General Information about macOS

Apple Keyboard

Table 1. Special Keys on Apple Keyboards

Command Key

Option Key

Shift Key







Table 2. Special Characters on Apple Keyboards

Special Character












British Pound











[Alt]+[Shift]+[+] 






[Alt]+[N] (followed by Space Bar)


Open Round Bracket



Close Round Bracket



Square Bracket Open



Square Bracket Close



Curly Bracket Open



Curly Bracket Close









Pipe (Vertical Line)


Right Double Quote


Left Double Quote


Low Single Quote


High Single Quote



Double Right Angle Quote



Double Left Angle Quote


Single Right Angle Quote


Single Left Angle Quote







Less than Equal


Greater than Equal









Plus or Minus















Check Mark


The opsi Product m-homebrew

There are a number of package management programs for macOS that you can use to install common open source applications on macOS:

We offer our own localboot product, m-homebrew, which installs Homebrew on macOS clients. After installation, the brew command becomes available, allowing you to download and install programs from the Internet. Homebrew can install fully compiled binaries or download source code and build the program locally.

Homebrew requires command line tools for developers. Consequently, the m-homebrew package depends on the opsi package m-xcode-tools, which is automatically installed.

For security reasons, Homebrew is designed so that the brew command cannot be executed as the user root. To accommodate this, a hidden user account named opsisetupadmin is created during the installation of the client agent (see the section [opsi-macclient-hints-opsisetupadmin]). The opsisetupadmin account "owns" the entire Homebrew system, and you should use this account to install software on the computer with brew.

To execute the brew command as the opsisetupadmin user with root privileges:

sudo -H -u opsisetupadmin /usr/local/bin/brew

This procedure is also used by the product m-javavm to install the Java runtime environment:

sudo -H -u opsisetupadmin /usr/local/bin/brew tap sap/sapmachine
EC=$?; if [ $EC -ne 0 ]; then EXITCODE=$EC; fi
sudo -H -u opsisetupadmin /usr/local/bin/brew install --cask sapmachine-jdk
EC=$?; if [ $EC -ne 0 ]; then EXITCODE=$EC; fi

Homebrew: Tips and Tricks

We have compiled a few links on the subject here:

The macOS Account opsisetupadmin

As noted, a hidden user account named opsisetupadmin is created when the client agent is installed. This account has no password and is not intended for login purposes. The home directory of opsisetupadmin is /var/opsisetupadmin. This user has permissions to use the brew command. The directory /var/opsisetupadmin/opsi_depot serves as the mount point where the opsiclientd mounts the depot share.

The share is mounted under the home directory of opsisetupadmin as access to shares that are not mounted in a user directory is severely restricted.

Granting Full Disk Access

Following the macOS updates officially released by Apple in December 2023, it has become necessary to grant full disk access to the opsiclientd process to facilitate normal functioning of the opsi-mac-client-agent. This adjustment can be made in the macOS system settings under Privacy & Security or through an Apple MDM message using the type PrivacyPreferencesPolicyControl. Note that this step is not necessary for operation in WAN mode.

opsi Directories under macOS

On a macOS client there are the following important opsi directories:

  • /var/log/opsi-script: opsi-script logfiles

  • /var/log/opsi-client-agent: other opsi logfiles

  • /usr/local/bin/opsi*: executable opsi programs

  • /Applications/ program directory of opsi-script

  • /etc/opsi-client-agent: Configuration files of the macOS client agent

  • /etc/opsi-script: opsi-script configuration files

  • /usr/local/lib: auxiliary libraries, e.g. for SSL, Ncursesi, etc.

  • /usr/local/share/opsi-client-agent: client agent

  • /usr/local/share/opsi-script: opsi-script

  • /var/opsisetupadmin: home directory of the opsisetupadmin account

  • /var/lib/opsi-client-agent/opsiclientd: SQLite database for the timeline on the opsiclientd info page (see the section opsiclientd Info Page)

  • /Library/LaunchDaemons: configuration for opsi services

  • /Library/LaunchAgents: configuration of the systray program

Special Considerations for Packagers

macOS is based on BSD Unix, so it has a typical Unix file system structure. For security reasons, there are areas reserved exclusively for Apple. The following tips are essential for creating macOS opsi products:

  • /Applications: This is where the graphical applications reside. Each program has its own folder in /Applications; these directories are named <program>.app. However, Finder does not display these directories as folders but as program launchers for the respective applications. The <program>.app directories follow a specific structure.

  • The directories /sbin, /bin, /usr/bin, /usr/share, and /usr/lib are reserved for Apple. Use the directories /usr/local/bin, /usr/local/share, and /usr/local/lib for your customizations.