All entries marked with FOLDOC are based on definitions in the Free Online Dictionary of Computing (, Denis Howe, editor. Used with permission.

See private address space on page 948.

See private address space on page 948.

See private address space on page 948.


A family of specifications developed by IEEE for wireless LAN technology, including 802.11 (12 megabits per second), 802.11a (54 megabits per second), 802.11b (11 megabits per second), and 802.11g (54 megabits per second). Apple refers to 802.11b as Airport, and 802.11g as Airport Extreme.

absolute pathname

A pathname that starts with the root directory (/). An absolute pathname locates a file without regard to the working directory.


In computer jargon, a verb meaning to use, read from, or write to. To access a file means to read from or write to the file.

Access Control List

See ACL.

access permission

Permission to read from, write to, or execute a file. If you have write access permission to a file, you can write to the file. Also access privilege.


Access Control List. A system that performs a function similar to file permissions but with much finer-grain control.

active window

On a desktop, the window that receives the characters you type on the keyboard. Same as focus, desktop (page 933).

address mask

See subnet mask on page 956.


Apple's name for 802.11 wireless technology.


A mechanism of a shell that enables you to define new commands. Also, in Macintosh documentation, a near-synonym for link (page 940).

alphanumeric character

One of the characters, either uppercase or lowercase, from A to Z and 0 to 9, inclusive.

ambiguous file reference

A reference to a file that does not necessarily specify any one file but can be used to specify a group of files. The shell expands an ambiguous file reference into a list of filenames. Special characters represent single characters (?), strings of zero or more characters (*), and character classes ([]) within ambiguous file references. An ambiguous file reference is a type of regular expression (page 950).

angle bracket

A left angle bracket (<) and a right angle bracket (>). The shell uses < to redirect a command's standard input to come from a file and > to redirect the standard output. The shell uses the characters << to signify the start of a Here document and >> to append output to a file.


When referring to a window action, means that the action is slowed down so the user can view it. For example, when you minimize a window, it can disappear all at once (not animated) or it can slowly telescope into the panel so you can get a visual feel for what is happening (animated).


Adding gray pixels at the edge of a diagonal line to get rid of the jagged appearance and thereby make the line look smoother. Anti-aliasing sometimes makes type on a screen look better and sometimes worse; it works best on small and large fonts and is less effective on fonts from 8 to 15 points. See also subpixel hinting (page 956).


Application program interface. The interface (calling conventions) by which an application program accesses an operating system and other services. An API is defined at the source code level and provides a level of abstraction between the application and the kernel (or other privileged utilities) to ensure the portability of the code.FOLDOC


To add something to the end of something else. To append text to a file means to add the text to the end of the file. The shell uses >> to append a command's output to a file.


A small program that runs within a larger program. Examples are Java applets that run in a browser and panel applets that run from a desktop panel.


A file that contains a group of smaller, typically related, files. Also, to create such a file. The tar, cpio, and pax utilities can create and read archives.


A number, letter, filename, or another string that gives some information to a command and is passed to the command when it is called. A command line argument is anything on a command line following the command name that is passed to the command. An option is a kind of argument.

arithmetic expression

A group of numbers, operators, and parentheses that can be evaluated. When you evaluate an arithmetic expression, you end up with a number. The Bourne Again Shell uses the expr command to evaluate arithmetic expressions; the TC Shell uses @; and the Z Shell uses let.


An arrangement of elements (numbers or strings of characters) in one or more dimensions. The Bourne Again, TC, and Z Shells and awk can store and process arrays.


American Standard Code for Information Interchange. A code that uses seven bits to represent both graphic (letters, numbers, and punctuation) and CONTROL characters. You can represent textual information, including program source code and English text, in ASCII code. Because ASCII is a standard, it is frequently used when exchanging information between computers. See the file /usr/share/misc/ascii or give the command man ascii to see a list of ASCII codes.

Extensions of the ASCII character set use eight bits. The seven-bit set is common; the eight-bit extensions are still coming into popular use. The eighth bit is sometimes referred to as the metabit.

ASCII terminal

A text-based terminal. Contrast with graphical display (page 934).


Application service provider. A company that provides applications over the Internet.

asynchronous event

An event that does not occur regularly or synchronously with another event. Mac OS X system signals are asynchronous; they can occur at any time because they can be initiated by any number of nonregular events.


