10.5-directory-info

From radmind

(Difference between revisions)

Revision as of 14:33, 8 November 2007

The following listing of directories and files for Mac OS X 10.5 has been compiled from discussions on the Radmind-users mailing list. It is not meant to be a negative transcrtipt in and of itself, but instead it is intended as a reference for on-going development of negative transcripts for Mac OS X 10.5.

/.Spotlight-V100/ Spotlight database directory. Every writable mounted volume gets one.

/.Trashes/ Every volume has its own .Trashes folder

/.fseventsd/ For FSEvents, a running log of all modifications made to the file system. Used by Time Machine and other applications that want to know what files have changed.

/.hotfiles.btree database of frequently-accessed small files

/.vol/ Used by Carbon applications

/Library/Application Support/Apple/ParentalControls/Users/ Items created for all local users. Probably can be actively managed.

/Library/Caches/ Cached information. Note: Can get large on a multi-user machine since items are created per user. Can be purged at any time.

/Library/Logs/ Console logs, crash reports, etc.

/Library/Managed Preferences/ Preferences that come from Workgroup Manager (MCX). Can be managed since they are recreated automatically as needed.

/Library/Preferences/DirectoryServices/ for local use, per system? override with site-specific positive transcripts for specific files? Possibly could be managed with Radmind. Could be harder to manage if binding to AD.

/Library/Preferences/SystemConfiguration/ May want to put the entire directory in the negative transcript and then only add on the few files that do not change or are not machine specific in positive ones. com.apple.Boot.plist may be the only file that is not dynamic or machine specific.

/Library/Preferences/SystemConfiguration/NetworkInterfaces.plist Rebuilt at boot, if missing. Lists available network interfaces (Ethernet, wireless, etc)

/Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist Recent Airport networks and other Airport settings. Could be managed on a desktop, but probably not on a mobile laptop.

/Library/Preferences/SystemConfiguration/com.apple.network.identification.plist Stores network information unique for the local computer

/Library/Preferences/SystemConfiguration/com.apple.smb.server.plist Info about local Kerberos realm and a NetBIOSName and Server Description based on the machine name.

/Library/Preferences/SystemConfiguration/preferences.plist Network Locations and config info about all network interfaces. Machine's Bonjour name, AppleTalk name, DHCP settings, etc.

/Library/Preferences/com.apple.SoftwareUpdate.plist Always changing, after every software update run

/Library/Preferences/com.apple.TimeMachine.plist Contains references to files in user accounts - probably items to exclude from Time Machine backups???

/Library/Preferences/com.apple.audio.DeviceSettings.plist Varies per computer, gets crazier if you're on a KVM?

/Library/Preferences/com.apple.audio.SystemSettings.plist New in Leopard?

/Library/Preferences/com.apple.loginwindow.plist Stores the username of the last logged-in user. Also contains settings for autologin, display of login window lists versus fields, login window text, etc. Probably best to manage with Radmind.

/Library/Preferences/com.apple.security.systemidentities.plist Could be machine specific??

/Library/Preferences/com.apple.smb.server.plist Stores SMB/CIFS server info unique for that local computer and network

/Library/Preferences/edu.mit.Kerberos for local use, per system, with Identity Services?

/Network/ Network share browsing and access

/System/Library/Caches Cached information (kernel cache, fonts). Helps speed bootup and other functions. Can be purged at any time.

/System/Library/Extensions/Caches/ /System/Library/Extensions/Caches/com.apple.kext.info New location for Extensions cache in 10.5. Replaces /System/Library/Extensions/Extensions.kextcache. Probably best to put the directory in the negative, not the file.

/System/Library/Extensions.mkext Part of the Extensions caching process. Delete this file when new items are added to /System/Library/Extensions so that it gets properly recreated.

/Users/ User home directories.

/Users/Shared/ Share User space. Required by some applicaitons. Make sure that this exists if you are not managing /Users entirely.

/Volumes/ Mount point for other volumes (local disks, some network shares, etc)

/cores/ If coring is enabled, here's where cores go.

/dev/ Mac OS X uses a devfs and fdesc filesystem to handle /dev and /dev/fd

/home/ used by autofs for home directory mounting

/net/ used by autofs for host mounting

/private/etc/auto_home Settings for auto_fs

/private/etc/auto_master Settings for auto_fs. If you comment out the entries for /home and /net, then those directories go away and do not need to be in a negative transcript.

/private/etc/cups/ppd/ Parsed PPD files being used by CUPS. Should be in negative if users can manage their own printers.

