TweetFollow Us on Twitter

Mac In The Shell: Plumbing the Depths

Volume Number: 23 (2007)
Issue Number: 08
Column Tag: Mac In The Shell

Mac In The Shell: Plumbing the Depths

Finding hidden gems in application bundles

by Edward Marczak


With the advent of OS X, most Mac developers were introduced to the concept of bundles. More properly divided into bundles or packages, they both refer to a file-system directory that groups related resources together. This is true for frameworks (bundles: transparent structures that a user can easily access the contents of), applications (a package: an opaque bundle that requires work on the part of the user to open; contents are not easily modified), kernel extensions (another package), certain document types (check out Pages and Keynote, for example) and others. A bundle follows a very specific file layout, meaning, you'll know where to go find the goods. Follow along for a tour, and let's uncover some hidden apps.

Inside a Bundle

Those of us working with the Macintosh for a long enough period of time remember ResEdit, the resource format of OS 9, and all of the types we could store in the resource fork of a file. While OS X recognizes and respects the traditional dual-fork file, its format is deprecated, being replaced by the bundle. The purpose of a bundle is to keep the resources of an application, plug-in or framework in one place. This makes the contents easy to locate and easy to move without damage. What can go into a bundle? Well, technically anything, but you'll typically find the following types of data stored there:



Private libraries

String resources

Executable code

Naturally, it's the latter that interests us in this article.

Typically, to launch an application from a shell, you'd use the open command, like so:

open /Applications/

This will always run the application in the context of the user, even if launched from a root shell, as shown in figure 1:

Figure 1 – TextEdit running as a standard user.

Of course, there are times where you may want (or need) an app to be running with some elevated privileges. How can we achieve this? Time to go digging!

A Direct Launch

As mentioned, a bundle conforms to a specific layout. Listing 1 shows this hierarchy using TextEdit as an example.

Listing 1 – as bundle

The first item in all modern application bundles is the Contents folder. It is under this folder that all other objects reside. Within the Contents folder, you'll find an Info.plist file that tells the Finder many things about this bundle, including the bundle name, version, signature, applicable data types and more. You'll also find a Resources subdirectory, typically containing the images, sounds, movies and other resources used by the application. The application's executable itself resides in the MacOS subdirectory. If you are to look in there now, you'll find the TextEdit application. You can launch the application directly from here.

Gain a root shell using your preferred method, and launch the TextEdit application directly – not using open. Like this:

# /Applications/

Now let's have a look in Activity Monitor, and you'll see that it's running with root privileges.

Figure 2 – TextEdit running with root privileges

Of course, the real point of this is not so much running with root, but the fact that you can access these binaries from the shell in some meaningful way.

Where's the Plunger?

Well, launching TextEdit is nice and all, but, not extremely practical. I'd like to continue with two very real-world examples that have made a difference in my daily work. While every GUI application will have its "true" binary buried in the application package, it may also have any number of helper-apps or other binaries that the app relies on. These are typically found in the Resources directory of the bundle. The easiest way to find executables in a bundle would be, in a shell, to change into the bundle directory and use this handy find command:

find . -type f -perm -100

This will allow you to quickly scour Application and Framework bundles. For instance:

$ cd /System/Library/CoreServices/RemoteManagement/
$ find . -type f -perm -100
./Contents/Support/Remote Desktop Desktop Message

That's some wonderfully revealing information!

Secure Copy

The first really useful binary comes from the MacFUSE project. If you've installed MacFUSE core and the pre-compiled ssh filesystem, run our find command in the bundle. (If you haven't installed this, you should! It's an incredible resource. Find out more at Out of all the things we're returned, this turns out to be what we're looking for:


The sshfs-static binary lets us mount ssh file systems via a shell command rather than using the GUI app to do so. What's this good for? Automation, of course! In fact, you can use it to mount a remote ssh file system proactively, or in response to just about any event.

The easy thing to imagine is a nightly file copy. Mount the file system first, then, use ditto, rsync, or your preferred file moving method, and then unmount (using the standard umount command as, under OS X, there is no FUSE-specific unmounting needed). Better yet, though, think about a launchd job that watches a particular folder and perhaps copies files to a remote location as they show up in a source folder. Hmmmmmmm. So, how can we use this thing?

One way to make your life easier would be to symlink the sshfs-static binary to some appropriate location in your path. I'm going to run it straight from the application package, however, so for these examples, you'll need to change directly into the directory.

