Library Resources

macOS-specific system resources are stored in Library folders throughout the system volume. A system resource is a resource that is not a general-use app or a user file. The Library folder keeps user and system resources organized and separated from the items you use every day.

You should be familiar with these system resources:

• Application Support—This folder is in the user and local Library folders. Any ancillary data needed by an app might be in this folder. For example, it often contains help files or templates for an app.

• Containers and Group Containers—These folders contain resources for sandboxed apps. There is more information about these folders later in this section.

• Extensions—Kernel extensions (kexts) and third-party kernel extensions (sometimes referred to as legacy system extensions, legacy kernel extensions or deprecated kernel extensions) are found only in the /Library and /System/Library folders. Kernel extensions are low-level drivers that attach themselves to the kernel, or core, of the operating system, and that provide driver support for hardware, networking, and peripherals. Kernel extensions load and unload automatically; they’re are covered in greater detail in Lesson 9.9, “Approve Third-Party Kernel Extensions.”

• Fonts—Fonts are files that describe typefaces used for both screen display and printing. Font management is covered later in this lesson.

• Frameworks—Frameworks are repositories of shared code used among different parts of the operating system or apps. Frameworks load and unload automatically. You can view your Mac computer’s currently loaded frameworks with System Information.

• Keychains—Keychains are used to securely store sensitive information, including passwords, certificates, keys, Safari AutoFill information, and notes. Keychain technology is covered in Lesson 9, “Manage Security and Privacy.”

• LaunchDaemons and LaunchAgents—These define processes that start with the launchd process. macOS uses many background processes that are started by launchd. LaunchAgents are used for processes that need to start up only when a user is logged in, whereas LaunchDaemons are used to start processes that always run in the background, even when no users are logged in. More about launchd can be found in Lesson 28, “Troubleshoot Startup and System Issues.”

• Logs—Many system processes and apps record progress or error messages to log files. You can inspect log files using Console.

• PreferencePanes—PreferencePanes are used by System Preferences to provide interfaces for system configuration. Using System Preferences is covered in Lesson 3, “Set Up and Configure macOS.”

• Preferences—Preferences are used to store system and app configuration settings. Every time you configure a setting for any app or system function, it is saved to a preference file. Because preferences play such a critical role in system functionality, troubleshooting preference files is covered separately in Lesson 20, “Manage and Troubleshoot Apps.”

Resource Hierarchy

Library folders are in separate domains: user, local, network, and system (network domains are legacy and outside the scope of this guide). Segregating resources into domains provides increased administrative flexibility, resource security, and system reliability. With resource domains you can choose to allocate certain resources to all users or just specific users. Standard users can add resources to their own home folder only and cannot access other users’ resources.

The system resource domains are, in order:

• User—Each user has their own Library folder in the home folder for resources. When resources are placed here, only the user has access to them. The user’s Library folder is hidden by default to prevent users from accidentally making changes that could be detrimental. Many apps and processes continue to rely on this location for resources.

• Local—Both /Applications and /Library are part of the local resource domain. Any resources placed in these two folders are available to all local user accounts. By default, only administrator users can make changes to local resources.

• System—The system domain encompasses the items necessary to provide core system functionality. This includes an app folder located at /System/Library/CoreServices/Applications. Many hidden items at the root of the system volume also make up the system resource domain, but the only one the Finder displays is the /System/Library folder. With SIP enabled, no user or process can modify most of the /System folder.

With different domains containing resources, multiple copies of similar resources may be available to the Mac and user. macOS handles this by searching for resources from the most specific (those in the user domain) to the least specific (those in the system domain). The following graphic represents the order in which resource contention is resolved from a user’s home folder (1) to the System folder (3).

If multiple similar resources are discovered, macOS uses the resource most specific to the user. For example, if two versions of the font Times New Roman are found—one in the local Library and one in the user’s Library—macOS uses the copy of the font in the user’s Library.

