Ry S asks:
Question
I am primarily using my Mac Mini as a server via several different protocols. In the name of efficiency & security, how do I prevent superfluous (for my purposes) services like BLUED, CUPS, etc. from starting automatically?
Thanks in advance- this site rocks!
Answer
It’s a matter of seeing who is starting what and why, but almost everything can be changed if you work hard enough.
First, ask yourself if this is something you need to do. Most services that aren’t active have been paged out and just the run loop portion of the code is in memory and running, which isn’t that bad of a tax on the CPU. If you’re doing it to do it, don’t.
However, if you’re seeing a problem, or absolutely need that last cycle out of your CPU, you can start turning things off that you’re not using. To do that, we need to know who started what.
Open up Activity Monitor and in the toolbar pick “All Processes, Hierarchically”. Now, sort by the PID column. You now see what programs started each other, and in approximately what order1 they came up. What action you take depends on the process that started the one in question.
Launchd
Anything that is a direct descendant of the launchd process can likely be controlled by finding the proper configuration file and either disabling it or moving it. To see if an item is loaded or not, you use the launchctl program. It will give you differing answers depending on what user runs it, so run it once as yourself and then once as root to see what’s been loaded by whom.
$ launchctl list
$ sudo launchctl list
com.apple.dashboard.advisory.fetch
com.apple.dnbobserverd
com.apple.dnbvolunteer
com.apple.KernelEventAgent
com.apple.mDNSResponder
com.apple.nibindd
com.apple.periodic-daily
com.apple.periodic-monthly
com.apple.periodic-weekly
com.apple.portmap
com.apple.syslogd
com.vix.cron
com.apple.distccd
com.apple.AEServer
org.postfix.master
org.xinetd.xinetd
com.openssh.sshd
Now, to turn an item on or off with launchctl just use the -w (write) flag when you do a load or unload command. This will cause launchd to modify the configuration file and add or remove the Disabled flag to the properties.
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.dnbvolunteer.plist
You must have write permission to the file for this to succeed, hence the use of sudo for the file in the example. You do not need sudo for launchd files you’ve made on your own and that you are the owner of.
Once you have the list of services you’re running, you can use the list below of what services are started by which files and where as of Mac OS X 10.4.8 to identify what it does and if you can/should turn it off.
/etc/mach_init.d
All of these items start at boot.
* ATSServer.plist — Apple Type Server. If you use the GUI, leave it alone.
* DirectoryService.plist — Used for authentication. Leave it alone.
* IIDCAssistant.plist — An audio plugin in the iSightAudio.plugin bundle. I’m guessing it has to do with the iSight’s microphone. Just a hunch.
* KerberosAutoConfig.plist — Used in Kerberos domains.
* WindowServer.plist — This makes the GUI. Leave it alone.
* chum.plist — Installed with the Developer Tools, the manual page says that it is a “CHUD helper daemon for provided authorized users access to priviledged kernel interfaces.”
* configd.plist — Used for network configuration and state monitoring, and a slew of other things. Leave it alone.
* coreaudiod.plist — What it says. Leave it alone.
* coreservicesd.plist — What it says. Leave it alone.
* dashboardadvisoryd.plist — Google it. It’s safe to turn off.
* diskarbitrationd.plist — The daemon that monitors disk appearance/removal and updates the system to reflect the physical state of the machine. Also known as the daemon that separates Mac OS X from Linux when it comes to disk management. Leave it alone.
* distnoted.plist — Distributed notification daemon. Do not touch. If you do, random things will go wonky on your system.
* hdiejectd.plist — Leave it be if you use disk images.
* kuncd.plist — Kernel notification server. Leave it alone.
* lookupd.plist — Handles all kinds of lookups for Mac OS X, such as users, groups, DNS, and other legacy crud. Leave it alone if you enjoy booting.
* mds.plist — Spotlight.
* memberd.plist — Handles management of ACLs, group privileges, and all that other fun stuff that came with Tiger. Leave it alone.
* notifyd.plist — The core of the Mac OS X notification server. Leave it be.
* ocspd.plist — OCSP server. It’s a part of the Keychain and certificate framework and I’d leave it alone.
* scsid.plist — What it looks like.
* securityd.plist — “Security context daemon for Authorization and cryptographic operations” says the manual page. Leave it be.
* translated.plist — Looks a lot like Rosetta stuff to me. No manual page and Google is empty. References junk in /usr/libexec/oah. Manually calling translate in the same directory strongly suggests it’s the Rosetta bootstrapper.
/etc/mach_init_per_user.d
These items start at login.
* AddressBookSharing.plist — What it says.
* CCacheServer.plist — Kerberos cache server.
* CoreMIDIServer.plist — What it says.
* Crash Reporter.plist — What it says.