First, create a mount point for the file system. Then run the sshfs-static app and supply the following parameters:

-oreconnect,volname=name appearing in the Finder

The "reconnect" option, supplied with the -o switch isn't necessary, but does make things smoother if there's a network interruption and you're disconnected.

Since this all rides on top of ssh, ssh keys are respected. So, if you've generated some password-less keys, just like ssh, you won't be prompted for a password. Let's see this in action. First, I created /tmp/ssh as a mount point. Then, I used sshfs-static to mount a remote system:

$ ./sshfs-static /tmp/ssh -oreconnect,volname=wsweb
kextload: /System/Library/Filesystems/fusefs.fs/Support/fusefs.kext loaded successfully

...and let's take a look at it with mount:

$ mount
/dev/disk0s2 on / (local, journaled)
[snip] on /private/tmp/ssh (nodev, nosuid, synchronous, mounted by marczak)

Figure 3 shows the result of this in my Finder sidebar.

Figure 3: An ssh file system ("wsweb") as seen in the Finder

Very, very, very cool.

Network Probing

While 'black-hat' tools such as nmap sometimes get a bad rap, the fact is that tools like this are also perfect for system administrators when troubleshooting network issues. "Can I reach that port?" and "Is the target port open and responding?" are two of the most frequently asked questions when troubleshooting issues and planning network configurations. While I load nmap on my machine, I often find myself remotely accessing someone in need of assistance because his or her e-mail app "won't work" (residential ISPs typically block port 25) or iChat won't work in some manner (misconfigured/tightly restricted firewalls sometimes will block AIM or Google Talk/Jabber). It would, of course, be a chore and not very friendly to go load nmap and other tools onto someone else's system at that time. Is there a substitute built in to OS X?

Network to the rescue! Huh?!? You expected a shell utility, right? Well, there's one hidden in the very graphical Network that's found in your Utilities folder. Let's run our find command:

$ cd /Applications/Utilities/Network\
$ find . -type f -perm -100
./Contents/MacOS/Network Utility

Of course, we knew about MacOS/Network Utility, but Resources/stroke looks interesting! Nicely enough, the developer that wrote stroke was also kind enough to include a usage statement if you run it without parameters:

$ ./stroke 
2007-06-22 08:41:13.136 stroke[2113] stroke address startPort endPort
Let's see it in action:
./stroke 20 500
Port Scanning host:
         Open TCP Port:         22       pcanywherestat
         Open TCP Port:         25
         Open TCP Port:         53
         Open TCP Port:         80
         Open TCP Port:         106
         Open TCP Port:         110
         Open TCP Port:         119
         Open TCP Port:         139
         Open TCP Port:         143
         Open TCP Port:         311
         Open TCP Port:         389
         Open TCP Port:         427
         Open TCP Port:         443
         Open TCP Port:         445
         Open TCP Port:         465

Well, that's another useful tool that was buried, waiting for discovery. (Bonus points if you recognize the OS that I scanned).


The examples given here really only scratch the surface. There are plenty more hidden gems to be discovered. Take a look in your favorite applications. Dig in and see what you find! You will need to go hunt these utilities and helpers down yourself as they won't be in your shell's path.

Media of the month: Lost Season 1. OK, call me cheesy, but I really dig the show and am surprised at how many people have never given it a chance. Well, Summer is here and it's a great time to rent the DVDs and watch them at your own pace. If you're in the Southern Hemisphere, it's Winter....and what a great time to get under a blanket on the couch, sip some tea and watch a show...especially one that takes place on a tropical island! Enjoy.

WWDC 2007 has come and gone now, and got to reinforce the new concepts in Leopard. I hope everyone who went enjoyed the show, and will start practicing with the new tools and APIs...and have new tools, utilities and techniques ready for when Leopard ships. I've been plumbing the depths of the beta from the show, and have been pleasantly surprised.

Until next month, keep exploring!


Apple, Inc. "Bundle Programming Guide"

Ed Marczak gets dressed in the morning, drinks tea and enjoys breathing. All of this comes in handy in his role as Executive Editor of MacTech Magazine, or when running his consulting company Radiotope. They're also good features when around children. Why?