App Sandbox Containers

App sandbox containers enhance running-app security. Sandboxed apps are allowed access only to the specific items they need to function. Most apps built into macOS and apps from the App Store are sandboxed apps.

Sandboxed apps can access special folders that are referred to as containers. macOS manages the content of these containers to ensure that an app isn’t allowed access to other items in the file system. A user opening a document outside of an app container is the only way a sandboxed app is allowed access outside of its container.

App containers are in ~/Library/Containers. When a sandboxed app starts up the first time, macOS creates a container folder for the app if it doesn’t exist already, named with its bundle identifier. The bundle identifier identifies an app by its creator and app title. For example, the container folder for News is ~/Library/Containers/com.apple.News. The Finder may display the container with the app’s name and custom icon.

The root content of an app container is a hidden property list file (with the extension .plist) containing app information, a Data folder, and possibly an OldData folder. The Data folder is the app’s current active container. Any OldData folder you find contains previously used app items. The content of the Data folder mostly mimics the user home folder, but with one key distinction: it contains only the items that the app is allowed to access.

Items created and managed by the sandboxed app are the only original items in the container Data folder. If a user enables iCloud Drive, you might also find a CloudKit folder for maintaining items stored in iCloud.

Items that originated from other apps or a user’s file-opening action are represented as symbolic links that point to the original item outside of the container. macOS creates these symbolic links when the user opens an item in the sandboxed app. With external items represented in this way, an item can stay in its original location while also being accessible to a sandboxed app that can access only its own container.

App Group Containers

Although a user can allow sandboxed apps to access files beyond the app container, sandboxing prevents apps from doing this automatically. To facilitate sharing app resources automatically, developers of sandboxed apps can request that macOS create a shared app group container.

The ~/Library/Group Containers folder contains shared app containers. When a sandboxed app starts up the first time and requests access to share app resources, macOS creates a group container folder for the app, named with its bundle identifier.

Unlike app sandbox containers that simulate an entire user home folder, app group containers hold only items to be shared between apps. Using Notes as an example, in the previous screenshot the Finder displays the NoteStore database and other files. In this instance, the Notes data is shared so that other apps can access user note entries. macOS controls access to this to ensure that only Apple-verified processes can access the user’s Notes database.

Troubleshoot System Resources

You may experience an error message calling out an issue with a specific item, but you may also experience a situation where the item appears to be missing. macOS ignores a system resource if it determines that the resource is corrupted or missing. Replace the suspect or missing item with a working copy.

When troubleshooting system resources, remember the resource domain hierarchy. Using fonts as an example, you may load a version of a font in the local Library folder as required by your workflow to operate properly. In spite of this, a user may load another version of the same font in their home folder. In this case, the user might experience workflow problems even though it appears that they are using the correct font.

Logging in with another account is a quick way to determine whether the problem is in the user’s home folder. You can also use System Information to list active system resources. System Information shows the file path of the loaded system resources, so you can spot resources that are loading from the user’s Library.

Install Fonts Using Font Book

macOS includes a font-management tool, Font Book, which automatically installs fonts for you. Font Book can also be used to organize fonts into more manageable collections, enable or disable fonts to simplify font lists, and resolve duplicate fonts. Exercise 15.1, “Manage Font Resources,” has detailed instructions for managing fonts.

macOS Monterey provides fonts in three categories:

• Fonts included with macOS Monterey—fonts installed and enabled automatically

• Fonts available for download in macOS Monterey with Font Book—fonts you can download and enable using Font Book

• Fonts available for document support in macOS Monterey—fonts that are available only in documents that already use the font, or in apps that request the font by name

You can use Font Book to restore fonts that were originally installed with macOS Monterey. The following illustration highlights two features of Font Book. The command File > Restore Standard Fonts will restore the original fonts that were installed with macOS Monterey, and clicking the highlighted Download button will download and install the font Spot Mono Medium.

Add a Font

You can use Font Book to install a font that only one user of the Mac can use.