A file that is attached to, but is not part of, a piece of email. Attachments are frequently opened by programs (including your Internet browser) that are called by your mail program so you may not be aware that they are not an integral part of an email message.


Flags and other data associated with a file. Under OS X, includes file attributes (page 932). See also extended attributes (page 932).


The verification of the identity of a person or process. In a communication system, authentication verifies that a message comes from its stated source. PAM handles authentication on an OS X system.FOLDOC

automatic mounting

A way of demand mounting directories from remote hosts without having them hard configured into /etc/fstab. Also called automounting. By default Mac OS X automounts remote directories.


An object, such as a panel, that should not normally be covered by another object, such as a window.

back door

A security hole deliberately left in place by the designers or maintainers of a system. The motivation for creating such holes is not always sinister; some operating systems, for example, come out of the box with privileged accounts intended for use by field service technicians or the vendor's maintenance programmers.

Ken Thompson's 1983 Turing Award lecture to the ACM revealed the existence, in early UNIX versions, of a back door that may be the most fiendishly clever security hack of all time. The C compiler contained code that would recognize when the login command was being recompiled and would insert some code recognizing a password chosen by Thompson, giving him entry to the system whether or not an account had been created for him.

Normally such a back door could be removed by removing it from the source code for the compiler and recompiling the compiler. But to recompile the compiler, you have to use the compiler, so Thompson arranged that the compiler would recognize when it was compiling a version of itself. It would insert into the recompiled compiler the code to insert into the recompiled login the code to allow Thompson entry, and, of course, the code to recognize itself and do the whole thing again the next time around. Having done this once, he was then able to recompile the compiler from the original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources.

Sometimes called a wormhole. Also trap door.FOLDOC

background process

A process that is not run in the foreground. Also called a detached process, a background process is initiated by a command line that ends with an ampersand (&). You do not have to wait for a background process to run to completion before giving the shell additional commands. If you have job control, you can move background processes to the foreground, and vice versa.


The name of a file that, in contrast with a pathname, does not mention any of the directories containing the file (and therefore does not contain any slashes [/]). For example, hosts is the basename of /etc/hosts.FOLDOC


The maximum information-carrying capacity of a communication channel in symbols (state transitions or level transitions) per second. It coincides with bits per second only for two-level modulation with no framing or stop bits. A symbol is a unique state of the communication channel, distinguishable by the receiver from all other possible states. For example, it may be one of two voltage levels on a wire for a direct digital connection, or it might be the phase or frequency of a carrier.FOLDOC

Baud is often mistakenly used as a synonym for bits per second.

baud rate

Transmission speed. Usually used to measure terminal or modem speed. Common baud rates range from 110 to 38,400 baud. See baud.

Berkeley UNIX

One of the two major versions of the UNIX operating system. Berkeley UNIX was developed at the University of California at Berkeley by the Computer Systems Research Group and is often referred to as BSD (Berkeley Software Distribution).


Berkeley Internet Name Domain. An implementation of a DNS (page 930) server developed and distributed by the University of California at Berkeley


Basic Input/Output System. On PCs, EEPROM-based (page 931) system software that provides the lowest-level interface to peripheral devices and controls the first stage of the bootstrap (page 923) process, which loads the operating system. The BIOS can be stored in different types of memory. The memory must be nonvolatile so that it remembers the system settings even when the system is turned off. Also BIOS ROM.


The smallest piece of information a computer can handle. A bit is a binary digit: either 1 or 0 (on or off).

bit depth

Same as color depth (page 926).

bit-mapped display

A graphical display device in which each pixel on the screen is controlled by an underlying representation of zeros and ones.

blank character

Either a SPACE or a TAB character, also called whitespace (page 961). In some contexts, NEWLINEs are considered blank characters.


A section of a disk or tape (usually 1,024 bytes long but shorter or longer on some systems) that is written at one time.

block device

A disk or tape drive. A block device stores information in blocks of characters. A block device is represented by a block device (block special) file. Contrast with character device (page 925).

block number

Disk and tape blocks are numbered so that Mac OS X can keep track of the data on the device.

blocking factor

The number of logical blocks that make up a physical block on a tape or disk. When you write 1K logical blocks to a tape with a physical block size of 30K, the blocking factor is 30.