/private/etc/cups/printers.conf Printer configuration details for CUPS. Should be in negative if users can manage their own printers.

/private/etc/ssh_host_dsa_key

/private/etc/ssh_host_dsa_key.pub

/private/etc/ssh_host_key

/private/etc/ssh_host_key.pub

/private/etc/ssh_host_rsa_key

/private/etc/ssh_host_rsa_key.pub ssh authentication keys. For proper management, us sshd-key-gen.sh post-apply script

/private/tmp temporary files, managed by system

/private/var/agentx/ AgentX snmp protocol. Probably should be in positive.

/private/var/amavis/ anti-virus/antispam mail scanner for Mac OS X Server. Not on normally on clients. Probably should be in positive.

/private/var/at/ at jobs. Probably should be in positive.

/private/var/at/spool Spool location for at jobs. If using at, should probably be in negative.

/private/var/audit/ ????

/private/var/backups/ ????

/private/var/db/ May want to put the entire directory in the negative transcript and then only add on the few files that do not change or are not machine specific in positive ones.

/private/var/db/BootCache.playlist Cache used by Apple for ???

/private/var/db/CodeEquivalenceCandidates Used by Apple when installing updates to show that the old and new binaries are equivalent?? Seems to not change often.

/private/var/db/CodeEquivalenceDatabase Used by Apple when installing updates to show that the old and new binaries are equivalent?? Dynamically generated??

/private/var/db/DirectoryService/ Directory Services configuration.

/private/var/db/DirectoryService/flatfile.db Dynamically generated??

/private/var/db/PanicReporter Kernel panic reports??

/private/var/db/SystemEntropyCache Cache used by Apple for ???

/private/var/db/SystemKey Could be unique per machine

/private/var/db/crls Certificate Revocation LIsts???

/private/var/db/dhcpclient/leases DHCP leases

/private/var/db/dslocal/indices/Default/index Local directory for user accounts, groups, etc. Replaces NetInfo.

/private/var/db/dslocal/nodes/Default/ Local directory for user accounts, groups, etc. Replaces NetInfo. May be OK to manage this since each item is a separate plist file.

/private/var/db/dyld/ Cache files that replace prebinding that occured in previous versions of Mac OS X. Managed automatically by the OS.

/private/var/db/krb5kdc/ Data for the Local Kerberos Distribution Center (LKDC), which is presumably unique on each machine. But what about its non-unique contents, such as the .acl and .conf file?

/private/var/db/krb5dc/kdc.conf autogenerated by KDCSetup??

/private/var/db/ntp.drift Contains the latest estimate of clock frequency error for ntpd

/private/var/db/shadow/hash/ MD5 hashes of user passwords

/private/var/db/statd.status managed by rpc.statd(8)

/private/var/db/sudo/ sudo timestamps

/private/var/db/volinfo.database used by vsdbutil(8) which controls ownership/permissions on removable volumes

/private/var/folders Appears to contain various caches for fonts and icons???

/private/var/log system log directory. If you do not have this in the negative, all Radmind will erase all log files. Here's a standard list the files in the log. The syslogd will not create these if they are missing, so you must prime it with empty files via items in a negative transcript, if you want logs kept.

/private/var/log/alf.log

/private/var/log/asl.db

/private/var/log/cups/access_log

/private/var/log/cups/error_log

/private/var/log/daily.out

/private/var/log/install.log

/private/var/log/ipfw.log

/private/var/log/lastlog

/private/var/log/mail.log

/private/var/log/mb.log

/private/var/log/monthly.out

/private/var/log/seatbelt.log

/private/var/log/secure.log

/private/var/log/system.log

/private/var/log/weekly.out

/private/var/log/windowserver.log

/private/var/log/wtmp

/private/var/msgs/bounds Managed by msgs(1). Tracks which system messages have been viewed.

/private/var/radmind/client/ Radmind's client files - command files and transcripts. Managed by ktcheck.

/private/var/run/ where pid information is stored for running processes

/private/var/samba/shares/ contains data for samba shares, including per-user items. contents created with the user account?

/private/var/spool/ spool directories for fax, printing (cups), and mail (postfix, etc)

/private/var/spool/cups/cache/ spool for CUPS printing queues

/private/var/tmp Temporary items, managed by the system

/private/var/virusmails/ Associated with amavis or clamav??

/private/var/vm Virtual memory swap files

/usr/share/servermanagerd/ Found on Mac OS X 10.5 client. This is the for the Server Manager Daemon for Mac OS X Server. No servermanagerd is on client. Could be removed entirely?

