For most people, the Mac's OS X is all about the graphical user interface. But system administrators and power users know that the Mac's command-line interface can be a powerful time saver and, in many cases, the only method to accomplish certain tasks. The command shell itself, delivered by Apple's included lTerminal program, is a wonder of open source. Bash -- for "Bourne again shell" -- was developed by free-software guru Brian Fox. It's widely used on operating systems of all kinds, including iOS, Linux, Unix, and mainframes. There's already a huge brain trust of tool knowledge around using Bash as a systems administrator's command shell.

But OS X brings its unique capabilities to the command-line table, in the form of utilities that leverage OS X's user interface, file system, and security capabilities. I've scoured the Internet for the best of the best of these utilities. Some you may already know, but others are sure to make you sit up and exclaim, "Sweet!"

[ For tips and tools on managing an enterprise Mac fleet, download InfoWorld's free "Business Mac" Deep Dive PDF special report today. | See InfoWorld's slideshow tour of OS X Mountain Lion's top 25 features and test your Apple smarts with our | Keep up with key Apple technologies with the Technology: Apple newsletter. ]

What follows is an alphabetical list of the 20 best command-line gems, with enough description to put you on the path to using their productivity riches. All commands, unless otherwise noted, run on all versions of OS X since 10.4 Tiger. For most of these commands, you can get more documentation using the "manpage" system: Type man followed by the command name. For example, man lsof displays the manual page for the List Open Files command.

1. airport: Scan your local wireless environment from the command line

When you click the Wi-Fi icon in OS X's menu bar (called AirPort before OS X Lion), you get a list of available wireless networks. The airport command-line utility does the same and a lot more. It shows you the numeric signal strength for every access point, the channel used, and the encryption level, if any.

Alas, the airport command-line utility is buried deep in the System directory (aka System folder when using OS X's GUI). But you can create a symbolic link to it using the one-time command below. Then just type airport -s in the Terminal's command line to get the detailed scan report. (Hint: If you don't get any output, turn Wi-Fi on in the Network system preference.)

To create a symbolic link to the airport command:

$ sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport

To run a wireless scan:

$ airport -s

Sample results:


air4 90:84:0d:c2:c2:c2 -74 1 Y US WPA2 (PSK/TKIP/TKIP)

MY408G1 00:26:b8:c2:c2:c2 -82 6 Y US WEP

air4 00:24:36:c2:c2:c2 -27 11 Y US WPA (PSK/TKIP/TKIP)

G00NOO7 00:18:01:c2:c2:c2 -70 11 N US WEP

air4 5G 90:84:0d:c2:c2:c2 -87 36,+1 Y US WPA2 (PSK/AES,TKIP/TKIP)

air4 5G 00:24:36:c2:c2:c2 -35 157,+1 Y US WPA2 (PSK/AES,TKIP/TKIP)

2. caffeinate: Prevent a system from sleeping

This command is new in OS X Mountan Lion. Let's say you started a long-running file transfer just before lunch and don't want your system to go to sleep. What do you do? Give it some caffeine! That's what caffeinate does. You can explicitly specify an elapsed period of wakefullness, in seconds, with the -u and -t options, or you can use caffeinate to invoke a command-line utility that you want to not be interrupted by sleep.

To prevent your Mac from sleeping for one hour (3,600 seconds):

$ caffeinate -u -t 3600

To prevent your Mac from sleeping until the secure file copy (scp) completes:

$ caffeinate -s scp bigfile me:myserver/bigfile

3. curl: Download a URL from the command line (copy URL)

A powerhouse of a command-line utility, curl lets you do many things, but the most handy capability is retrieving a file from a website. Just pass the URL to curl and tell it where to deliver the load via the --output option, as demonstrated below. You'll find curl can rename the file at the same time, or it can download entire website directories -- recursively, even. Copy the entire Internet if you want. The U.S. government does (via

$ curl --output ipad.pdf

4. DNS cache: How to clear it

Whenever a computer looks up a domain name, such as, it caches the answer so that all future requests can be satisfied without performing the entire DNS lookup process. But sometimes you want to clear this cache to force the DNS lookup to occur again, such as when the IP address for a particular domain name changes. OS X has three ways to do this, shown below, depending on which version of OS X you're running.