See bootstrap.

boot loader

A very small program that takes its place in the bootstrap process that brings a computer from off or reset to a fully functional state.


Derived from "Pull oneself up by one's own bootstraps," the incremental process of loading an operating system kernel into memory and starting it running without any outside assistance. Frequently shortened to boot.

Bourne Again Shell

bash. GNU's command interpreter for UNIX, bash is a POSIX-compliant shell with full Bourne Shell syntax and some C Shell commands built in. The Bourne Again Shell supports emacs-style command line editing, job control, functions, and online help.FOLDOC

Bourne Shell

sh. This UNIX command processor was developed by Steve Bourne at AT&T Bell Laboratories.


A left brace ({) and a right brace (}). Braces have special meanings to the shell.


A square bracket (page 955) or an angle bracket (page 920).


In a tree structure, a branch connects nodes, leaves, and the root. The Mac OS X filesystem hierarchy is often conceptualized as an upside-down tree. The branches connect files and directories. In a source code control system, such as SCCS or RCS, a branch occurs when a revision is made to a file and is not included in subsequent revisions to the file.


Typically a two-port device originally used for extending networks at layer 2 (data link) of the Internet Protocol model.


A transmission to multiple, unspecified recipients. On Ethernet a broadcast packet is a special type of multicast packet that has a special address indicating that all devices that receive it should process it. Broadcast traffic exists at several layers of the network stack, including Ethernet and IP. Broadcast traffic has one source but indeterminate destinations (all hosts on the local network).

broadcast address

The last address on a subnet (usually 255), reserved as shorthand to mean all hosts.

broadcast network

A type of network, such as Ethernet, in which any system can transmit information at any time, and all systems receive every message.


See Berkeley UNIX on page 923.


An area of memory that stores data until it can be used. When you write information to a file on a disk, Mac OS X stores the information in a disk buffer until there is enough to write to the disk or until the disk is ready to receive the information.


An unwanted and unintended program property, especially one that causes the program to malfunction.FOLDOC

builtin (command)

A command that is built into a shell. Each of the three major shellsthe Bourne Again, TC, and Z Shellshas its own set of builtins. Refer to "Builtins" on page 138.


A component in the machine data hierarchy, usually larger than a bit and smaller than a word; now most often eight bits and the smallest addressable unit of storage. A byte typically holds one character.FOLDOC

C programming language

A modern systems language that has high-level features for efficient, modular programming as well as lower-level features that make it suitable for use as a systems programming language. It is machine independent so that carefully written C programs can be easily transported to run on different machines. Most of the Mac OS X operating system is written in C, and Mac OS X provides an ideal environment for programming in C.

C Shell

csh. The C Shell command processor was developed by Bill Joy for BSD UNIX. It was named for the C programming language because its programming constructs are similar to those of C. See shell on page 953.

cable modem

A type of modem that allows you to access the Internet by using your cable television connection.


Holding recently accessed data, a small, fast memory designed to speed up subsequent access to the same data. Most often applied to processor-memory access but also used for a local copy of data accessible over a network, from a hard disk, and so on.FOLDOC

calling environment

A list of variables and their values that is made available to a called program. Refer to "Executing a Command" on page 294.


An API (page 921) that has been in use since Mac OS 9 and provides compatibility with pre-UNIX Mac OS systems (OS 9 and later). Contrast with Cocoa (page 926).

cascading stylesheet

See CSS on page 928.

cascading windows

An arrangement of windows such that they overlap, generally with at least part of the title bar visible. Opposite of tiled windows (page 958).

case sensitive

Able to distinguish between uppercase and lowercase characters. Unless you set the ignorecase parameter, vim performs case-sensitive searches. The grep utility performs case-sensitive searches unless you use the i option.


To join sequentially, or end to end. The Mac OS X cat utility catenates files: It displays them one after the other. Also concatenate.

chain loading

The technique used by a boot loader to load unsupported operating systems. Used for loading such operating systems as DOS or Windows, it works by loading another boot loader.


