mode or you are sure your system disk is
unmounted, you could run the following command:
fsck_apfs -y
If there is a problem or the filesystem was altered in any way, you will see a message
stating File System Was Modified. -y is a flag that means "yes, repair any problems
encountered," without you needing to enter any additional commands yourself.
As we explained in Chapter 3, The Start Up Process, you should repeat the command
until the message "the volume appears to be OK" appears, as shown in the following
screenshot:
Once you see that message, you can make use of the command line to make the
necessary changes or fixes.
[ 717 ]
Using the Command Line Chapter 16
In this section, we looked at a brief, basic overview of the command line and how it
works. If you want to learn more about it, or about zsh in macOS, I have left a few
great resources in the Further reading section at the end of this chapter. You can also
check out Mac Linux Command Line Kick Start in 4 hours (https://www.packtpub.com/
product/mac-linux-command-line-kick-start-in-4-hours-for-beginnersvideo/
9781789130713), which is available in the Packt library (https://www.packtpub.com/
product/mac-linux-command-line-kick-start-in-4-hours-for-beginnersvideo/
9781789130713), to learn more about Linux commands.
And with this section, we have reached the end of this chapter. Make sure that you
review the summary for a quick recap of what was covered in this chapter.
Summary
Now that you have reached the end of this chapter, you know when and why you
should use the command-line tool in macOS. You also understand the structure of a
command line-string, when the sudo command should be used, and what the
command-line interface in macOS looks like. You can also run several commands to
perform a variety of advanced actions, such as for creating directories, changing
permissions and ownership, uncovering hidden files and folders, and more. You also
learned how to customize your Terminal app by using profiles, marks, and
bookmarks. You also know that you can choose different shells that will let you
access different "built-in" commands. Finally, you know how to verify the state of
your startup disk through the use of the fsck command.
This is also the last chapter of this book. At this stage, you are fully prepared to install
and configure macOS, manage users, manage user security and privacy, and manage
files, apps, documents, network services, sharing services, and system security. If you
will be taking the Apple Certified Support Professional examination, you are now
well prepared to succeed!
In the Appendix, we will offer some troubleshooting tips that can be very helpful in a
variety of situations.
[ 718 ]
Using the Command Line Chapter 16
Further reading
Falstad, P. (2014). The Z Shell Manual. Retrieved from http://zsh.sourceforge.net/
Doc/Release/The-Z-Shell-Manual.html#The-Z-Shell-Manual.
[ 719 ]
Troubleshooting Tips
In this Appendix, we will go through various FAQs related to common
troubleshooting issues. Although not every type of issue can be covered, we will
provide answers and practical suggestions for solving the most common types of
problems related to topics such as issues with apps, disks, volumes, and more; for
example, what to do if you have problems with a specific app; and what to do if a
disk shows unexpected behavior and seems to be corrupted; and so on.
The tools macOS provides and that will be frequently used for troubleshooting are
the Console and the Activity Monitor apps. Both can be accessed from
the /Applications/Utilities/ folder, though you can use Spotlight to locate
them quickly.
Some of the suggestions we will see here are for advanced users and include the use
of the Terminal app. Therefore, if you feel you cannot understand those suggestions
or feel uncomfortable manipulating some of the Mac tools or hardware, or if you still
have problems despite trying all the suggestions, you can always contact Apple
Support (https://getsupport.apple.com/), an Apple Store (https://www.apple.
com/retail/storelist/), or an Apple Authorized Service Provider (https://
locate.apple.com/).
Take these general steps into account when you're troubleshooting apps that are
experiencing issues. Follow them in order, going to the next step each time the
previous one proves unsuccessful:
Restart the app: If the app is not responding, we will explain how to force
the app to quit later in this section.
Open another known working document: This way, you can verify if the
problem is with the document or with the app itself. For example, if you
are working on a Word document, try to open a new document. If you are
able to open it and work on it without any problems, then it is likely that
the problem is with the other document, which is probably corrupted.
Some apps offer recovery options for corrupted documents, or you can
recover them from a backup if you have one.
Try working with another app to verify if it functions properly: This way,
you can verify if the problem is just with that app or with all the apps.
Try using another user account: This way, you can verify if the problem
happens only with your account or all the accounts on the system.
[ 721 ]
Troubleshooting Tips
Delete cache files: Usually, macOS takes care of this automatically. This is
not a procedure that you want to do regularly, and only if the previous
suggestions don't fix the problem. Cache files might need to be removed if
you're experiencing app performance problems. Follow these steps to
remove them:
1. Make sure you have a backup.
2. Quit any open apps.
3. Go to the Finder menu, select the Go menu option, and hold
down the Option key to reveal the current user Library folder
option. Click on Library. Look for the Caches folder and double-
click on it to open it, as shown in the following screenshot. An
alternative way to reach this folder even faster is to select
the Go menu option, select Go to Folder..., and
type ~/Library/Caches.
4. Choose the folder for the app with problems (for example, Maps)
and move that folder to Trash:
[ 722 ]
Troubleshooting Tips
3. Look for the .plist file you wish to remove; for example, the
Skype preferences file, as shown in the preceding screenshot.
4. Rename the file by adding _old or a similar prefix or suffix. This
is to make sure you can quickly restore the file if an error occurs
as a consequence of removing the file.
5. Open the app and make sure it's working properly. Once you
have verified this, you can permanently remove the old file to
the Trash, or if something went wrong, you can restore the file
by removing the newly created file from the Trash and restoring
the old file by removing the prefix or suffix you added.
6. Don't forget to empty the Trash.
[ 723 ]
Troubleshooting Tips
Check diagnostic reports and log files: You can access these logs through
the Console app. We'll explain these logs in more detail in
the Troubleshooting with logs section at the end of the Appendix.
Reinstall the app: If you can't fix the problem through the previous steps,
you don't want to risk manipulating resource files, or you are not sure how
to interpret logs, then uninstalling and reinstalling the app is the last
resource but still a good and effective option.
Activity Monitor shows you open apps and processes. This tool also shows historical
memory use since the last computer startup. Follow these steps:
[ 724 ]
Troubleshooting Tips
A low value is OK, and a high value indicates the Mac doesn't have enough real
memory for the app to run appropriately. To help you interpret these numbers more
easily, the Activity Monitor has a Memory Pressure graph at the bottom left, which
displays a color based on the free memory, swap rate, wired memory, and file cached
memory information. You can use these Memory Pressure colors to find out if your
computer is using memory efficiently:
From the Force Quit Applications dialog window: You can access this
window from the Apple ( ) menu, as shown in the following
screenshot, or by pressing Option + Command + Esc:
[ 725 ]
Troubleshooting Tips
From the Dock: If the app is not responding, you can right-click on its icon
on the Dock and force quit from there.
From the Activity Monitor: You can use this tool to force quit a non-
responding process or app. Follow these steps to do so:
1. Open Activity Monitor, as indicated at the beginning of the
Appendix.
2. Under the Process Name list, select the process or app you want
to quit. An unresponsive process or app will be marked with Not
Responding next to it.
3. Click the X button at the top, as shown in the following
screenshot.
4. You will see a dialog window with the options to Quit, Force
Quit, or Cancel. Choose Quit or Force Quit if the first option
does not work:
For an app to be compatible with Macs with the Apple M1 silicon chip, they need to
be of the Universal binary kind, which means they can run on both Intel-based Macs
as well as on M1 chip-based Macs.