Community Search:
MacTech Search:

Software Updates via MacUpdate

Microsoft Office 2016 16.11 - Popular pr...
Microsoft Office 2016 - Unmistakably Office, designed for Mac. The new versions of Word, Excel, PowerPoint, Outlook, and OneNote provide the best of both worlds for Mac users - the familiar Office... Read more
Adobe Photoshop CC 2018 19.1.2 - Profess...
Photoshop CC 2018 is available as part of Adobe Creative Cloud for as little as $19.99/month (or $9.99/month if you're a previous Photoshop customer). Adobe Photoshop CC 2018, the industry standard... Read more
Adobe Dreamweaver CC 2018 -...
Dreamweaver CC 2018 is available as part of Adobe Creative Cloud for as little as $19.99/month (or $9.99/month if you're a previous Dreamweaver customer). Adobe Dreamweaver CC 2018 allows you to... Read more
Adobe Flash Player - Plug-in...
Adobe Flash Player is a cross-platform, browser-based application runtime that provides uncompromised viewing of expressive applications, content, and videos across browsers and operating systems.... Read more
Drive Genius 5.2.0 - $79.00
Drive Genius features a comprehensive Malware Scan. Automate your malware protection. Protect your investment from any threat. The Malware Scan is part of the automated DrivePulse utility. DrivePulse... Read more
MegaSeg 6.0.6 - Professional DJ and radi...
MegaSeg is a complete solution for pro audio/video DJ mixing, radio automation, and music scheduling with rock-solid performance and an easy-to-use design. Mix with visual waveforms and Magic... Read more
ffWorks 1.0.7 - Convert multimedia files...
ffWorks (was iFFmpeg), focused on simplicity, brings a fresh approach to the use of FFmpeg, allowing you to create ultra-high-quality movies without the need to write a single line of code on the... Read more
Dash 4.1.5 - Instant search and offline...
Dash is an API documentation browser and code snippet manager. Dash helps you store snippets of code, as well as instantly search and browse documentation for almost any API you might use (for a full... Read more
Evernote 7.0.3 - Create searchable notes...
Evernote allows you to easily capture information in any environment using whatever device or platform you find most convenient, and makes this information accessible and searchable at anytime, from... Read more
jAlbum Pro 15.3 - Organize your digital...
jAlbum Pro has all the features you love in jAlbum, but comes with a commercial license. You can create gorgeous custom photo galleries for the Web without writing a line of code! Beginner-friendly... Read more

Latest Forum Discussions

See All

All the best games on sale for iPhone an...
It might not have been the greatest week for new releases on the App Store, but don't let that get you down, because there are some truly incredible games on sale for iPhone and iPad right now. Seriously, you could buy anything on this list and I... | Read more »
Everything You Need to Know About The Fo...
In just over a week, Epic Games has made a flurry of announcements. First, they revealed that Fortnite—their ultra-popular PUBG competitor—is coming to mobile. This was followed by brief sign-up period for interested beta testers before sending out... | Read more »
The best games that came out for iPhone...
It's not been the best week for games on the App Store. There are a few decent ones here and there, but nothing that's really going to make you throw down what you're doing and run to the nearest WiFi hotspot in order to download it. That's not to... | Read more »
Death Coming (Games)
Death Coming Device: iOS Universal Category: Games Price: $1.99, Version: (iTunes) Description: --- Background Story ---You Died. Pure and simple, but death was not the end. You have become an agent of Death: a... | Read more »
Hints, tips, and tricks for Empires and...
Empires and Puzzles is a slick match-stuff RPG that mixes in a bunch of city-building aspects to keep things fresh. And it's currently the Game of the Day over on the App Store. So, if you're picking it up for the first time today, we thought it'd... | Read more »
What You Need to Know About Sam Barlow’s...
Sam Barlow’s follow up to Her Story is #WarGames, an interactive video series that reimagines the 1983 film WarGames in a more present day context. It’s not exactly a game, but it’s definitely still interesting. Here are the top things you should... | Read more »
Pixel Plex Guide - How to Build Better T...
Pixel Plex is the latest city builder that has come to the App Store, and it takes a pretty different tact than the ones that came before it. Instead of being in charge of your own city by yourself, you have to work together with other players to... | Read more »
Fortnite Will Be Better Than PUBG on Mob...
Before last week, if you asked me which game I prefer between Fortnite Battle Royale and PlayerUnknown’s Battlegrounds (PUBG), I’d choose the latter just about 100% of the time. Now that we know that both games are primed to hit our mobile screens... | Read more »
Siege of Dragonspear (Games)
Siege of Dragonspear 2.5.12 Device: iOS Universal Category: Games Price: $9.99, Version: 2.5.12 (iTunes) Description: Experience the Siege of Dragonspear, an epic Baldur’s Gate tale, filled with with intrigue, magic, and monsters.... | Read more »
7 Wonders Guide - Should You Buy The Lea...
The fantastic mobile version of 7 Wonders just got updated with an expansion that adds Leaders to the game. This new content adds a whole layer of depth to the game, but before you spend $1.99 to buy it blindly, check out this breakdown of exactly... | Read more »