The opendiff command launches FileMerge to graphically compare files or directories

Note that for Lion and Mountain Lion, clearing the DNS cache requires administrative privileges and the sudo (Superuser Do) enabler.

In OS X 10.4 Tiger: $ lookupd -flushcache

In OS X 10.5 Leopard and OS X 10.6 Snow Leopard: $ dscacheutil -flushcache

In OS X 10.7 Lion and OS X 10.8 Mountain Lion: $ sudo killall -HUP mDNSResponder [and enter your password]

5. filetree: Show a textual file tree of subdirectories

The filetree command is wonderful. It prints out a nice text tree showing all the directories subsidiary to the directory your command line is currently in.

The only problem with this command: It doesn't exist. Fortunately, one of the wonders of Bash is that you can make your own commands, using Bash's alias function (thank you, Brian). Just type alias nameyourcommand="a bunch of commands piped together however you want". You can create the Filetree command on the spot. Below, you can see the complicated code that produces the filetree output. I have no idea how it works, and I don't care. Just let me type filetree instead of that crazy command line.

Note that just creating an alias doesn't make it permanent. When you close the Terminal window, all your command aliases go away. To "remember" them from session to session, you have to add them to the hidden .profile file in your home directory. You can edit that using the open command described in command-line utility No. 9 later in this article (that is, open -e ~/.profile):

$ alias filetree="ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'"

$ filetree

Sample results:



|---------Application Support




|---Full of






|---------Sky Data

|-----------Ambient Audio

6. locate: Quickly search file and folder names

The locate utility searches a special internal database of all publicly accessible pathnames that OS X maintains separately from the Spotlight search index. It's very fast to search, but the database is refreshed only periodically -- typically daily.

The first time you run the command, you may receive a warning that the database doesn't exist. The warning message will tell you the name of the command to activate locate's database and begin building it, a process that may take several hours. Once built, however, the database is quick and easy to search when you're trying to track down a folder, file, or application. Simply type the string you're searching for after the command name. Type man locate for full details on search syntax.

For example:

$ locate junko

might display:

/Scratch Area/junko

/Scratch Area/junko/BootCamp_3.1_32-bit.exe

/Scratch Area/junko/BootCamp_3.1_64-bit.exe

/Scratch Area/junko/EPSONPrinterDrivers2.2.dmg

/Scratch Area/junko/SecUpd2010-001.dmg

/Scratch Area/junko/SecUpdSrvr2010-001.dmg


/Users/mel/junko stuff

/Users/mel/junko stuff/.DS_Store


7. lsof: Reveal open TCP and UDP ports and the applications using them

When tracking down problems, particularly security-related issues, it's often helpful to know which applications are currently communicating on the network. The lsof (list open files) command does that. With the -i option, it lists all the open connections in progress and the names of the applications using them. The list can be long, and often you're only interested in applications that have established sessions, not partially open ones (for example, someone trying to sign on). To reduce the command's output, you can pipe it to the grep command and filter on the word ESTABLISHED to list only functional connections:

$ lsof -i | grep ESTABLISHED

It might display:

ScreenShare 865 adm ... TCP> (ESTABLISHED)

ScreenShare 866 adm ... TCP> (ESTABLISHED)

JobServ 922 adm ... TCP> (ESTABLISHED)

aosnotify 1101 adm ... TCP> (ESTABLISHED)

Mail 7601 adm ... TCP> (ESTABLISHED)

8. networksetup: Retrieve or set network configuration values

Network troubleshooting often requires examining a computer's network settings and possibly making changes to them to test various theories about what may be wrong. The networksetup tool lets you view all manner of network parameters, including IP addresses, available network interfaces, and more than 50 other variables. One setting you probably have to verify frequently is the list of DNS servers, especially in light of the recent malware that changed this list to point to malicious DNS servers. You can also turn Wi-Fi off or on.