[ 726 ]
Troubleshooting Tips
Follow these steps to find out if an app is optimized for M1 chip-based Macs; that is,
the Universal kind:
1. Open System Report through the Apple ( ) menu (pressing the Option key
to reveal the option) or by searching for it through Spotlight.
2. Scroll down to the Software section of the sidebar, as shown in the
following screenshot.
3. Select the Applications option nested below it, as shown here:
4. Click on the Kind column to verify if the app is of the Universal kind,
which means it is optimized.
What if the app I want to use in my Apple M1 Mac hasn't been optimized yet?
[ 727 ]
Troubleshooting Tips
If the app you want to run hasn't been optimized for Macs with the Apple M1 chip
yet, then another solution is to install the Rosetta 2 app to emulate the required
architecture. The system will automatically let you know you need to install it when
you try to run an app that's been not optimized for M1 Macs, as shown in the
following screenshot:
If you don't see the prompt to install Rosetta, you can install it from the Terminal,
which is currently the only other alternative. Follow these steps:
You can also use this command to accept the License Agreement without interacting
with Terminal:
softwareupdate --install-rosetta --agree-to-license
Rosetta will run in the background, and all you need to do is just open the app as
usual.
Problems with apps can be related to disk and volume issues, for example, if a file
won't open. In the next section, we'll examine some possible troubleshooting steps for
disk and volume problems.
[ 728 ]
Troubleshooting Tips
What is a helpful tool for troubleshooting and repairing partition and volume
issues?
Disk Utility First Aid is a feature that can help you verify and repair partition
schemes and volume directory structures. Disk Utility can detect and possibly repair
problems such as corrupted files, external devices not working properly, or the
system disk not successfully starting up the Mac. However, take into account that not
all disk problems can be repaired; for example, an input/output (I/O) error, as shown
in the following screenshot, from a real troubleshooting case, occurs when the system
is unable to communicate with the disk, and most likely means a hardware failure,
either in the disk itself or with a cable. If the problem is the disk, it's usually beyond
the Disk Utility First Aid's help. If you suspect that it's a hardware problem, you can
try using the Diagnostics tool. This procedure will be explained in the Troubleshooting
system and startup issues section, later in this Appendix:
[ 729 ]
Troubleshooting Tips
When you run Disk Utility First Aid, the tool checks the partitions and volumes on a
disk. It can also verify the contents of a single volume.
1. Access the macOS Recovery interface according to the right procedure for
Intel-based or Apple M1 Macs (more details on the corresponding
procedure can be found in Chapter 2, Installing and Configuring macOS).
2. Select Disk Utility from the Recovery interface and click Continue.
[ 730 ]
Troubleshooting Tips
3. Select the startup volume (usually, this is Macintosh HD) from the left-
hand side menu, click the First Aid button, and then click Run, as shown
here:
The disk appears to be OK or it has been repaired: This means there are
no other actions to take, and you can quit. But before that, you can click
on Show Details to see more information about any repairs that might
have been done:
[ 731 ]
Troubleshooting Tips
First Aid process failed: This means Disk Utility was unable to repair the
disk or volume. At this point, you can do any of the following:
Attempt to repair it again.
Back up the data, if possible.
Reinstall macOS and reformat the disk/volume in the
process, and restore your backed-up date after that:
[ 732 ]
Troubleshooting Tips
Overlapped extent location: This means two or more files occupy the same
space in the disk. At this point, you will need to verify each affected file
and either replace, recreate, or delete them. You will find an alias for the
corrupted files in a folder called DamagedFiles, located at the disk's root.
If you have a data volume (usually Macintosh HD – Data), check it with First Aid as
well, following the same procedure described.
To check any disk or volume (other than the startup disk or volume), you can use
Spotlight to quickly locate and open Disk Utility without using macOS Recovery and
then follow the same steps described earlier.
My Mac is unresponsive. What can I do to attempt to recover the data in the system
volume?
If your Mac is not working and you have important data that is not backed up, you
can use Target Disk mode to attempt to recover the data in the system
volume. However, take into account that you need another Mac computer for this.
Also, both Macs need to have FireWire, Thunderbolt, or a USB-C port to connect to
each other. This mode uses one computer as if it was just an external hard drive or
"target." For this to work, the Mac you want to use as a target should be able to turn
on, so this is not a good solution if the Mac is not turning on. This is also a good way
to transfer large amounts of data between two Macs.
[ 733 ]
Troubleshooting Tips
As such, Target Disk mode is not available on Macs with the Apple M1 chip;
however, they have a feature called Share Disk, which serves the same purpose.
Follow these steps to use it:
[ 734 ]
Troubleshooting Tips
5. Select the disk or volume you wish to share, and then click Start Sharing.
6. On the other Mac, open Finder and click on the Network folder on the
sidebar.
7. Double-click the icon of the Mac that is being shared. At this point, you will
see a dialog window asking you to Connect As. Select Guest, and then
click Connect. The shared volume will then mount.
8. You will now be able to transfer files between both computers.
9. When finished, click the Eject button on the Mac with the mounted volume.
Sometimes, the problem might not be the disk but the startup process. In the next
section, we'll examine how to proceed when this seems to be the case.
[ 735 ]
Troubleshooting Tips
Safe mode prevents certain items from loading when macOS starts up, including
login items, system extensions not required by macOS, and fonts not installed by
macOS. At the same time, when a Mac starts up in safe mode, the startup volume is
verified and system caches are deleted. Safe mode is useful when you are trying to
isolate problems that seem to be related to the system or startup.
1. Restart your Mac or turn it on. Press the Shift key as soon as it starts up and
release the key when you see the login window.
2. Log into your Mac or user account as usual.
3. If the Mac logs in without problems, it most likely means a startup item is
creating the problem. Restart in normal mode and check if the problem has
been resolved.
4. If the problem was resolved, it was probably just a cache problem that's
been fixed by safe mode.
5. If the problem hasn't been resolved, you should verify if a login item is
causing the problem. To do that, follow these steps:
1. Restart and log in as usual (not in Safe mode).
2. Open System Preferences and click on Users & Groups.
3. Select the user who has the problem and select the Login
Items tab.
4. If you have any login items, uncheck all the boxes to deactivate
them.
5. Activate one item at a time and restart the Mac to verify if the
login procedure proceeds successfully until you find the one
causing the problem.
6. If this does not resolve the problem, it could be something more serious
that might require reinstalling macOS or troubleshooting other areas, such
as the disk.
[ 736 ]
Troubleshooting Tips
Startup modes are different on Macs with the Apple M1 silicon. Instead of using key
combinations at startup, as you would normally access them on Intel-based Macs,
they are all accessed through the Power button. In addition, there are a few more
modes you can take advantage of besides the ones we already knew from Intel Macs.
For more information on the modes also available on Intel-based Macs, you can
review Chapter 3, The Startup Process. The modes available on M1 Macs are as
follows:
Safe mode
Verbose mode
DFU mode
Startup Manager
Recovery mode
Fallback Recovery mode
Diagnostics mode
[ 737 ]
Troubleshooting Tips
4. Press and hold the Shift key; you will see a Continue in Safe Mode button
appear below the startup disk. Click on that button and then release
the Shift key.