* FontValidator.plist — A daemon in the ATS framework that, well, probably assists in validating fonts before they’re used.
* KerberosAgent.plist — Userland Kerberos client.
* MirrorAgent.plist — Backs up your iDisk and your Portable Home Directory with Mac OS X Server.
* Network Diagnostics.plist — Gives you that little window of possible screwups when you lose your network connection.
* PCIESlotCheck.plist — Listens for ExpressCard insertions.
* RemoteUI.plist — Front Row junk.
* airport_hookupd.plist — Joins AirPort networks for you when you least expect it.
* airportd.plist — Manages the AirPort connection.
* dmnotify.plist — Dot Mac Notifier Daemon. From looking at the binary, this looks like the Dot Mac backend program. You know how when you go to the Dot Mac preference pane it gets your iDisk size, lets you change the settings, knows which computers are setup to sync, and how developers can also use some Dot Mac services to help you out? This is the program the system frameworks are probably talking to that does all the communication with the Dot Mac servers. Harmless, unless you have Dot Mac, then it’s essential.
* syncuid.plist — The Sync Services UI handler program. When you get those Dot Mac sync conflict windows and such, this is the beast that’s running.
/System/Library/LaunchDaemons
These items start at boot, after the mach_init items.
* bootps.plist — Starts the bootp service, which handles DHCP and NetBooting.
* com.apple.KernelEventAgent.plist — Handles a variety of kernel-initiated events. Leave it be.
* com.apple.atrun.plist — Runs at commands for users. Kind of like cron but … not.
* com.apple.dashboard.advisory.fetch.plist — Gets the list of listed widgets from Apple.
* com.apple.dnbobserver.plist — Dedicated Network Build Observer. Part of the Developer Tools.
* com.apple.dnbvolunteer.plist — Dedicated Network Build Volunteer. Part of the Developer Tools.
* com.apple.mDNSResponder.plist — Rendezjourconf.
* com.apple.nibindd.plist — NetInfo binder. Used in multi-tier NetInfo networks. Since you’re running a NetInfo domain yourself, that would be you and any NetInfo server.
* com.apple.periodic-daily.plist — Daily maintainance.
* com.apple.periodic-monthly.plist — Monthly maintainence.
* com.apple.periodic-weekly.plist — Weekly maintainence.
* com.apple.portmap.plist — Used for RPC services like NFS.
* com.apple.syslogd.plist — The system log daemon. Leave it be.
* com.apple.xgridagentd.plist — The Xgrid Agent program. This handles the jobs a controller sends out.
* com.apple.xgridcontrollerd.plist — The Xgrid Controller program. Anyone can use it.
* com.vix.cron.plist — It’s … cron.
* comsat.plist — Hoppin hogs, there’s a @biff@ server in here.
* distccd.plist — Distributed CC listening daemon. Part of the Developer Tools.
* eppc.plist — Remote Apple Events server.
* exec.plist — An rexec server. Don’t use it unless you know the implications.
* finger.plist — A @finger@ server.
* ftp.plist — An FTP server.
* login.plist — An @rlogin@ server.
* nmbd.plist — Name service daemon for smbd.
* ntalk.plist — The new talk daemon. Compare to the old talk.
* org.isc.named.plist — A DNS server.
* org.postfix.master.plist — An SMTP server.
* org.xinetd.xinetd.plist — A “super-server” that has been made relatively unneeded by launchd. There’s still some things it can do that launchd cannot, however.
* printer.plist — CUPS LPD daemon. Listens for remote printing requests, such as Printer Sharing requests, and dumps them into the queue.
* shell.plist — An rsh daemon. Don’t use it unless you know the implications.
* smbd.plist — An SMB server which allows for Windows File Sharing.
* ssh.plist — An SSH server.
* swat.plist — SWAT allows for manual configuration of Samba over a web interface.
* telnet.plist — A @telnet@ server. Don’t use it unless you know the implications.
* tftp.plist — A @tftp@ server. Don’t use it unless you know the implications.
Window Server
If the parent process is the Window Server, then it was started by the Finder, most likely. This means things you started, or things in your Startup Items list (which you could have added to in the Accounts preference pane or by using the Dock menu item “Open at Login” on any item). There’s no list of things to do here other than clean out the Startup Items list.
But … don’t.
Mac OS X depends on a lot of things, especially these things. Removing them from service, while it may make you feel better to know you’re running “lighter”, may actually cause problems with Mac OS X. It’s good to know what things do, and what’s loaded and so on. However, changing that is something that should be done with research and forethought. If you’re not 100% certain of the function of a service, leave it the heck alone.
1 PIDs are recycled as they pass 65535, so it’s not 100% reliable, but it usually is on a desktop machine.
REFERENCES
http://www.macgeekery.com/gspot/2006-12/turning_off_unneeded_services