The other 49 variables are assigned as homework; here's the variable to display the list of name servers in use for an interface (in this case, Ethernet):

$ networksetup -getdnsservers ethernet

It might display:

And to turn Wi-Fi on or off:

$ networksetup -setairportpower airport on

$ networksetup -setairportpower airport off

9. open: Launch applications and open Finder windows from the command line

One of OS X's most versatile commands, open facilitates smooth interaction between a command-line shell and the Mac's graphical user interface. From the command line, you can open a directory into a Finder window, open a document into an application, open a text file into a text editor for quick changes, and more.

To open a directory in a Finder window:

$ open /Users/mel/Documents

Open an application (case doesn't matter):

$ open itunes

To open a document in its default application for file type:

$ open Documents/myword.doc

To open a document in an application other than the one for file type:

$ open -a bbedit junko.txt

To open a file in TextEditor:

$ open -e mytext.rtf

To open a URL in the default browser:

$ open

10. opendiff: Compare and merge files and directores

opendiff takes two file or directory names as arguments and passes them to the little-known (because it's hidden) FileMerge utility in OS X's Utilities folder. FileMerge can find the differences between two text files, as well as compare two directories with the ability to merge them into a single directory that eliminates duplicate files. The syntax is simple and produces the display shown below:

$ opendiff Contract1.rtf Contract2.rtf

The top command sorted by CPU percentage

11. pgrep and pkill: Find or signal a program or processby name

The old way of finding a running program or process (a program can spawn multiple processes having the same name) was to run the ps command and pipe its output to grep. The pgrep command-line utility does all that in one step: Just specify the name of the process you seek as an argument.

You can also send a signal to a program the same way using pkill. Old Unix hands know that kill doesn't really mean to kill the processs; normally it's just a way to send a friendly nudge to a process to, for example, ask it to restart. But if necessary, pkill can actually kill a program if you use its -9 option.

To see if Safari is running:

$ pgrep Safari

It might display:

mel 75341 0.0 0.7 ... /Applications/

To kill Safari (now!):

$ pkill -9 Safari

12. qlmanage: Quick-look a file from the command line

Say you're about to delete a file from the command line. Is it anything you might regret deleting? Check first, using qlmanage with the -p option to see a preview of the file's contents, using OS X's Quick Look facility that's so handy when in the GUI. Or don't. It's your career, not mine.

If you just want a tiny look, use -t instead of -p. OK, -t isn't for "tiny" -- it's for "thumbnail." But thumbnails are tiny.

$ qlmanage -p OnlyCopyOfCriticalBusinessPlan.rtf

13. scp: Securely copy a file between two computers

Another popular command with Linux and Unix afficianados, scp (Secure Copy) is often overlooked by OS X administrators. Traditionally, you'd copy a file or a directory between systems using the Finder, which entails first configuring file sharing, then mounting the remote system's share point, then navigating two Finder windows to the desired source and destination folder, and finally dragging the desired files or folders from one window to the other.

You can accomplish all that in a single command with scp, which takes two arguments: a source file descriptor and a destination file descriptor.

For local files, the file descriptor is an ordinary path to the file, which if in the current directory and consists of just the file name. The remote file descriptor has three parts, in the form of [email protected]:filepath, where userID is the name of the user on the remote system, remotesystem is the name or IP address of the remote system, and filepath is a path to the file.

A neat feature of scp is that you can copy in either direction: Give the local file descriptor first to copy from local to remote; give the remote file descriptor first to copy from remote to local. The examples below show both methods, as well as how to copy entire folder hierarchies.

To copy from a local current directory to the remote system:

$ scp filename [email protected]:/path/to/filename

To copy from the remote system to the local current directory:

$ scp [email protected]:/path/to/filename ./

To copy an entire directory (the -r option indicates recursion):

$ scp -r directoryname [email protected]:/path/to/directory

14. scutil: Set the computer host name

Sometimes you want to change the name of a computer, but there doesn't seem to be an easy way to do this through any system preference or other graphical utility. You can do it with the very powerful scutil tool, although you must run the command three times to change the name in the three places where it resides.

You can do a lot more with scutil in the same way you can do a ton more than drive your car with a gallon of gasoline. Unless you know what you're doing, it's best to let scutil's other abilities stay in drawer.