5. Follow steps 2 to 5 of the procedure for Safe mode on Intel-based Macs, as
explained earlier, to troubleshoot.
Please check out the important details about NVRAM on M1 Macs later in this
section.
The DFU or Device Firmware Update mode is actually a procedure that helps restore
or revive the firmware. We'll explain this procedure later in this section.
Startup Manager is now used to select which volume to boot from. It replaces
the Options key you used on your Intel-based Mac to choose the startup disk. You
access it by pressing and holding the Power button until the startup options and disks
are displayed, including any bootable disks.
Recovery mode is basically the same as on Intel-based Macs, but the procedure to
access it has changed. This procedure is explained in detail in Chapter 2, Installing
and Configuring macOS.
The Fallback Recovery mode is similar to the Recovery mode, but it doesn't include
the Startup Security Utilities menu option. This fallback is actually an additional
copy of the Recovery and is available for resiliency purposes. This means that if, for
some reason, you cannot access the usual Recovery mode, you have this additional
copy that you can try to access. Follow these steps to do so:
1. Turn off your Mac and press the Power button twice (do this quickly), but
hold down the Power button the second time until you see the startup
options screen.
2. You can release the Power button at that point.
You will be able to use the same options as the normal Recovery mode, except for the
Startup Security options.
The Diagnostics mode checks your hardware for errors. The procedure to start up in
diagnostics mode will be explained in the next question.
[ 738 ]
Troubleshooting Tips
Before visiting a technician or an Apple support outlet, you can use the Diagnostics
tool to check for hardware errors.
The most appropriate and safe way to turn off your Mac or restart it is to use
the Apple ( ) menu options. However, if your Mac is unresponsive, you can try the
following:
1. Make sure all your apps are closed; you can use Force Quit if they are
unresponsive, using any of the methods explained in the Troubleshooting
Apps section.
[ 739 ]
Troubleshooting Tips
2. If the previous method does not work and the Mac is still
unresponsive, you can force it to restart by pressing and holding the
Mac's Power button until it turns off.
If that happens, these are the general steps you can attempt for troubleshooting.
Follow them in order, going to the next step each time the previous step proves
unsuccessful:
1. Press the Power button for about 10 seconds and see if it turns on.
2. If it doesn't turn on, ensure the following:
1. Your Mac is securely plugged into a power source or has enough
battery life. You can also try another power outlet.
2. Make sure the power source cable is not damaged.
3. If you're using an external display, make sure it is plugged into a
power source and turned on. Also, you might want to verify if
the brightness is not dimmed on either the external or internal
display.
3. Reset the System Management Controller (SMC). This
system controls your power, battery, fans, indicator lights, and other
features. Resetting it may help with issues related to those components.
The procedure to reset this controller will depend on the type of Mac you
have:
For laptops with the T2 Chip (Intel-based Macs), follow these
steps:
1. Turn off the Mac.
2. Press and hold down Control + Option + Shift for about
7 seconds.
3. While still pressing down the previous keys, press
the Power button for another additional 7 seconds, and
then release all the keys.
4. Wait for a few seconds and press the Power button to
attempt to turn on the Mac.
[ 740 ]
Troubleshooting Tips
[ 741 ]
Troubleshooting Tips
1. Turn off the Mac and restart it while pressing Option + Command + P + R.
2. Release the keys after the following occurs:
After about 20 seconds have passed.
On Macs that play a startup sound, release after the second
sound.
On Macs with the T2 Security Chip, release after the logo
appears and disappears for a second time.
3. Once the Mac has finished starting up, go to the System Preferences menu
and reconfigure the reset options if necessary.
In the case of Apple M1 Silicon Macs, it is not possible to reset NVRAM using the key
combination mentioned earlier. Actually, you can't manually reset NVRAM
because your Mac does this automatically during startup, as needed. Earlier, we saw
that you can access Verbose mode through the Terminal and that the NVRAM
settings can be edited at this point; however, only use this option if you are an
advanced administrator; you could potentially break your system and be forced to
reinstall.
[ 742 ]
Troubleshooting Tips
macOS offers two processes to attempt to fix an unresponsive Mac after a power
outage has interrupted an update or installation process. The processes are revive and
restore. Let's look at them in more detail:
Take into account that these processes are intended for M1 and T2 chip Mac models.
To verify which M1 Mac models are currently supported and for detailed instructions
on this procedure, visit this link: https://support.apple.com/guide/apple-
configurator-2/apdd5f3c75ad/mac.
To verify which T2 chip Mac models are currently supported and for detailed
instructions on this procedure, visit this link: https://support.apple.com/guide/
apple-configurator-2/revive-or-restore-an-intel-based-mac-apdebea5be51/2.
13/mac/10.15.6.
My Mac shows a folder with a question mark during startup. What does that mean?
A folder with a question mark during startup means that the startup disk is not
available or that an operating system cannot be found.
Follow these steps to troubleshoot if the question mark appears only for a moment
before the Mac starts up:
[ 743 ]
Troubleshooting Tips
If the question mark persists and the startup process does not complete, follow these
steps:
1. Press and hold the Power button for a few seconds until the Mac turns off.
2. Turn on the Mac in Recovery mode (by pressing the Command + R key
combination at startup).
3. Click the Disk Utility option.
4. Select the system disk and click First Aid to attempt to repair it.
5. If the repair was successful or no errors were found but the question mark
persists, reinstall macOS from Recovery mode.
My Mac shows a prohibitory icon during startup. What does that mean?
If your Mac shows a prohibitory icon, which looks like a circle with a diagonal line
through it, this means your startup disk contains an operating system, but it is not
supported.
Follow the same steps described for the question mark to troubleshoot this issue as
well.
If, after trying all the previous suggestions, you still have problems, you can
always contact Apple Support (https://getsupport.apple.com/), an Apple Store
(https://www.apple.com/retail/storelist/), or an Apple Authorized Service
Provider (https://locate.apple.com/).
In this section, we looked at many questions regarding system and startup issues. In
the next section, we'll examine some possible troubleshooting tools for network
issues.
What are the most common issues that can interrupt network services on a
Mac?
How can you verify if your Mac is connecting effectively to another
network host?
[ 744 ]
Troubleshooting Tips
What are the most common issues that can interrupt network services on a Mac?
Local issues: This means that your network settings have been configured
incorrectly or that the computer has been disconnected from the network.
Network issues: This means that the problem might be at the ISP, DNS, or
DHCP server level. In this case, you can use Network Utility to perform
ping tests or the Lookup tab to test the resolution of the DNS server. We'll
show how to do this later in this section. Take into account, however, that
this tool is only available on macOS Catalina and earlier; it has been
deprecated on macOS Big Sur.
Services issues: This means that the problem is at the device or service
level. We can verify these types of problems by going to the Lookup tab
of Network Utility, as we'll see later in this section.
How can you verify if your Mac is connecting effectively to another network host?
For this issue, you can use the Ping feature in the Network Utility tool (macOS
Catalina and earlier). What this will do is verify basic connectivity by sending
a packet and waiting for it to be returned. This way, you can verify if the connection
to another network host is working. To do this, follow these steps:
[ 745 ]
Troubleshooting Tips
5. In the results window, you will see if the packets were transmitted
successfully and the percentage of packet loss.