Price Scanner via

B&H drops prices on 15″ MacBook Pros up t...
B&H Photo has dropped prices on new 2017 15″ MacBook Pros, now up to $300 off MSRP and matching Adorama’s price drop yesterday. Shipping is free, and B&H charges sales tax for NY & NJ... Read more
Apple restocks Certified Refurbished 2017 13″...
Apple has restocked Certified Refurbished 2017 13″ 2.3GHz MacBook Pros for $200-$230 off MSRP. A standard Apple one-year warranty is included with each MacBook, models receive new outer cases, and... Read more
13″ Space Gray Touch Bar MacBook Pros on sale...
Adorama has new 2017 13″ Space Gray Touch Bar MacBook Pros on sale for $150 off MSRP. Shipping is free, and Adorama charges sales tax in NY & NJ only: – 13″ 3.1GHz/256GB Space Gray MacBook Pro (... Read more
Best deal of the year on 15″ Apple MacBook Pr...
Adorama has New 2017 15″ MacBook Pros on sale for up to $300 off MSRP. Shipping is free, and Adorama charges sales tax in NJ and NY only: – 15″ 2.8GHz Touch Bar MacBook Pro Space Gray (MPTR2LL/A): $... Read more
Save $100-$150+ on 13″ Touch Bar MacBook Pros...
B&H Photo has 13″ Touch Bar MacBook Pros on sale for $100-$150 off MSRP. Shipping is free, and B&H charges sales tax for NY & NJ residents only: – 13″ 3.1GHz/256GB Space Gray MacBook Pro... Read more
Current deals on 27″ Apple iMacs, models up t...
B&H Photo has 27″ iMacs on sale for up to $150 off MSRP. Shipping is free, and B&H charges sales tax for NY & NJ residents only: – 27″ 3.8GHz iMac (MNED2LL/A): $2149 $150 off MSRP – 27″ 3... Read more
Thursday Deal: 13″ 2.3GHz MacBook Pro for $11...
B&H Photo has the 13″ 2.3GHz/128GB Space Gray MacBook Pro on sale for $100 off MSRP. Shipping is free, and B&H charges sales tax for NY & NJ residents only: – 13-inch 2.3GHz/128GB Space... Read more
How to save $100-$190 on 10″ & 12″ iPad P...
Apple is now offering Certified Refurbished 2017 10″ and 12″ iPad Pros for $100-$190 off MSRP, depending on the model. An Apple one-year warranty is included with each model, and shipping is free: –... Read more
Silver 12″ 1.3GHz MacBook on sale at B&H...
B&H Photo has the 2017 12″ 1.3GHz Silver MacBook on sale for $1399.99 including free shipping plus sales tax for NY & NJ residents only. Their price is $200 off MSRP, and it’s the lowest... Read more
Amazon offers 21″ Apple iMacs for up to $150...
Amazon 21″ iMacs on sale today for $50-$150 off MSRP, depending on the model. Shipping is free: – 21″ 3.4GHz 4K iMac (MNE02LL/A): $1349.99 $150 off MSRP – 21″ 3.0GHz iMac (MNDY2LL/A): $1199 $100 off... Read more

Jobs Board

Data Scientist, *Apple* Ecosystem (AMP Anal...
# Data Scientist, Apple Ecosystem (AMP Analytics) Job Number: 113428728 Santa Clara Valley, California, United States Posted: 24-Jan-2018 Weekly Hours: 40.00 **Job Read more
*Apple* Solutions Consultant - Apple (United...
# Apple Solutions Consultant Job Number: 113523441 Orange, CA, California, United States Posted: 21-Feb-2018 Weekly Hours: 40.00 **Job Summary** Are you passionate Read more
*Apple* Professional Learning Specialist - A...
# Apple Professional Learning Specialist Job Number: 113456892 Englewood, NJ, New Jersey, United States Posted: 02-Feb-2018 Weekly Hours: 40.00 **Job Summary** The Read more
*Apple* Retail Online, Senior Financial Anal...
# Apple Retail Online, Senior Financial Analyst Job Number: 57228835 Santa Clara Valley, California, United States Posted: 12-Feb-2018 Weekly Hours: 40.00 **Job Read more
Site Reliability Engineer, *Apple* Pay - Ap...
# Site Reliability Engineer, Apple Pay Job Number: 113356036 Santa Clara Valley, California, United States Posted: 12-Jan-2018 Weekly Hours: 40.00 **Job Summary** Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.