Mac OS X
»» home :: mac ::


Security conscious users will want to browse through the security configuration guide before booting their new computer.

Booting Mac OS X for the first time

  • Administrative Account

    Upon booting Mac OS X for the first time, you are asked to create a user account. This user account will have administrative privileges!

    1. For obvious security reasons, I don't like having administrative privileges for standard user accounts.
    2. Also, the administrative account should not have an obvious name, such as admin or administrator (be creative, herein marcel is a standard account and bob is an administrative account, these are fictitious names).
  • IP Address

    Register your computer onto the site network by visiting the following Web page:
  • Time Server

    If the machine resides on campus, you may want to set the NTP time server to, otherwise is a logical choice.
  • Software Updates

    Install the latest software updates: from the Apple menu, select "Software Update...", or on the command line, type the following: softwareupdate --download --all --install.

    After an update, you may want to verify and repair the disk permissions. For this, you will use Disk Utility, which can be found in the sub-folder Utilities of the Applications folder.

  • Developer tools

    Install the developer tools from the OS X Snow Leopard disc or download the latest version from Apple Web site (requires creating a free Web account). This will install the GNU toolchain (gcc, make, automake, autoconf, bison, m4, etc.) along with Xcode, the integrated development environment. If you are planning on developing iPhone, iPod touch and iPad applications, download the iPhone developer tools, which is a super-set of the Mac development tools. Once installed, you will find the developer tools in the directory Developer.

    See also: Programming Environment section below.

  • User Account

    Here are three ways to create user accounts depending on your needs.

    • The simplest method is to go to the System Preferences (from the Apple menu), select Accounts, click the lock, click the + sign, fill in the information. This panel also allows you to create new user groups.

    • If you need more options, for instance if you want to create a user account with a specific uid and gid (I like creating user accounts that match that of SITE infrastructure). You can either use the command line tools (see next item below) or you can download the Server Admin Tools (10.6.4). It's free, and although the name says server, you can use many of the tools to edit the localhost configuration. Once installed, you will find the tools in the sub-directory Server or the Applications directory. Use Workgroup Manager to create new user accounts or groups. Enter localhost for address, and the user name and password of your administrative account.

    • If you prefer using command line tools, here are the instructions. First, creating the group csistaff.
      dscl . -create /Groups/csistaff  gid 120
      dscl . -create /Groups/csistaff  passwd '*'
      Next, creating a user account, belonging to the group csistaff.
      dscl . -create /Users/marcel uid 142
      dscl . -create /Users/marcel gid 120
      dscl . -create /Users/marcel shell /bin/bash
      dscl . -create /Users/marcel home /Users/marcel
      dscl . -create /Users/marcel realname "Marcel Turcotte"
      dscl . -create /Users/marcel password '*'
      passwd marcel
      sudo ditto --rsrc /Systems/Library/User\ Template/English.lproj /Users/marcel
      sudo chown -R marcel:csi staff /Users/marcel

Configuring your VPN

VPN access is restricted to uOttawa employees (also, you need to have access to your InfoWeb account).
  • Cisco has a VPN client that can be downloaded from here. But, 1) this application is not well integrated into the OS X environment and 2) upgrades of the OS are likely to break it (until a newer version of the client is released).
  • Alternatively, OS X supports Cisco IPSec VPN connections out of the box, contact me for the instructions.

Clean Installation

  • Boot from the OS X Snow Leopard disc. There are at least two ways to do this. Insert the disc, restart your computer, immediately hold down the "c" button on your keyboard, releasing the key when the Apple logo and the spinning beach ball appear. Alternatively, goto the System Preferences (from the Apple menu), select Start-up Disk, from the System panel, select the OS X Snow Leopard disc.
  • On the 'Select a Destination' screen, click 'Options' and select 'Erase and Install'. This is also the screen for selecting the format of the disk (case sensitive or not).
  • I was hoping to setup an OS X Extended Journaled Case-Sensitive file system, however, some people have reported issues installing applications such as Adobe Creative Suite 2. Therefore, I have always used the default file system: OS X Extended Journaled.

