launchctl Tutorial

Posted: December 5th, 2010 | Author: | Filed under: launchctl, Mac | Tags: , , , , , , , , , , , , , , , | No Comments »

launchctl allows users to start / stop applications that is typically processed via launchd. (MacOS’s equivalent of cron).

launchctl command configurations are stored as XML formatted .plist files located in directories /System/Library/LaunchAgents or /System/Library/LaunchDaemons for system wide start items, for user specific items the plist files are stored in ~/Library/LaunchAgents or ~/Library/LaunchDaemons directories.

Agents or Daemons?
An agent is a program that requires access to specific users’ information. A daemon is a program that runs in the background and requires generally no input from any user.

For more a comparison between Agents and Daemons refer to this Apple technote.

What is in a .plist?
A .plist file must contain at the very least the keys Label, ProgramArguments array and a key to tell launchd how the application is run eg KeepAlive, RunAtLoad for one time operations. or StartonMount, StartInterval, StartCalendarInterval for repeating occurrences.

A complete dictionary of all the property keys can be found here. A few things it can do is to monitor modified paths (via the key WatchPath), HardResourceLimits etc.

Here is an example for com.companyname.agentorapplicationname.plist, which runs the application full/path/to/binary every 60 seconds:

< ?xml version="1.0" encoding="UTF-8"?>
< !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" \

<plist version="1.0">
  <key>StartInterval 60</key>
  <true />

launctl operations

Command Description
launchctl list Lists the PID, status and name of loaded processes
launchctl list Output the runtime information (eg. PATH) of
launchctl start Starts
launchctl stop Stop
launchctl loads -w /path/example.plist Loads a process by its plist filename
launchctl unloads /path/example.plist Stop and unload a process by its plist filename
submit -l labelname -p /path/eg/binary -o /path2/stdout -e /path2/sterr Manually run binary under the label labelname with to specified stdout and sterr devices/files

How to start / stop AppleVNCServer via command line properly!

Posted: December 2nd, 2010 | Author: | Filed under: Mac, VNC | Tags: , , , , , | No Comments »

The recent versions of Apple MacOSX (10.5+) come with built in VNC Server which allows users to remote access the Mac graphically. With 10.5 there is a weird bug in the VNCServer, where in mid session, the process will increases its CPU load from a typical ~1 – 10% to 60%+ and locking up the session while it is at it. Typically AppleVNCServer can take about 25% CPU time on a G5 during normal Window dragging etc.

One can terminate the thread brutishly by issuing the command ps -ax | grep AppleVNCServer to find the offending PID and then kill it. The AppleVNCServer will restart assuming your Screen Sharing option is turned on.

However one can also do it elegantly via the launhctl interface.

The actual AppleVNCServer binary is buried in /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/. However it is controlled via the /System/Library/LaunchAgents/

AppleVNCServer doesn’t seem to accept any runtime flags.

To see if it is actually running run launchctl list.

To STOP a run away AppleVNCServer process: launchctl stop
To START AppleVNCServer via command line: launchctl start

If you reach this far, I assume you also know how to remote access a mac via ssh.

Netatalk authentication gotchas and diagnostic steps for Ubuntu 10.04

Posted: September 11th, 2010 | Author: | Filed under: netatalk, Ubuntu | Tags: , , , , , , , , , , | No Comments »

For some reason the netatalk package that is in the Ubuntu repository doesn’t come with any password authentication packages. So unless you want a fully non password appletalk setup on your Ubuntu server. DO NOT apt-get install netatalk!

I followed Mr. Kretschmann’s handy HowTo for installing Netatalk on Ubuntu. It seems to work for Ubuntu 10.04 (actually it should work with all linux distributions). However when I try login, I kept getting unknown username / password problem.

Here are my installation steps:

sudo apt-get source netatalk
sudo apt-get build-dep netatalk
sudo apt-get install cracklib2-dev
sudo apt-get install libssl-dev
cd netatalk-2*
sudo DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -rfakeroot
sudo dpkg -i ../netatalk-2*.deb
echo "netatalk hold" | sudo dpkg --set-selections

Here are my diagnostic steps:

  1. Check your afpd.conf and AppleVolumes.default files for any typos, especially when you are cutting and pasting!
  2. If you want to let each user to access his/her own directory, you should put
    ~/ "$u" allow:$u cnidscheme:cdb

    in AppleVolumes.default; $u is the variable for username; instead of username1/username2 combination as listed in the HowTo. The list of variable names is in the comment section of the file or here.

  3. Open Log File Viewer under System -> Administration. What this does is whenever there is any updates in any of the log files, the updated log file on the left will appear bold.
  4. What I encountered was my installation steps above only created the uams_dhx2*.so authentication libraries. My syslog file has these entries
    afpd[17919]: ASIP started on (2.0.5)
    afpd[17919]: uam: loading (/usr/lib/netatalk/
    afpd[17919]: uam: uam not found (status=-1)
    afpd[17919]: uam: loading (/usr/lib/netatalk/
    afpd[17919]: uam: uam not found (status=-1)
    afpd[17919]: Finished parsing Config File
  5. Go to /usr/lib/netatalk directory and verify which authentication modules you have. Update your afpd.conf appropriately. Mine is:
    - -transall -uamlist -savepassword -advertise_ssh

    dhx2 authentication is only supported by MacOSX machines, if you have OS9 or earlier you will have to have the others fall back to. I think it is much easier to use a normal MacOSX machine to do Appletalk though.

  6. I also noticed in with Netatalk 2.0.5 (vs 2.0.3 in the HowTo), there is a Time Machine support option in the AppleVolumes.default file. So an entry like this:
    ~/TimeMachine "$u" allow:$u cnidscheme:cdb options:usedots,upriv,tm

    would allow a per user login to have their own TimeMachine backup. or you can do it by ip via the $c variable. With that option enabled, I can run TimeMachine without having to create my own sparsebundle etc. You still have to issue the Defaults write TMShowUnsupportedNetworkVolumes 1 command in a terminal of the Mac you want to start TimeMachine though.

  7. Oh after each change, remember to run:
    /etc/init.d/netatalk stop
    /etc/init.d/netatalk start

    I find 2 commands work better than one command using the restart flag.