A program, utility, or interface that works only with ASCII (page 921) characters. This set of characters includes some simple graphics, such as lines and corners, and can display colored characters. It cannot display true graphics. Contrast with GUI (page 934).

character-based terminal

A terminal that displays only characters and very limited graphics. See character-based.

character class

In a regular expression, a group of characters that defines which characters can occupy a single character position. A character-class definition is usually surrounded by square brackets. The character class defined by [abcr] represents a character position that can be occupied by a, b, c, or r. Also list operator.

In POSIX, used to refer to sets of characters with a common characteristic, denoted by the notation [:class:]; for example, [:upper:] denotes the set of uppercase letters.

character device

A terminal, printer, or modem. A character device stores or displays characters one at a time. A character device is represented by a character device (character special) file. Contrast with block device (page 923).


A computed value that depends on the contents of a block of data and is transmitted or stored along with the data to detect corruption of the data. The receiving system recomputes the checksum based on the received data and compares this value with the one sent with the data. If the two values are the same, the receiver has some confidence that the data was received correctly.

The checksum may be 8, 16, or 32 bits, or some other size. It is computed by summing the bytes or words of the data block, ignoring overflow. The checksum may be negated so that the total of the data words plus the checksum is zero.

Internet packets use a 32-bit checksum.FOLDOC

child process

A process that is created by another process, the parent process. Every process is a child process except for the first process, which is started when Mac OS X begins execution. When you run a command from the shell, the shell spawns a child process to run the command. See process on page 948.


Classless Inter-Domain Routing. A scheme that allocates blocks of Internet addresses in a way that allows summarization into a smaller number of routing table entries. A CIDR block is a block of Internet addresses assigned to an ISP by the Internic.FOLDOC


Common Internet File System. An Internet filesystem protocol based on SMB (page 953). CIFS runs on top of TCP/IP, uses DNS, and is optimized to support slower dial-up Internet connections. SMB and CIFS are used interchangeably.FOLDOC


Crypto IP Encapsulation (page 931). This protocol (page 949) tunnels (page 959) IP packets within encrypted UDP (page 959) packets, is lightweight and simple, and works over dynamic addresses, NAT (page 944), and SOCKS (page 954) proxies (page 949).

cipher (cypher)

A cryptographic system that uses a key to transpose/substitute characters within a message, the key itself, or the message.


Text that is encrypted. Contrast with plaintext (page 947).

Classless Inter-Domain Routing



Text that is not encrypted; also plaintext. Contrast with ciphertext.


Command line interface. See also character-based (page 925).


A computer or program that requests one or more services from a server.


The native API under Mac OS X. Cocoa is not compatible with Mac OS 9 and earlier. Contrast with Carbon (page 925).


Coder/decoder or compressor/decompressor. A hardware and/or software technology that codes and decodes data. MPEG is a popular CODEC for computer video.

color depth

The number of bits used to generate a pixelusually 8, 16, 24, or 32. The color depth is directly related to the number of colors that can be generated. The number of colors that can be generated is 2 raised to the color-depth power. Thus a 24-bit video adapter can generate about 16.7 million colors.

color quality

See color depth.

combo box

A combination of a list and text entry box. A user can either select an option from a provided list or enter his own option.


What you give the shell in response to a prompt. When you give the shell a command, it executes a utility, another program, a builtin command, or a shell script. Utilities are often referred to as commands. When you are using an interactive utility, such as vim or mail, you use commands that are appropriate to that utility.

command line

A line containing instructions and arguments that executes a command. This term usually refers to a line that you enter in response to a shell prompt on a character-based terminal or terminal emulator.

command substitution

Replacing a command with its output. The shells perform command substitution when you enclose a command between $( and ) or between a pair of back ticks (''), also called grave accent marks.

component architecture

A notion in object-oriented programming where "components" of a program are completely generic. Instead of having a specialized set of methods and fields, they have generic methods through which the component can advertise the functionality it supports to the system into which it is loaded. This strategy enables completely dynamic loading of objects. JavaBeans is an example of a component architecture.FOLDOC


See catenate on page 925.

condition code

See exit status on page 932.

connection-oriented protocol

A type of transport layer data communication service that allows a host to send data in a continuous stream to another host. The transport service guarantees that all data will be delivered to the other end in the same order as sent and without duplication. Communication proceeds through three well-defined phases: connection establishment, data transfer, and connection release. The most common example is TCP (page 957).