/usr/share/wikid/ Found on Mac OS X 10.5 client. This is the for the Wiki Server Daemon for Mac OS X Server. No wikid is on client. Could be removed entirely?

/usr/X11/var/cache/ font caches and other cached data for X11

10.5-directory-info

From radmind

Revision as of 14:33, 8 November 2007

Views

Personal tools

Navigation

Search

Toolbox

@@ Line 1: / Line 1: @@
-The following listing of directories and files for Mac OS X 10.5 has been compiled from discussions on the Radmind-users mailing list.  It is intended as a reference for on-going development of negative transcripts for Mac OS X 10.5.
+The following listing of directories and files for Mac OS X 10.5 has been compiled from discussions on the Radmind-users mailing list.   It is not meant to be a negative transcrtipt in and of itself, but instead it is intended as a reference for on-going development of negative transcripts for Mac OS X 10.5.
+'''/.Spotlight-V100/'''
+Spotlight database directory. Every writable mounted volume gets one.
+'''/.Trashes/'''
+Every volume has its own .Trashes folder
+'''/.fseventsd/'''
+For FSEvents, a running log of all modifications made to the file system.  Used by Time Machine and other applications that want to know what files have changed.
+'''/.hotfiles.btree'''
+database of frequently-accessed small files
+'''/.vol/'''
+Used by Carbon applications
 '''/Library/Application Support/Apple/ParentalControls/Users/'''
 Items created for all local users.  Probably can be actively managed.
+'''/Library/Caches/'''
+Cached information.  Note:  Can get large on a multi-user machine since items are created per user.  Can be purged at any time.
+'''/Library/Logs/'''
+Console logs, crash reports, etc.
 '''/Library/Managed Preferences/'''
@@ Line 28: / Line 49: @@
 '''/Library/Preferences/SystemConfiguration/preferences.plist'''
-Network Locations and config info about all network interfaces
+Network Locations and config info about all network interfaces.  Machine's Bonjour name, AppleTalk name, DHCP settings, etc.
 '''/Library/Preferences/com.apple.SoftwareUpdate.plist'''
@@ Line 54: / Line 75: @@
 '''/Library/Preferences/edu.mit.Kerberos'''
 for local use, per system, with Identity Services?
+'''/Network/'''
+Network share browsing and access
+'''/System/Library/Caches'''
+Cached information (kernel cache, fonts).  Helps speed bootup and other functions.  Can be purged at any time.
 '''/System/Library/Extensions/Caches/'''
@@ Line 59: / Line 86: @@
 New location for Extensions cache in 10.5.  Replaces /System/Library/Extensions/Extensions.kextcache.  Probably best to put the directory in the negative, not the file.
-'''/home'''
+'''/System/Library/Extensions.mkext'''
+Part of the Extensions caching process.  Delete this file when new items are added to /System/Library/Extensions so that it gets properly recreated.
+'''/Users/'''
+User home directories.
+'''/Users/Shared/'''
+Share User space.  Required by some applicaitons.  Make sure that this exists if you are not managing /Users entirely.
+'''/Volumes/'''
+Mount point for other volumes (local disks, some network shares, etc)
+'''/cores/'''
+If coring is enabled, here's where cores go.
+'''/dev/'''
+Mac OS X uses a devfs and fdesc filesystem to handle /dev and /dev/fd
+'''/home/'''
 used by autofs for home directory mounting
-'''/net'''
+'''/net/'''
 used by autofs for host mounting
@@ Line 70: / Line 115: @@
 '''/private/etc/auto_master'''
 Settings for auto_fs.  If you comment out the entries for /home and /net, then those directories go away and do not need to be in a negative transcript.
+'''/private/etc/cups/ppd/'''
+Parsed PPD files being used by CUPS.  Should be in negative if users can manage their own printers.
+'''/private/etc/cups/printers.conf'''
+Printer configuration details for CUPS.  Should be in negative if users can manage their own printers.
+'''/private/etc/ssh_host_dsa_key'''
+'''/private/etc/ssh_host_dsa_key.pub'''
+'''/private/etc/ssh_host_key'''
+'''/private/etc/ssh_host_key.pub'''
+'''/private/etc/ssh_host_rsa_key'''
+'''/private/etc/ssh_host_rsa_key.pub'''
+ssh authentication keys.  For proper management, us sshd-key-gen.sh post-apply script
+'''/private/tmp'''
+temporary files, managed by system
+'''/private/var/agentx/'''