1. Verify that no users have Fast User Switching sessions active. If users other than John are logged in, log them out.

2. If necessary, log in as John Appleseed.

3. Open Font Book, which is in the /Applications folder.

4. Choose Font Book > Preferences (Command-Comma).

5. Ensure that Default Install Location is set to User.

   

6. Close Font Book preferences.

7. Switch to the Finder, then open /Users/Shared/StudentMaterials/Lesson15.

8. Double-click the font OpenSans-Regular.ttf.

   This opens OpenSans-Regular.ttf in Font Book, which shows a preview of the font and gives you the option to install it.

   

9. Click Install Font.

10. If necessary, select User in the sidebar.

    Open Sans is the only font that’s installed for John’s user account.

    

11. Select All Fonts from the sidebar, then scroll to find the instance of Open Sans.

    Since this view shows all available fonts, including those installed for the current user and those installed for all Mac users, Open Sans appears in the list.

12. Control-click Open Sans, then choose Show in Finder from the shortcut menu.

    

    The Finder opens a window that displays the font file.

13. If necessary, widen the Finder window, then choose View > as Columns. You can also click the column view button in the toolbar or use the shortcut Command-3.

    

14. To verify your location, choose View > Show Path Bar.

    The path bar at the bottom of the window shows that the font file is in the Fonts folder in John’s user library, previously referred to as ~/Library/Fonts, /Users/john/Library/Fonts, and Macintosh HD > Users > john > Library > Fonts. It’s the only font installed there.

    

Confirm a Font Is Unavailable to Other Users

If you log in as a different user, even as an administrator, you don’t have access to the fonts in John’s Fonts folder.

1. Use Fast User Switching to switch to the Local Administrator account.

2. Open Font Book, then look for the Open Sans font.

   Open Sans doesn’t appear in Font Book for the Local Administrator account. At this time, you could add Open Sans to this account, just as you added it to John’s account. You would have to copy the font file to a location that Local Administrator can access or install it to the location for all users, /Library/Fonts.

   

3. Quit Font Book.

4. Log out of Local Administrator.

Make a Font Available to Other Users

Move Open Sans to the Fonts folder for all users.

1. Log in as John Appleseed, then, if necessary, open Font Book.

2. Control-click Open Sans and choose Remove “Open Sans” Family.

   

3. In the dialog that appears, click Remove.

   

   Open Sans is removed from John’s Fonts folder (/Users/john/Library/Fonts) and placed in the Trash.

4. Choose Font Book > Preferences (Command-Comma), then change Default Install Location to Computer.

5. Close Font Book preferences.

6. Switch to the Finder, then open /Users/Shared/StudentMaterials/Lesson15.

7. Double-click the font OpenSans-Regular.ttf.

8. Click Install Font.

9. Authenticate as Local Administrator.

10. In Font Book, control-click Open Sans, then choose Show in Finder from the shortcut menu.

    The Finder opens a window that displays the font file. Notice that in the path bar, Open Sans is now installed in /Library/Fonts, which makes it available to all users.

    

Disable a Font

Use Font Book to watch what happens when you disable a font.

1. Switch back to Font Book.

2. Locate Open Sans in the Font column.

3. Select Open Sans, then click the Disable button in the toolbar.

   

4. In the confirmation dialog, click Disable.

   This disables the font. Confirm that the word Off appears next to the Open Sans font in Font Book.

5. In the Finder, navigate to the folder /Library/Fonts.

6. Observe that the font Open Sans is still in the folder.

   Disabling a font in Font Book does not remove it from its installed location. Even though the font is disabled for use, Font Book shows a real-time display of the fonts in the macOS search path.

Validate Fonts

Because you changed your font configuration, you use Font Book to check your new setup.

1. In the Font Book window, select All Fonts in the sidebar, click any font in the Font column, then press Command-A to select all fonts.

2. Choose File > Validate Fonts.

   Font Book reads and validates the font files, then checks for corruption.

   

3. When the validation scan finishes, quit Font Book.

4. Log out as John Appleseed.