Also called connection-based protocol and stream-oriented protocol. Contrast with connectionless protocol and datagram (page 929).FOLDOC

connectionless protocol

The data communication method in which communication occurs between hosts with no previous setup. Packets sent between two hosts may take different routes. There is no guarantee that packets will arrive as transmitted or even that they will arrive at the destination at all. UDP (page 959) is a connectionless protocol. Also called packet switching. Contrast with circuit switching and connection-oriented protocol.FOLDOC


See system console on page 957.

console terminal

See system console on page 957.

control character

A character that is not a graphic character, such as a letter, number, or punctuation mark. Such characters are called control characters because they frequently act to control a peripheral device. RETURN and FORMFEED are control characters that control a terminal or printer.

The word CONTROL is shown in this book in THIS FONT because it is a key that appears on most terminal keyboards. Control characters are represented by ASCII codes less than 32 (decimal). See also nonprinting character on page 945.

control structure

A statement used to change the order of execution of commands in a shell script or other program. Each shell provides control structures (for example, if and while) as well as other commands that alter the order of execution (for example, exec). Also control flow commands.


Data stored on a client system by a server. The client system browser sends the cookie back to the server each time it accesses that server. For example, a catalog shopping service may store a cookie on your system when you place your first order. When you return to the site, it knows who you are and can supply your name and address for subsequent orders. You may consider cookies to be an invasion of privacy.


Central processing unit. The part of a computer that controls all the other parts. The CPU includes the control unit and the arithmetic and logic unit (ALU). The control unit fetches instructions from memory and decodes them to produce signals that control the other parts of the computer. These signals can cause data to be transferred between memory and ALU or peripherals to perform input or output. A CPU that is housed on a single chip is called a microprocessor. Also processor and central processor.


An individual who attempts to gain unauthorized access to a computer system. These individuals are often malicious and have many means at their disposal for breaking into a system. Contrast with hacker (page 934).FOLDOC


The system suddenly and unexpectedly stops or fails. Derived from the action of the hard disk heads on the surface of the disk when the air gap between the two collapses.


The practice and study of encryption and decryptionencoding data so that only a specific individual or machine can decode it. A system for encrypting and decrypting data is a cryptosystem. Such systems usually rely on an algorithm for combining the original data (plaintext) with one or more keysnumbers or strings of characters known only to the sender and/or recipient. The resulting output is called ciphertext (page 926).

The security of a cryptosystem usually depends on the secrecy of keys rather than on the supposed secrecy of an algorithm. Because a strong cryptosystem has a large range of keys, it is not possible to try all of them. Ciphertext appears random to standard statistical tests and resists known methods for breaking codes.FOLDOC

.cshrc file

In your home directory, a file that the TC Shell executes each time you invoke a new TC Shell. You can use this file to establish variables and aliases.


Cascading stylesheet. Describes how documents are presented on screen and in print. Attaching a stylesheet to a structured document can affect the way it looks without adding new HTML (or other) tags and without giving up device independence. Also stylesheet.

current (process, line, character, directory, event, and so on)

The item that is immediately available, working, or being used. The current process is the program you are running, the current line or character is the one the cursor is on, and the current directory is the working directory.


A small lighted rectangle, underscore, or vertical bar that appears on the terminal screen and indicates where the next character will appear. Differs from the mouse pointer (page 943).


A program that is not invoked explicitly but lies dormant, waiting for some condition(s) to occur. The perpetrator of the condition need not be aware that a daemon is lurking (although often a program will commit an action only because it knows that it will implicitly invoke a daemon). From the mythological meaning, later rationalized as the acronym Disk And Execution MONitor.FOLDOC

data fork

One of two fork (page 933) of a file on an HFS+ filesystem HFS+ (page 935). The data fork holds arbitrary data. Contrast with resource fork (page 951).

data structure

A particular format for storing, organizing, working with, and retrieving data. Frequently, data structures are designed to work with specific algorithms that facilitate these tasks. Common data structures include trees, files, records, tables, arrays, and so on.


A self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network. UDP (page 959) uses datagrams; IP (page 938) uses packets (page 946). Packets are indivisible at the network layer; datagrams are not.FOLDOC See also frame (page 933).