Be sure to replace the text in brackets with the IP or hostname address you want to
ping.
How can you verify if your Mac is connecting effectively to a remote network host?
You can use the Traceroute feature in the Network Utility tool for this issue. This will
verify the connection hops between your computer and the remote host you are
trying to reach.
[ 746 ]
Troubleshooting Tips
5. In the results window, you will see important information, such as the
number of hops.
Be sure to replace the text in brackets with the hostname address you want to
traceroute.
You can use the Lookup feature in the Network Utility tool to do this. What this will
do is verify your DNS name resolution against the configured DNS server.
[ 747 ]
Troubleshooting Tips
5. In the results, you should see the name that the IP you've entered is
resolving to.
Be sure to replace the text in brackets with the IP or hostname address you want to
(reverse) look up.
[ 748 ]
Troubleshooting Tips
For Wi-Fi issues, you can use the Wireless Diagnostics app:
1. Open the Wireless Diagnostics app by pressing and holding the Option key,
then clicking on the Wi-Fi icon at the top menu bar on the right-hand side
of the screen and selecting Open Wireless Diagnostics.... Another quick
way to find it is by searching for the Wireless Diagnostics app in Spotlight.
Alternatively, you can also find it
at /System/Library/CoreServices/Applications/.
2. Once open, follow the instructions to perform an analysis.
3. When the analysis is complete, click the Info buttons for each item in the
list in the Summary to find out more about the possible issues.
In this section, we saw a few suggestions for dealing with network issues, but
sometimes, these issues are not with the network itself but with the service. In
the next section, we'll examine some troubleshooting tools for network services.
[ 749 ]
Troubleshooting Tips
There are three main methods to troubleshoot network services, and we advise you to
try them out in the order shown here:
Review the network preferences and make sure they are correct.
Review the Network Utility statistics to make sure everything works as
expected.
Connect to a different network service, as this helps you identify if the
service you are trying to connect to might be the one experiencing trouble,
not your network. If you can connect to another service, then it might mean
that the service is not available. We'll explain how to verify this shortly.
You can verify if a network service is available by completing the following steps:
If the results show no problems, this means that the service is available and
that the problem might be a firewall or ports not opening correctly. In that
case, proceed to step 3. If the results show errors or a poor connection, you
should verify your network settings and/or check them with your ISP
provider.
[ 750 ]
Troubleshooting Tips
3. Next, you can go to the Port Scan tab to verify that the specific service ports
are open. Enter your IP address and then enter the specific port or port
interval you want to verify; otherwise, the scan will verify all ports, and
this can take too long.
In the following screenshot, we want to verify which TPC ports are open in
the interval of 0 and 3000, so we will enter that interval in Only test ports
between:
4. The results show that there is one TCP port open (2968) and the service it
is open for (enpp).
To perform a similar verification using Terminal, open the Terminal app from
the Applications/Utilities folder and use the netstat or lsof commands. The
following is an example of using the netstat command:
netstat -ap tcp
There are many filtering options you can use with these commands and that you can
research further. In the preceding example, -a shows the active connections,
while p means protocols for tcp.
[ 751 ]
Troubleshooting Tips
The files I'm sharing don't appear in the other device's AirDrop browser. Why does
this happen?
On a macOS, two settings can prevent devices from showing up and sharing files
(this can change, depending on the model of the Mac):
If AirDrop has been configured to only accept users from your Contacts, then other
users' devices may not show up. If you do not see a device you want to connect to,
you can try changing the setting to Everyone instead, as shown in the following
screenshot:
On some Mac models, you might see a second setting that allows you to revert to the
previous discovery method, so that older Mac computers and Macs with older
versions of the OS might be discovered.
Don't forget that AirDrop only works with nearby devices; therefore, also make sure
the device is in close proximity (about 30 feet) and that Wi-Fi and Bluetooth have
been turned on on the devices.
[ 752 ]
Troubleshooting Tips
What is the most common reason why a peripheral won't appear in the System
Information report?
If a connected peripheral does not show in the System Information report, this
probably means there's been a hardware failure. You would have to verify if the
peripheral is connected and if the cable is not damaged, or if the peripheral itself is
not damaged.
Finally, we will explore another tool that's commonly used by experienced support
technicians for troubleshooting: logs. It's not a bad idea to start getting familiar with
them, especially if you plan to become a macOS support professional.
The Console app is where you will find all the logs for macOS, including installation,
Wi-Fi, and system logs. You can also find diagnostics reports that have been
generated by the system here. For example, you will find install.log, which helps
troubleshoot installation issues. It shows details such as when and where an
application, including macOS and its components, was installed or updated, if
authentication was granted (when required), and the user who installed the
application.
install.log can be accessed from the Window menu while macOS installation is
taking place so that you can follow it step by step. After installation, you can access it
from the Console app.
[ 753 ]
Troubleshooting Tips
Logs can help you identify corrupted app resources. Although rare, corrupted
resources can also cause app problems. You may identify the problematic resources
through diagnostic reports logs, which might give you hints about which resources
the app was trying to access when it crashed, for example. Resource files can be
located both in the user's Library home folder, which means they only affect that user,
or in the local Library folder, which affects all users. Once you have identified or
potentially identified the problem file, you can move it to a different place and try to
open the app to verify if the problem has been resolved.
[ 754 ]
Troubleshooting Tips
macOS has a feature in the Console app called "diagnostic reporting," which creates a
diagnostic report log every time an app crashes or is responsive. You can
find Diagnostic Reports in the Console app. You can also verify Crash Reports from
here, as shown in the following screenshot:
And with this section, we have reached the end of this Appendix. Be sure to check out
the summary for a recap of the topics that we covered.
Summary
In this Appendix, we looked at troubleshooting suggestions for common issues or
questions. You now know what steps you can take to attempt to fix various issues
related to apps, disks and volumes, system and startup issues, network issues, and
network services. Not every problem can be fixed, but these suggestions are a good
starting point for you to start troubleshooting; in many cases, the problems will be
solved. Some of the recommendations are indeed for advanced users, especially when
you need to interpret log reports or use the Network Utility, Terminal, or Console
apps.
[ 755 ]
Troubleshooting Tips
If you feel that you cannot understand those reports, feel uncomfortable
manipulating some of the tools or hardware described in this Appendix, or if you still
have problems despite trying all these suggestions, a good idea would be to contact
Apple Support (https://getsupport.apple.com/), an Apple Store (https://www.
apple.com/retail/storelist/), or an Apple Authorized Service Provider (https://
locate.apple.com/).
Further reading
Apple Inc. (2021). macOS User Guide. Consulted January 2021, from https://support.
apple.com/guide/macbook-pro/welcome/mac
Apple Computer Inc. (1996). About Networking on the Macintosh. Retrieved December 2019,
from http://mirror.informatimago.com/next/developer.apple.com/
documentation/mac/Networking/Networking-16.html#HEADING16-0
Apple Inc. (2021). Apple Developer. Consulted June 2020, from https://developer.
apple.com/
Apple Inc. (2021). Apple Developer Documentation. Consulted June 2020, from https://
developer.apple.com/documentation/
Apple Inc. (2021). Documentation Archive. Consulted June 2020, from https://
developer.apple.com/library/archive/navigation/
Apple Inc. (2021). Official Apple Support. Consulted June 2020, from https://support.
apple.com/
Joe Gervais. (n.d.). What is a VPN? Retrieved January 2020, from Norton website: https://
us.norton.com/internetsecurity-privacy-what-is-a-vpn.html
Karneboge, A., & Dreyer, A. (2020). macOS Support Essentials 10.15 (1st ed.). Peachpit
Press.
