macOS for Linux admins (2022 refresh)
As I mentioned in my CompTIA blog post All About Linux and Linux+ ( https://www.comptia.org/blog/all-about-linux-and-linux ), Linux is essentially an open-source UNIX operating system. And since nearly all of the concepts, commands and files are identical between UNIX and Linux, anyone who works with Linux could easily administer a UNIX system.
The macOS operating system that runs on Apple computers is a flavor of UNIX. Thus, most of the concepts that you use when administering a Linux system are also applicable to macOS. It’s not uncommon to find Apple laptops running macOS within organizations today, or even Apple desktops within certain departments, such as Marketing, where they are often used for graphics and desktop publishing. Consequently, when applying for IT administration and support jobs that require a macOS skillset, Linux is a big benefit!
However, before supporting macOS within an organization, it’s important to understand the similarities and differences between Linux and macOS from an IT point-of-view. In this blog post, I’ll give you an overview of what macOS is, as well as the key similarities and differences between Linux and macOS.
macOS is also ~80% open source software. The underlying operating system is an open source operating system called Darwin that is largely maintained by descendents of the BSD UNIX community. Apple adds the remaining ~20% closed source components that comprise the graphical desktop and frameworks.
The kernel that macOS uses is called XNU (X is not UNIX). XNU is part MACH 3.0 microkernel, part BSD UNIX kernel (filesystem & networking), and part I/O Kit (an Apple driver framework). The XNU kernel and Darwin system are directly evolved from NeXTSTEP UNIX. When Apple purchased NeXT from Steve Jobs in the late 1990s, they essentially rebranded NeXTSTEP UNIX as Mac OS X (now called macOS). When you develop for macOS/iOS, you still use programming objects that inherit from NSObject (NeXT Software Object).
As of May 2022, macOS Monterey (12.4) is the latest version of macOS. Prior to macOS Sierra (10.12), macOS was called Mac OS X (10.0 - 10.11). Mac OS 9 and earlier (1980s-1990s) were not based on NeXTSTEP UNIX.
As shown below, macOS seems very similar to Linux. However, the app shortcut bar (called the Dock) is at the bottom and visible by default (the GNOME Dock is at the left and you must click Activities to see it).
The leftmost icon shown on the Dock is the Finder (file browser app), and nearly all system configuration can be performed by opening the System Preferences app (cog wheel icon). In addition to configuring desktop, network and firewall settings, you can also start network services such as SSH, FTP file sharing, and the Apache Web server using System Preferences.
You can navigate to Finder > Applications > Utilities > Terminal to open a command line shell. macOS uses the Z shell by default, but you can change it to Bash using the
chsh -s /bin/bash command.
Your macOS user account is a member of the admin group (equivalent to the wheel group in Linux) and has permission to run any command as root using
sudo (via a line in
/etc/sudoers). However, if you wish to switch to the root user using
su – to perform system administration, you must first assign the root user a password using the
The directory structure is very similar to Linux systems with some noticeable differences (e.g. home directories are under
/Users instead of
/home). Following is a list of common macOS directories:
/ApplicationsStores most user programs
/binContains binary programs that any user may execute
/devContain device files used to reference system devices
/etcContains most system configuration (symlink to /private/etc)
/LibraryContains program libraries, documentation, and app settings
/NetworkContains libraries and information from remote systems
/privateContains OS information that users should not normally view
/sbinContains superuser (root) executables
/SystemContains most system configuration & operating system files
/tmpContains temporary files used by apps (symlink to /private/tmp)
/UsersDefault location for all regular user home directories
/User InformationContains system documentation (symlink to /Library/Documentation)
/usrStores most executables (/usr/bin, /usr/sbin) and their documentation (/usr/share/man, /usr/share/doc)
/varContains log files and spool/content directories
/VolumesContains subdirectories used for mounting devices to
/User Information, and
/Users folders are shown in the graphical desktop by default. All other directories are hidden from normal view and may be viewed using a shell. Additionally, there is a
Library folder in each home directory that stores user-specific program libraries, documentation, and app settings.
Each application in macOS is contained within a single directory called a bundle. Bundles are directories with an
.app extension that appear as program icons in the Finder. When double-clicked, they launch the app contained within. You can use the open command to run a bundle from the command prompt. For example, open
/Applications/Firefox.app will start the Firefox Web browser. Like a Flatpak or Snap package, bundles contains all executable files, configuration files, and dependencies needed by an app. If you drag a bundle to the Trash, you will remove all files associated with the app (other than user-specific files and settings stored in your home directory). To look inside a bundle, run the cd bundlename.app command, or right-click the bundle in the Finder and choose Show Package Contents.
To view system events, macOS provides a central graphical log file viewer (
/Applications/Utilities/Console) that contains shortcuts to all major log files on the system. The
/Applications/Utilities/Activity Monitor program is the macOS equivalent of the top command in Linux and the Task Manager in Windows. It displays system statistics process information but can also be used to kill processes. Alternatively, you can right-click an app icon on the Dock and choose Force Quit to kill a process or use the Cmd+Option+Esc key combination to do the same. The Cmd key on a Mac is the same as the Windows key on a PC. You can hold down the Cmd+R keys during startup to interact with the macOS Recovery Tool in the event you need to repair or reinstall macOS from across the Internet.
Storage devices in macOS contain a single partition that is sliced into file systems. By default, the block device file
/dev/disk0 refers to the whole partition on the first storage device,
/dev/disk0s1 refers to the first slice (which usually contains the boot loader) and
/dev/disk0s3 refers to the third slice (which usually contains the
/ filesystem). macOS uses the Apple File System (APFS) to format slices. When you insert removable media (e.g. DVD or USB flash drive), the filesystem is automatically mounted to a subdirectory of
/Volumes and a symlink to it is placed in your Finder.
Network devices also have different names in macOS compared to Linux. The first wired or wireless Ethernet network interface is called en0, the second is called en1, and so on.
Nearly all commands (and command options) in Linux are identical in macOS. However, there are some notable additions and differences, as shown below in alphabetical order:
caffeinatePrevents a macOS system from entering power save / sleep mode
defaultsSets macOS system preferences
diskutilCreates, formats and checks macOS filesystems
dittoSame as the
cpcommand (also in macOS)
dsclManages users (and groups) on the system
dseditgroupManages groups on the system
dsenablerootEnables the root user by setting a password for it
jobsUnlike the same command in Linux, it summons Steve Jobs ;-)
launchctlStarts and stops macOS daemons and system components (equivalent to
networksetupConfigures network interface settings
newfs_typeCreates filesystems (type = exfat, apfs, and so on.)
nvramModifies Macintosh boot firmware
openExecutes a macOS application bundle
pdiskCreate Apple disk partitions.
pkgutilManages and queries macOS software packages
pmsetConfigures macOS power management settings
scutilChanges network locations (for firewall zones)
securityConfigures password storage and certificates
softwareupdateUpdates macOS system software
spctlModifies and displays macOS SecAssessment settings (the macOS equivalent to SELinux)
sw_versDisplays the version of macOS
sysctlModifies system settings
system_profilerDisplays macOS system hardware and software information
systemsetupConfigures macOS system and graphical display information
vm_statThe macOS equivalent of