A computer, usually a workstation, that uses a local disk to boot a copy of the operating system and access system files but does not use a local disk to store user files.


A standard, simple database manager. Implemented as gdbm (GNU database manager), it uses hashes to speed searching. The most common versions of the dbm database are dbm, ndbm, and gdbm.

DDoS attack

Distributed denial of service attack. A DoS attack (page 931) from many systems that do not belong to the perpetrator of the attack.


To correct a program by removing its bugs (that is, errors).


Something that is selected without being explicitly specified. For example, when used without an argument, ls displays a list of the files in the working directory by default.


A set of changes made to a file that has been encoded by the Source Code Control System (SCCS).

denial of service

See DoS attack on page 931.


When speaking of symbolic links, follow the link rather than working with the reference to the link. For example, the L option causes ls to list the entry that a symbolic link points to rather than the symbolic link (the reference) itself.


A collection of windows, toolbars, icons, and buttons, some or all of which appear on your display. A desktop comprises one or more workspaces (page 961).

desktop manager

An icon- and menu-based user interface to system services that allows you to run applications and use the filesystem without using the system's command line interface.

detached process

See background process on page 922.


A disk drive, printer, terminal, plotter, or other input/output unit that can be attached to the computer.

device driver

Part of the Mac OS X kernel that controls a device, such as a terminal, disk drive, or printer.

device file

A file that represents a device. Also special file.

device filename

The pathname of a device file. Mac OS X systems have two kinds of device files: block and character device files. Mac OS X also has FIFOs (named pipes) and sockets. Device files are traditionally located in the /dev directory.

device number

See major device number (page 942) and minor device number (page 943).


Dynamic Host Configuration Protocol. A protocol that dynamically allocates IP addresses to computers on a LAN.FOLDOC


Short for directory file. A file that contains a list of other files.

directory hierarchy

A directory, called the root of the directory hierarchy, and all the directory and ordinary files below it (its children).

directory service

A structured repository of information on people and resources within an organization, facilitating management and communication.FOLDOC

disk partition

See partition on page 946.


A computer, usually a workstation, that has no disk and must contact another computer (a server) to boot a copy of the operating system and access the necessary system files.

distributed computing

A style of computing in which tasks or services are performed by a network of cooperating systems, some of which may be specialized.


Demilitarized zone. A host or small network that is a neutral zone between a LAN and the Internet. It can serve Web pages and other data to the Internet and allow local systems access to the Internet while preventing LAN access to unauthorized Internet users. Even if a DMZ is compromised, it holds no data that is private and none that cannot be easily reproduced.


Domain Name Service. A distributed service that manages the correspondence of full hostnames (those that include a domain name) to IP addresses and other system characteristics.

DNS domain name

See domain name.

document object model

See DOM.


Document Object Model. A platform-/language-independent interface that enables a program to update the content, structure, and style of a document dynamically. The changes can then be made part of the displayed document. Go to for more information.

domain name

A name associated with an organization, or part of an organization, to help identify systems uniquely. Technically, the part of the FQDN (page 933) to the right of the leftmost period. Domain names are assigned hierarchically. The domain refers to the University of California at Berkeley, for example; it is part of the top-level edu (education) domain. Also DNS domain name. Different than NIS domain name (page 945).

Domain Name Service

See DNS.


An evolving filesystem-based RPC (page 952) mechanism.

DoS attack

Denial of service attack. An attack that attempts to make the target host or network unusable by flooding it with spurious traffic.


Display Power Management Signaling. A standard that can extend the life of CRT monitors and conserve energy. DPMS supports four modes for a monitor: Normal, Standby (power supply on, monitor ready to come to display images almost instantly), Suspend (power supply off, monitor takes up to ten seconds to display an image), and Off.


To move an icon from one position or application to another, usually in the context of a window manager. The motion part of drag-and-drop.


Digital Signature Algorithm. A public key cipher used to generate digital signatures.


Digital Subscriber Line/Loop. Provides high-speed digital communication over a specialized, conditioned telephone line. See also xDSL (page 962).

Dynamic Host Configuration Protocol

See DHCP on page 930.


A utility, such as vim or emacs, that creates and modifies text files.