[ 756 ]
Troubleshooting Tips
Reddy Sailu, Aggarwal Anshu, Sayer Marjorie, Totty Brian, G. D. (2002). HTTP: The
Definitive Guide. O’Reilly Media, Inc.
Wendell Odom. (2011). The TCP/IP and OSI Networking Models. Retrieved February 2020,
from Cisco Press website: http://www.ciscopress.com/articles/article.asp?p=
1757634seqNum=2
[ 757 ]
Packt.com
Subscribe to our online digital library for full access to over 7,000 books and videos,
as well as industry leading tools to help you plan your personal development and
advance your career. For more information, please visit our website.
Why subscribe?
Spend less time learning and more time coding with practical eBooks and
Videos from over 4,000 industry professionals
Improve your learning with Skill Plans built especially for you
Did you know that Packt offers eBook versions of every book published, with PDF
and ePub files available? You can upgrade to the eBook version at www.packt.com and
as a print book customer, you are entitled to a discount on the eBook copy. Get in
touch with us at customercare@packtpub.com for more details.
At www.packt.com, you can also read a collection of free technical articles, sign up for
a range of free newsletters, and receive exclusive discounts and offers on Packt books
and eBooks.
Index
defragmentation 256
6 encryption 256
6to4 option 496 space sharing 255, 256
APFS volumes
A adding, to APFS container 282
About This Mac tool 260 converting 281, 282
access and ownership deleting 284
managing 304 erasing 284
Access Control Lists (ACLs) 299 using 280
access hierarchical rules app compatibility 383
about 299, 301 app compatibility, by macOS
examples 300 32-bit apps 383
Activation Lock 652 64-bit apps 383
Activity Monitor 96 Intel apps 384, 385, 386
ad hoc networks 521, 523 iOS and iPadOS apps 387
Address Book 558 universal apps 384, 385, 386
administrator user account 118 app environment, by macOS
advanced network configurations Native macOS 379, 380, 381, 382
802.1X configuration 544 open source 383
about 538 universal macOS binary 382
custom Wi-Fi configuration 540 Unix-based 382
manual TCP/IP configuration 541, 542 app extensions, types
NetBIOS/WINS 543 about 419
network proxies 544 Finder 419, 420
AirDrop Sharing menu 420
about 580, 615 app extensions
considerations 616 managing 418, 419, 421, 422
file, receiving 617, 618 app issues
file, sending 617 troubleshooting 721, 722, 723, 725, 726,
interface, opening 616 728
requisites 616 app sandboxing 655
aliases App Store
about 347, 348 about 388
creating, in macOS 351, 352 account, managing 395, 396
versus symbolic links 349 Apple ID 388
APFS advantages Apple ID, creating 390, 392, 393
about 254 Apple ID, creating without payment method
394 installing 396, 397
logging in 388, 390 installing, from App store 397, 398, 399
using 388 managing 396
Apple Developer manual updates 405
reference link 383 package, examining 403, 404
Apple File System (APFS) preference files, exploring 409
about 254, 259, 586 processes, monitoring 410, 411
features 254 through Launchpad 405
Apple Filing Protocol (AFP) 586 uninstalling 405
Apple ID account updating 404
creating 131, 132, 133, 134 updating, via App Store 404
Apple M1 chip Archive Utility 458
encryption 669 archiving, in macOS
Apple M1 silicon chip 653, 654 about 457
Apple Pay 580 ZIP archives 457, 458, 459, 460
Apple School Manager program 388 Assist Me 516
Apple T2 Security Chip 113, 114 Autosave
AppleDouble file format 356 about 447, 448
application security technologies using 447
about 655
app sandboxing 655 B
code signing 656 Berkeley Software Distribution (BSD) 7
file quarantine 656, 657 Big Sur 12
Gatekeeper 657 Bluetooth 494
malware detection 658 Bonjour 537
notarization 658, 659 bookmarks 699
apps sharing bridge 509
about 423, 424 bundle 403
family sharing 424, 426
apps, installation methods
drag and drop 400
C
Calendar app, network calendar services
packages, using 401, 402
CaiDAV 556
apps, processes
Calendar Web Pub/Sub 556
CPU 412
email invitations 556
disk 416
exchange-based 556
energy 414, 415
internet-based 556
memory 413, 414
Calendar app
network 417
network calendar services 555
apps
reference link 555
automatic updates 404
using 555
bundle, examining 403, 404
Carbon 379
custom uninstaller 406, 407
Card Distributed Authoring and Versioning
dragging, to trash 406
(CardDAV) 558
installation methods 400
Cocoa framework
installed, exploring 407, 408
about 379
[ 760 ]
multi-window document-based app 379 creating 696, 698
single-window library-style app 379
single-window utility app 379 D
Cocoa interface 379 data security
Code Plus Verification 673 in macOS 662
code signing 656 Department of Defense (DOD) 276
command-line interface (CLI) Department of Energy (DOE) 276
about 690 Desktop layer 488
in macOS 694 Device Firmware Update (DFU) 738
need for 691 disk and volume issues
command-line string troubleshooting 729, 730, 731, 733, 734,
structure 691, 692 735
command-line tool disk image's format
using 690 changing 466, 467
Complex Security Code 673 disk images
computer-to-computer networks 521 about 461
connection authentication methods, SFTP creating, with Disk Utility 462, 463, 464, 465
credentials 586 restoring, to disk 467, 469
SSH 586 usage 461
Console app 753 Disk Utility First Aid 729
Contacts app Disk Utility
about 558 about 261, 262, 263, 264, 265
reference link 558 disk images, creating with 462, 463, 464,
container 332 465
Continuity features disks
AirDrop 580 about 250
Apple Pay 580 managing, in macOS 260
Auto Unlock 577 document management
Cellular Calls 572, 574 about 439
Continuity Camera 575, 577 Autosave, using 447
Continuity Markup feature 571 in iCloud 452, 453, 454, 455
Continuity Sketch feature 571 Launch Services, using 440
Handoff 578 Locking, using 447
Instant Hotspot 581 Quick Actions, using 440
Sidecar 571 Quick Look features, using 440
Text Message Forwarding 571, 572 Resume, using 447
Universal Clipboard 579 Versions, using 447
continuity Domain Name System (DNS)
about 570 using 512
features 570 domains, macOS filesystem
customization examples, of permissions local domain 258
access, restricting to item 314, 315 network domain 259
folder permissions, propagating 315, 316, system domain 258
317 user domain 258
customized profiles drives 250
[ 761 ]
Dynamic Host Configuration Protocol (DHCP) enabling 427, 428, 429, 430
511 feature 425
Dynamic Inspector mode 305 purchase 431, 432, 433, 434
dynamic partition 261 purchase, sharing 435, 436, 437
purchase, stopping 437, 438, 439
E fast user switching 161, 162
ejecting Fast User Switching 94
about 286, 288 file flags 301, 302, 355
versus unmounting 285 file quarantine 656, 657
encryption, types file shares
about 662 connecting to 595
full-disk encryption 662 file system security policy
full-system encryption 662 in macOS 303, 304
encryption File Transfer Protocol (FTP) 491, 585