$ sudo scutil --set ComputerName "newname"

$ sudo scutil --set LocalHostName "newname"

$ sudo scutil --set HostName "newname"

15. shutdown: Restart the Mac

System administrators sometimes have to restart computers when the owner isn't around. Sharing the screen isn't always convenient -- or even enabled. If you can get a remote command-line access to the target machine (such as via the ssh Secure Shell command), rebooting remotely is a cinch using the shutdown command. The -r option indicates you want to restart; without it, the Mac will power off. The now argument means just what it says: Do it now. You can also specify a date and time, in the form yymmddhhmm, to preset a delayed reboot.

$ shutdown -r now

16. sysctl: Get CPU information and other internal secrets

The official purpose of the sysctl utility is to get or set kernel state values. Unless you know what you're doing, you don't want to set kernel state values. But looking at them is harmless -- and can be informative.

For example, the example below displays the machine CPU type, which can be useful to know for certain system administration chores. You can use sysctl to control decisions in a Bash script as well. Run sysctl -a to get a list of all the kernel variables available for inspection. You might find some others you'd like to inspect.

For example:

$ sysctl -n machdep.cpu.brand_string

might display:

Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz

17. systemsetup: Perform various system configuration operations

The systemsetup command lets you retrieve and alter a wide range of configuration values normally set from the graphical System Preferences application. Run systemsetup help to get a complete list of options.

One popular setting is to configure a system to set its clock based on a network time source, as shown below. You'll undoubtedly find useful reasons to set other values.

$ systemsetup -setnetworktimeserver

18. textutil: Convert between various text file formats

Converting text file formats is a black art. In the ancient days before OS X, back in the 1990s, Apple included a text conversion program with what was then called System or Mac OS. In OS X, that program was replaced by textutil, which is even more useful because it can convert files with today's complex HTML, docs, and other formats.

To convert a file, just specify the -convert option, the new file type, the path to the source file, and the path to the output file using the -output option.

The example below shows how to convert a Microsoft Word file into HTML. textutil figures out the source file type automatically. If you want to see what textutil thinks your file's type is, use the -info option, also shown below. Though textutil isn't perfect, you gotta remember -- it's also not the 1990s.

To convert a Word document into HTML:

$ textutil -convert html MyWordFile -output /tmp/webfile.html

To display textutil's interpretation of a document's file format:

$ textutil -info MyWordFile

It might display:

Type: Word format

Size: 45568 bytes

Length: 4354 characters


Author: Mel Beckman

Last Editor: Mel Beckman



Created: 2012-07-08 09:11:00 -0700

Last Modified: 2012-09-13 11:52:00 -0700

Contents: Q. I have a question about wri...

19. top: Find the CPU hogs in your system

The top command is familiar to Linux and Unix users. It lists the busiest programs running on a system, helping you determine why a system might be running slowly. Apple's graphical Activity Monitor application does the same, but top gives you a quick look without leaving the command-line environment.

By default, top displays the first 20 programs in its list. The problem is that, for some reason, OS X's top sorts its list not in order of descending CPU usage but in order of descending process ID. To get the list in proper CPU usage order, add the -o cpu) option, as shown below. The top list also shows which programs are running and which are "sleeping" -- waiting for input/output operations to complete. When a system is slow, top usually reveals the culprit.

20. uptme: Show the time since last reboot and how busy the system is

If you need to know how long it's been since a Mac rebooted, uptme is the command for you. It shows the current time of day, plus the elapsed time since last reboot in days, hours, minutes, and seconds. For some reason, Windows doesn't have this command, but it probably isn't up long enough to matter.

Also, uptme shows the number of users logged in and the load averages (the number of processes waiting to run) of the system over the last one, five, and 15 minutes. What values are good or bad for load average depend on the number of CPUs available. A load average of 4 isn't bad for a quad-core Mac, but it would indicate a very busy single-core system.

For example:

$ uptime

might display:

16:04 up 721 days, 15:37, 2 users, load averages: 0.72 0.81 0.81

These are the 20 OS X command-line utilities you can get the most value from. Now it's up to you to do so!