+AgentX snmp protocol.  Probably should be in positive.
+'''/private/var/amavis/'''
+anti-virus/antispam mail scanner for Mac OS X Server.  Not on normally on clients.  Probably should be in positive.
+'''/private/var/at/'''
+at jobs.  Probably should be in positive.
+'''/private/var/at/spool'''
+Spool location for at jobs.  If using at, should probably be in negative.
+'''/private/var/audit/'''
+????
+'''/private/var/backups/'''
+????
 '''/private/var/db/'''
 May want to put the entire directory in the negative transcript and then only add on the few files that do not change or are not machine specific in positive ones.
+'''/private/var/db/BootCache.playlist'''
+Cache used by Apple for ???
 '''/private/var/db/CodeEquivalenceCandidates'''
@@ Line 88: / Line 176: @@
 '''/private/var/db/PanicReporter'''
 Kernel panic reports??
+'''/private/var/db/SystemEntropyCache'''
+Cache used by Apple for ???
 '''/private/var/db/SystemKey'''
@@ Line 94: / Line 185: @@
 '''/private/var/db/crls'''
 Certificate Revocation LIsts???
+'''/private/var/db/dhcpclient/leases'''
+DHCP leases
+'''/private/var/db/dslocal/indices/Default/index'''
+Local directory for user accounts, groups, etc.  Replaces NetInfo.
+'''/private/var/db/dslocal/nodes/Default/'''
+Local directory for user accounts, groups, etc.  Replaces NetInfo.  May be OK to manage this since each item is a separate plist file.
 '''/private/var/db/dyld/'''
@@ Line 104: / Line 204: @@
 autogenerated by KDCSetup??
-'''/private/var/samba/shares/'''
+'''/private/var/db/ntp.drift'''
-contains data for samba shares, including per-user items
+Contains the latest estimate of clock frequency error for ntpd
-'''/private/var/spool/'''
+'''/private/var/db/shadow/hash/'''
-spool directories for fax, printing (cups), and mail (postfix, etc)
+MD5 hashes of user passwords
-'''/private/var/agentx/'''
+'''/private/var/db/statd.status'''
-AgentX snmp protocol.  Probably should be in positive.
+managed by rpc.statd(8)
-'''/private/var/amavis/'''
+'''/private/var/db/sudo/'''
-anti-virus/antispam mail scanner for Mac OS X Server.  Not on normally on clients.  Probably should be in positive.
+sudo timestamps
-'''/private/var/at/'''
+'''/private/var/db/volinfo.database'''
-at jobs.  Probably should be in positive.
+used by vsdbutil(8) which controls ownership/permissions on removable volumes
-'''/private/var/at/spool'''
+'''/private/var/folders'''
-Spool location for at jobs.  If using at, should probably be in negative.
+Appears to contain various caches for fonts and icons???
-'''/private/var/audit/'''
+'''/private/var/log'''
-????
+system log directory.  If you do not have this in the negative, all Radmind will erase all log files.  Here's a standard list the files in the log.  The syslogd will not create these if they are missing, so you must prime it with empty files via items in a negative transcript, if you want logs kept.
-'''/private/var/backups/'''
+/private/var/log/alf.log
-????
+/private/var/log/asl.db
+/private/var/log/cups/access_log
+/private/var/log/cups/error_log
+/private/var/log/daily.out
+/private/var/log/install.log
+/private/var/log/ipfw.log
+/private/var/log/lastlog
+/private/var/log/mail.log
+/private/var/log/mb.log
+/private/var/log/monthly.out
+/private/var/log/seatbelt.log
+/private/var/log/secure.log
+/private/var/log/system.log
+/private/var/log/weekly.out
+/private/var/log/windowserver.log
+/private/var/log/wtmp
+'''/private/var/msgs/bounds'''
+Managed by msgs(1).  Tracks which system messages have been viewed.
+'''/private/var/radmind/client/'''
+Radmind's client files - command files and transcripts.  Managed by ktcheck.
+'''/private/var/run/'''
+where pid information is stored for running processes
 '''/private/var/samba/shares/'''
-seems to contain one file per local user?  contents created with the user account?
+contains data for samba shares, including per-user items.  contents created with the user account?
+'''/private/var/spool/'''
+spool directories for fax, printing (cups), and mail (postfix, etc)
+'''/private/var/spool/cups/cache/'''
+spool for CUPS printing queues
+'''/private/var/tmp'''
+Temporary items, managed by the system
 '''/private/var/virusmails/'''
 Associated with amavis or clamav??
+'''/private/var/vm'''
+Virtual memory swap files
 '''/usr/share/servermanagerd/'''