working, in macOS 662 file-sharing services
Energy Saver preferences 100 about 584
energy-saving features network file service protocols 585
battery preferences 100, 101, 102, 103, 104 FileVault, recovery access methods
Safe Sleep mode 105 iCloud account, using 668
sleep mode 99 local Recovery Key, resetting 668
Standby mode 105 user account password reset methods,
using 99 resetting 668
essential apps FileVault
automatic configuration 561, 563 about 663
manual configuration 565, 566 access, recovering 667
Ethernet 493 enabling 664, 665, 666
Ethernet Hardware Address (EHA) 501 initializing 90, 91
Exchange Web Services (EWS) 552 recovering 664
Extensible Firmware Interface (EFI) 251 recovery key, modifying 667
External Boot 652 turning off 666
external GPUs (eGPUs) 8 Find My 679, 680, 682
external installer, macOS Find My, options
createinstallmedia command, using 63, 64 device data, erasing 687
macOS installer, downloading from App store device sound, playing 684
62 device, locating on map 682, 684
volume/USB, formatting 60, 62 device, locking 685, 686
external media Finder 458
encrypting 669, 670 Finder Quick Look 409
firewall
F enabling 676, 678
FaceTime app FireWire 493
about 559 firmware password 648
reference link 559 Font Book 339
family sharing font resources
about 424, 426, 688 managing 339
[ 762 ]
fonts Hypertext Transfer Protocol (HTTP) 491
disabling 345, 346
duplicate fonts, resolving 343, 344 I
installing 340, 342 iCal 555
location preferences 342 iChat 559
original fonts, restoring 346 iCloud account
removing 345, 346 services, configuring with 567, 569
removing permanently 345 iCloud Drive 452
frame 488 iCloud Keychain
full-disk encryption 662 about 221, 222
full-system encryption 662 default keychain, working 223, 225
fundamental networking concepts enabling 226, 227
about 491 iCloud Security Code 671, 672, 673, 674
host 491 iCloud
IP addresses 504 about 81
Local Area Network (LAN) 500 features 81
MAC address 500, 503 Inspector (Info) window 304
network interfaces 492 institutional recovery key (IRK) 664
router address 509, 511 integrated development environment (IDE) 380
subnet masks 504 International Organization for Standardization
Wide Area Network (WAN) 500 (ISO) 486
Internet Account
G configuring 561
Gatekeeper 657 Internet Control Message Protocol (ICMP) 490
Globally Unique Identifier (GUID) 143 Internet Engineering Task Force (IETF) 24,
Group Containers 333 556
group user account 121 Internet Service Provider (ISP) 496
groups, in macOS Internet Sharing option 630
admin 298 interrupt network services, issues
staff 298 local issues 745
wheel 298 network issues 745
guest accounts 687 services issues 745
guest user account iOS apps
about 119 installing 399
characteristics 120 IP addresses
GUID Partition Table (GPT) 251 about 504
IPv4 504
H IPv6 505, 507
hidden files and folders, uncovering iPadOS apps
about 334 installing 399
Library folder, accessing permanently 338, item's ownership and permissions
339 modifying 306, 307, 309
Library folder, accessing temporarily 335, verifying 304, 306
336, 338
Hierarchical File System (HFS) 255
[ 763 ]
local user account password
J modifying 193
Java interface 379 modifying, through Security & Privacy
Java Runtime Environment (JRE) 380 preferences 195
Java version, for macOS modifying, through Users & Groups
reference link 380 preferences 194, 195
resetting 198, 207
K resetting, with Apple ID 204, 205
kernel extensions (kexts) 326, 639 resetting, with macOS Recovery 200, 201,
Keychain 190, 191, 221 202, 203
Keychain system 221 resetting, with Users & Groups preferences
keychain, types in macOS 198, 199
about 221 local user account
default keychains 221 about 116
other keychains 223 administrator user account 118, 119
system keychains 222, 223 group user account 121
keychain guest user account 119
creating 229, 230, 231 root user account 119
items, adding 231, 232, 233 sharing only account 120, 121
locking 233, 234, 235 standard user account 117
managing 228, 229 location services 241
password, modifying 236, 237 Locking
Safari information 238 about 449
using 447
L login keychain
Launch Services 440, 441, 442, 443 types 221
launchd process login options
about 94 automatic login 159, 160
files and processes 96 configuring 159
visualizing 96, 98 fast user switching 161, 162
Lightweight Directory Access Protocol (LDAP) Screen Time, using 162
558 loginwindow process
limiting usage, Screen Time about 90, 92
always allowed 172 logout 93, 94
app limits 170 restart 93, 94
content & privacy 172 shutdown 93, 94
downtime 168, 169 logs
Local Area Network (LAN) 500 troubleshooting 753, 754, 755
local keychain password, resetting options
iCloud, using 212, 213, 214, 215 M
recovery key, using 208, 209, 210, 211 Mac Catalyst 19
Reset Password assistant, using 215, 217 Mac computer
local keychain password identifying, for sharing services 614, 615
resetting 207 Mac model and specs
resetting, with FileVault enabled 207 finding 30, 32, 33
[ 764 ]
Mac Ports macOS filesystem and storage
URL 383 about 248
Mac additional formats 257
exploring 106 disks, versus partitions 249
Macintosh HD 251 disks, versus volumes 249
macOS 11.0.x (Big Sur) 28 formatting 249
macOS 15.6.x (Catalina) 29 general concepts 248
macOS application security partitions, versus disks 249
about 654 partitions, versus volumes 249
application security technologies 655 volumes, versus disks 249
non-notarized or unidentified app, opening volumes, versus partitions 249
660, 661 macOS filesystem
settings, verification 659, 660 about 252
macOS apps APFS advantages 254
about 378 domains 258
app compatibility 383 format 252, 253
app environment 378 volume format 254
macOS architecture, layers volume formats 253
Cocoa application layer 8 macOS general features
Core OS layer 9 built-in apps 10
core services layer 8 continuity 11
graphics and media layer 8 iCloud 11
Kernel and Device Drivers layer 9 mac app store 10
macOS architecture notifications 11
overview 7, 10 overview 10
macOS Big Sur, features Siri 11
Safari privacy report 639 spotlight 11
signed system volume (SSV) 638 macOS hardware security
system extensions 639 about 648
macOS Big Sur firmware password 648
features 12, 13, 14, 15, 16 T2 security chip 649, 650
manual upgrades 37, 38, 39, 40, 41, 42, 43 with Apple M1 silicon chip 653, 654
requisites 28, 29 macOS installation
macOS Catalina, features configuring 73
activation lock 640 iCloud configuration, benefits 81, 82, 83
app permission 640 Setup Assistant process 73, 75, 76, 77, 79,
built-in firewall 640 80
find my 640 system settings, adjusting 80
malware protection 640 macOS Mojave 19
read-only volume 639 macOS network configurations
System Integrity Protection (SIP) 640 about 513, 515
macOS Catalina connecting, to Wi-Fi 516, 519, 520
features 17, 18, 19 macOS partition maps
requisites 29 about 251, 252
security and privacy enhancements 20 Apple Partition Map (APM) 252