Setting up firmware password

For workstations in public spaces or laptops, you may want to setup a firmware password. Start from the Snow Leopard Install DVD and choose Firmware Password Utility. Click the box requiring a password for booting the computer from another source than its hard disk and enter the password information.

Firmware  password screen capture

Securing sensitive data

Macports and Fink

Macports and Fink are two projects that aim to bring Unix Open Source software to Mac OS. I tried both environments, and I am now using Macports (which seems to have some support from Apple). Some of the applications that I like to have are: recode (recoding files from one character set to another), wget and aspell (spell checker).

Administrative Commands

Since your user account has no admnistrative privileges (meaning that it is not listed in /etc/sudoers), you cannot use sudo for executing administrative commands. In a shell, you must first su to your administrative account (say bob), and then use sudo.
  • su - bob
  • sudo cmd...
You could also use the "fast user switching menu", but this is generally an overkill.

Configuring your account for the first time

  • Enable Web sharing: System Preferences -> Sharing
  • Enable remote login (ssh): System Preferences -> Sharing
  • Enable fast user switching: System Preferences -> Accounts
  • Use PDF, instead of PNG, for the screen captures:
    defaults write type pdf
    killall SystemUIServer 
  • Adding a message onto the login screen:
    sudo - bob
    sudo defaults write /Library/Preferences/ LoginwindowText -string "..."
    where ... is "School of Information Technology and Engineering, Faculty of Engineering, University of Ottawa, Ottawa (Ontario) Canada".
  • Changing the login screen background:
    sudo - bob
    sudo defaults write /Library/Preferences/ DesktopPicture "/Library/Desktop Pictures/Black & White/Lightning.jpg"
  • If you would like to use the command locate on the command line for finding file names quickly then you need to build the necessary database:
    su - bob
    sudo launchctl load -w /System/Library/LaunchDaemons/
  • If you are creating user accounts for running certain applications, you may want not want them to be listed on the login window.
    su - bob
    sudo defaults write /Library/Preferences/ HiddenUsersList -array-add shortname1 shortname2 shortname3
    A new entry will appear in the login window labeled "Other", this allows entering credentials for accounts that are not listed. If you want to prevent that:
    su - bob
    sudo /usr/bin/defaults write /Library/Preferences/ SHOWOTHERUSERS_MANAGED -bool FALSE
  • Also from the System Preferences

    You may want to enable tap to click, as well as 2, 3, 4 fingers gestures, for laptops.

    Enable Exposé and Spaces.

Programming Environment

  • Program Editors

  • Integrated Development Environment (IDE)

  • Programming Languages

  • Building Applications Using Xcode

    Dev Tools Group Warning

    In Xcode, in order to build applications, your account must be a member of the Developer Tools group, otherwise you will be prompted to enter the name and password of the administrative account, as shown above (Type the name and password of a user in the "Developer Tools" group to allow Developer Tools Access to make changes).

    In order to add your account to that group, type the following two commands in a shell.

    su - bob
    sudo dscl . append /Groups/_developer GroupMembership marcel

    Alternatively, you can use the Server Admin Tools if you have it installed (see User accounts section above).

  • Safari Develop/Debug menu

    Here is the command line to enable the developer's menu in Safari.
    defaults write IncludeDebugMenu 1

Scientific and non-scientific writing



OS X, iPhone, iPod touch and iPad integration

See also: iPad

Running Windows and Linux on your Mac


In 2005, I made the switch from Solaris and Linux to OS X. I found Mac OS X for Unix Geeks truly useful. Although OS X is very intuitive, in order to really appreciate how the environment can contribute to your productivity, I recommend reading Mac OS X Snow Leopard: The Missing Manual.

Stay away from these applications

  • SOHO Notes (Mac), NoteLife (iPhone & iPod touch)
    At least in my set up, which involves 3 macs synchronizing with MobileMe, as well as an iPod touch and iPad synchronizing over the air, the application keeps duplicating my notes!