[ 765 ]
GUID Partition Map (GPT) 251 macOS tags
Master Boot Record (MBR) 251 advanced tag management 365, 366
macOS privacy creating 362
cross-site tracking 243 creating, from finder 362
Dictation service, using 245 creating, from preview file 363
location services 241, 242 deleting 364
managing 239 tagged items, viewing 359
security & privacy settings 239 using 358, 360, 361, 362
macOS Recovery interface macOS Terminal
accessing, in Mac with M1 chip 51, 52 using 695
accessing, with macOS Big Sur 50 macOS user security
macOS Recovery system, options about 670
Network Utility 49 family sharing 688
Startup Disk 48 Find My 679, 680, 682
Startup Security Utility 49 firewall, enabling 676, 678
Terminal and Reset Password 49 guest accounts 687
macOS Recovery system iCloud Security Code 671, 672, 673, 674
about 46 login options 675
accessing, with macOS Catalina 47 Screen Time 679
bootable installer, testing 65 two-factor authentication 671, 672, 673, 674
bootable installer, using 65 macOS version
reinstallation, performing with macOS Big Sur download link 39
Recovery 54, 56, 57, 58 features, exploring 12
reinstallation, performing with macOS Catalina macOS, CLI
Recovery 52, 54 about 694
macOS Recovery customized profiles, creating 696, 698
Time Machine backup, restoring with 481, macOS Terminal, using 695
482 marks and bookmarks, creating 698, 700,
macOS searching tools 701, 702
about 366 macOS, update types
Siri, using 372, 374, 375 software updates 66
Spotlight, using 366, 368, 370, 371, 372 macOS
macOS shared folders APFS volumes, using 280
Public and Drop Box folders 318, 319, 320 archiving 457
Shared folder 321, 322 automatic upgrades 34, 36
using 318 comparing, to operating systems 23, 24
macOS system security default shell 702, 703, 704, 705
about 638 disks, ejecting 284, 285
Bonjour/zero-configuration 646 disks, mounting 284, 285
features 638, 640 disks, unmounting 284, 285
mDNS security 646 external installer, using 58, 59
measures 641, 642, 643, 644, 645 file system security policy 303, 304
System Integrity Protection (SIP) 646, 648 file-sharing, enabling 588, 589, 591, 594,
macOS system 595
overview 7, 10 file-sharing, using 587
[ 766 ]
firmware updates 72, 73 Master Boot Record (MBR) 471
industry standards, exploring 24 Media Access Control (MAC) 500
installing 33 Messages app
IP configuration options 507 about 559
manual upgrades 37 reference link 559
metadata 354 Messages service
metadata, types 354 configuring 569
network services, types 550 metadata, types
network services, using 549, 550 additional extended attributes 357, 358
overview 21 AppleDouble file format 356
ownership and permissions 296, 297 file flags 355
partitions, examining 267, 268 file system tags 355
partitions, managing 267, 268, 269, 270 metadata
partitions, modifying 267, 269, 270 in macOS 354
password types 189 types, in macOS 354
primary system initialization stages 86 methods, for connecting to file shares
reinstalling 44 authentication 597, 599, 600
reinstalling, through macOS Recovery system automatic connections, creating 610, 612
46 automatic discovery 595, 597
reinstalling, via internet recovery 45 connection, through FTP share 605
storage, examining 260 Mac, connecting from Windows computer
system initialization process 86 605, 607
system updates 70, 71, 72 manual connection, through FTP share 603
updating 66 manual connection, through SMB and AFP
upgrading 34 600, 602
upgrading, through internet 43 Windows computer, connecting from Mac
user session stage 92 608, 609
version history, exploring 21 Migration Assistant
volumes, ejecting 284 about 180, 181
volumes, mounting 284 data, transferring from Windows PC 182, 183
volumes, unmounting 284 OS X Mavericks v10.9.5, executing 184, 186
Mail app Time Machine backup, restoring with 479,
about 551 480
email accounts, adding 566 mobile user account
features 551 about 122
reference link 551 characteristics 122
malware detection 658 modem 509
malware protection, technologies mounted share
Malware Removal Tool (MRT) 658 disconnecting from 615
XProtect 658 mounting 288
Malware Removal Tool (MRT) 640, 658 multicast DNS (mDNS) 24, 25, 646
manual restoration 187
marks 698 N
marks and bookmarks network file service protocols
creating 698, 700, 701, 702 Apple Filing Protocol (AFP) 586
[ 767 ]
File Transfer Protocol (FTP) 585 Reminder app 557
Network File System (NFS) 587 Safari 560
Server Message Block (SMB) 586 network services and apps
SFTP 586 configuring 561
World Wide Web Distributed Authoring and network services issues
Versioning (WebDav) 587 troubleshooting 749, 751, 752
Network Interface Card (NIC) 488 network services
network interfaces configuring 531
6to4 option 496 detection methods 550
about 492 in macOS 549
available options, identifying 497, 499 network types
Bluetooth 494 about 520
Ethernet 493 ad hoc networks 521, 523, 524
FireWire 493 enterprise networks 524
Point-to-Point Protocol over Ethernet network user account
(PPPoE) 496 about 122
Thunderbolt Bridge 494 characteristics 122
USB 495 Network Utility tool 745
Virtual Private Network 495 network-attached storage (NAS) 471
Wi-Fi 493 networking concepts 485
network issues networking models
troubleshooting 744, 746, 747, 748 about 486
network locations OSI reference model 486
about 525 TCP/IP model 489
configuring 526, 528, 530, 531 non-APFS partition
identifying 525 resizing 277
network protocols non-local user account
about 511 about 122
Domain Name System (DNS) 512 mobile user account 122
Dynamic Host Configuration Protocol (DHCP) network user account 122
511 non-system volumes
ICMP 513 ownership 310
Transmission Control Protocol (TCP) 512 nonvolatile random-access memory (NVRAM)
User Datagram Protocol (UDP) 512 742
network proxies notarization 658, 659
about 544, 546 Notes app
manual Ethernet configuration 546 about 552, 555
network services accounts features 552
about 550 reference link 552
Calendar app 555
Contacts app 558 O
FaceTime 559 Open Systems Interconnection (OSI) 486
Mail app 551 OSI reference model
Messages app 559 about 486
Notes app 552, 553, 555 Application layer 488
[ 768 ]
Data Link layer 488 granting 311, 312, 313
Network layer 488 modifying 311, 312, 313
Physical layer 487 Point-to-Point Protocol over Ethernet (PPPoE)
Presentation layer 488 496
Session layer 488 Point-to-Point Tunneling Protocol (PPTP) 496
ownership and permissions POSIX Access Control Lists (ACLs) 299
about 296 Power Nap 103
in macOS 296, 297 primary system initialization stages, in macOS
ownership tiers, types booter 87, 88, 89
everyone 298 BootROM firmware 87
group 298 kernel 89
owner 298 power-on stage 87
system launchd stage 89, 90
P processes
package 403 types 410
packets 488 Protocol Data Units (PDUs) 488
parameter RAM (PRAM) 742
partitions Q
about 250 Quick Actions 178, 446, 447
disk/volume, formatting 270 Quick Look 444, 445
disk/volume, partitioning 270
disks, erasing 273, 275 R
disks, reformatting 273, 275 Random Complex Security Code 673
managing, in macOS 260 Reminders app
non-APFS partition, adding 271, 272, 273 about 557
non-APFS partition, deleting 276, 278, 279, reference link 557
280 remote controlling, via Messages Screen
non-APFS partition, resizing 276, 277, 278, Sharing
279, 280 about 627, 628
password types, in macOS steps 627
about 189 remote controlling, via System Screen
Apple ID account and password 190 about 625
firmware password, configuring 218, 219, authentication methods 623, 624
220 benefits 621
Keychain password 190, 191 connecting, to remote Mac 622, 623
local user account password, modifying 193 enabling, steps 622
local user account password, resetting 198 settings, adjusting 626
managing 192 remote controlling
resource password 191 about 619
root password, modifying 196, 197, 198 enabling 619, 621
system firmware password 191, 192 via Apple Remote Desktop (ARD) 629
user account password 189 via Messages Screen Sharing 626
permissions via System Screen 621
customization examples 314 Resume
deleting 313 about 450, 451
[ 769 ]
using 447 sharing services
root password about 584, 629, 632, 633, 635
modifying 196, 197, 198 AirDrop 615
root user account 119 Bluetooth sharing 631
root user file-sharing services 584
disabling 156 file-sharing, using on macOS 587
enabling 151, 152, 154 Internet Sharing option 629
log in methods 154 Media Sharing option 635
logging in 154, 156 printer sharing 630
managing 151 shortcuts, macOS
router 509 about 346
aliases 347, 348
S creating 350, 352
Safari app hard links 349
features 560 symbolic links 349
reference link 561 types 347
Safe Boot 106 single-user mode 110, 111, 112, 696
Safe mode 106, 107, 108 Siri
sandboxed app using 373, 374, 375
about 332 software updates, macOS
working 332, 333 automatic App Store updates 67, 68, 69
sandboxing 331, 333 manual App Store updates 69
Screen Time update notification, disabling 67
about 679 Solid-State Drive (SSD) 250, 464
limiting usage 167 spotlight 366
tracking usage 164 Spotlight Suggestions 367
using 162, 164 Spotlight
sectionmacOS Big Sur, features using 367, 368, 370, 371, 372
App Store privacy 639 Stacks
Secure Boot using 176
about 106, 113, 114, 650, 651 standard user account
full security 650 about 117
medium security 650 Apple ID or iCloud account, using 130
no security 651 characteristics 117
Secure Shell (SSH) protocoL 586 creating 125, 127
Self Monitoring Analysis and Reporting new user account, setup 128, 129
Technology (S.M.A.R.T.) 264 turning, into administrator account 135
Server Message Block (SMB) 586 Standby mode
service configuration example reference link 105
VPN configuration 532, 535, 537 start up modes
Service Set Identifier (SSID) 517 Apple T2 Security Chip 113, 114
Setup Assistant 515 Safe mode 106, 107, 108
sharing only account Secure Boot 113, 114
about 120, 121 single-user mode 110, 111, 112
characteristics 120 using 106
[ 770 ]
Verbose mode 109 fonts 328, 329
Startup Security Utility 649, 651 frameworks 327, 328
Storage Management options LaunchAgents 330
Auto Empty Trash 292 LaunchDaemons 330
Clutter, reducing 292, 293 logs 330
Optimize Storage 291 preference files 329
Store in iCloud 291 system resources
storage space about 325
optimizing 289, 290 domains 331
structure, user home folder hidden files and folders, uncovering 334
desktop folder 176 managing 334
library folder 178, 179 system updates
public folder 179 security configuration updates 70
subnet masks 507, 508 system data files 70
sudo command 693, 694
superuser 119 T
Swift T2 security chip
about 25, 26 about 650
features 25, 26 Activation Lock 652
switch 509 capabilities 649
symbolic links External Boot 652
about 348 Secure Boot 650, 651
advantages 349 tagged items
versus aliases 349 finder search box 359
symlinks 349 finder sidebar 359
System Administrator 119 open or save document dialogs 360
system and startup issues viewing 359
troubleshooting 735, 737, 738, 739, 740, tags 355
741, 742, 744 Terminal shell commands
system diagnosing 716, 718 about 706
system extensions, types common commands 706, 708, 709, 710,
driver 327 711
endpoint 327 hidden files and folders, uncovering 711, 712
network 327 specific files and folders, hiding 713, 714,
System Information 265, 266 715, 716
System Integrity Protection (SIP) 258, 646, Thunderbolt Bridge 494
648 Time Machine backups
system keychains restoring 476
about 222, 223 restoring, with macOS Recovery 481, 482
types 222 restoring, with Migration Assistant 479, 480
System Management Controller (SMC) 740 specific items, restoring 478
system monitoring 716, 718 stopping 476
system resources, types in macOS Time Machine interface
about 325, 326 using 477
extensions 326 Time Machine
[ 771 ]
about 469 guest user, managing 157, 158, 159
configuring 472, 473, 474, 475 login options, configuring 159
used, for storing backup 470, 471, 472 managing 123, 124
using, for backups 469 root user, managing 151
Translation layer 488 Screen Time, using 164
Transmission Control Protocol (TCP) 490, 512 standard user account, creating 125, 127
Transmission Control Protocol/Internet Protocol User Datagram Protocol (UDP) 490, 512
(TCP/IP) model user environment 98
about 489, 491 user home folder
Application Layer 491 about 174
Data Link Layer 490 local account, deleting 180
IP Layer 490 local folder, migrating 180
Transport Layer 490 local folder, restoring 180
Transport Layer Security (TLS) 615 structure 174, 175, 176
two-factor authentication 671, 672, 673, 674 user session stage
about 92
U launchd process 94
universal macOS binary loginwindow process 92
about 382 user environment 98
reference link 382 Users & Groups, login options
Universal Serial Bus (USB) 495 automatic login 675
Universally Unique ID (UUID) 143 usernames, displaying 676
unlocked
local keychain password, resetting with V
FileVault enabled 207 Verbose mode 109
unmounted filesystems 111 Versions
unmounting about 449
about 286, 288 using 447
versus ejecting 285 Virtual LAN (VLAN) 500
usage, Screen Time Virtual Private Network (VPN) 492, 495
App Usage 164 volumes
notifications 166 about 250
pickups 166 ejecting 285
user accounts, types managing, in macOS 260
about 116 mounting 285
local user account 116 unmounting 285
user accounts
additional preferences, configuring 136, 137, W
138, 140 WebDAV 556
attributes 141, 142, 143 Wi-Fi 493
deleted accounts, restoring from disk image Wide Area Network (WLAN) 500
146, 149 Wide Web Distributed Authoring and Versioning
deleted accounts, restoring from users folder (WebDAV) 587
150, 151 widgets
deleting 144, 145 managing 421, 422
[ 772 ]
World Wide Developer Conference (WWDC)
12 Y
YARA
X reference link 658
Xcode app 380, 409
XProtect 658 Z
XQuartz 382 zero-configuration networking (zeroconf) 24
ZIP archives 457, 458, 459, 460