Electrically erasable, programmable, readonly memory. A PROM (page 948) that can be written to.

effective user ID

The user ID that a process appears to have; usually the same as the user ID. For example, while you are running a setuid program, the effective user ID of the process running the program is that of the owner of the program.


One thing; usually a basic part of a group of things. An element of a numeric array is one of the numbers stored in the array.


See smiley on page 954.


See tunneling on page 959.


See calling environment on page 925.


End of file.


Erasable, programmable, readonly memory. A PROM (page 948) that can be written to by applying a higher than normal voltage.


See quote on page 949.


A type of LAN (page 940) capable of transfer rates as high as 1,000 megabits per second.


An occurrence, or happening, of significance to a task or programfor example, the completion of an asynchronous input/output operation, such as a keypress or mouse click.FOLDOC


260 bytes or about 1018 bytes. See also large number (page 940).

exit status

The status returned by a process; either successful (usually 0) or unsuccessful (usually 1).


A security hole or an instance of taking advantage of a security hole.FOLDOC


See logical expression (page 941) and arithmetic expression (page 921).

extended attributes

Additional information associated with a file. Includes file attributes, ACLs (page 920), and the resource fork (page 951).


A network extension for a subset of users (such as students at a particular school or engineers working for the same company). An extranet limits access to private information even though it travels on the public Internet.

failsafe session

A session that allows you to log in on a minimal desktop in case your standard login does not work well enough to allow you to log in to fix a login problem.


Fiber Distributed Data Interface. A type of LAN (page 940) designed to transport data at the rate of 100 million bits per second over fiberoptic cable.


A collection of related information referred to with a filename and frequently stored on a disk. Text files typically contain memos, reports, messages, program source code, lists, or manuscripts. Binary or executable files contain utilities or programs that you can run. Refer to "Directory Files and Ordinary Files" on page 73.

file attributes

A file's type and creator codes, timestamps, and attribute flags (page 95). Part of the file's extended attributes.


The name of a file. A filename refers to a file.

filename completion

Automatic completion of a filename after you specify a unique prefix.

filename extension

The part of a filename following a period.

filename generation

What occurs when the shell expands ambiguous file references. See ambiguous file reference on page 920.


A data structure (page 929) that usually resides on part of a disk. Mac OS X systems have a root filesystem (startup volume), and many have other filesystems. Each filesystem is composed of some number of blocks, depending on the size of the disk partition that has been assigned to the filesystem. Different filesystems use different structures. Each UFS (page 959) filesystem has a control block, named the superblock, that contains information about the filesystem. The other blocks in a filesystem are inodes, which contain control information about individual files, and data blocks, which contain the information in the files. See also HFS+ (page 935).


A variant of maximizing in which window edges are pushed out as far as they can go without overlapping another window.


A command that can take its input from standard input and send its output to standard output. A filter transforms the input stream of data and sends it to standard output. A pipe usually connects a filter's input to standard output of one command, and a second pipe connects the filter's output to standard input of another command. The grep and sort utilities are commonly used as filters.


A device for policy-based traffic management used to keep a network secure. A firewall can be implemented in a single router that filters out unwanted packets, or it can rely on a combination of routers, proxy servers, and other devices. Firewalls are widely used to give users access to the Internet in a secure fashion and to separate a company's public WWW server from its internal network. They are also employed to keep internal network segments more secure.

Recently the term has come to be defined more loosely to include a simple packet filter running on an endpoint machine.

See also proxy server on page 949.


Software built into a computer, often in ROM (page 951). May be used as part of the bootstrap (page 923) procedure.

focus, desktop

On a desktop, the window that is active. The window with the desktop focus receives the characters you type on the keyboard. Same as active window (page 920).


The part of a format that goes at the bottom (or foot) of a page. Contrast with header (page 935).

foreground process

When you run a command in the foreground, the shell waits for the command to finish before giving you another prompt. You must wait for a foreground process to run to completion before you can give the shell another command. If you have job control, you can move background processes to the foreground, and vice versa. See job control on page 939. Contrast with background process (page 922).


1. To create a process. When one process creates another process, it is said to fork a process. Also spawn.

2. One of multiple components of a file sharing a single name, on the HFS+ filesystem (page 935). Specifically, a data fork (page 929) or a resource fork (page 951).


Fully qualified domain name. The full name of a system, consisting of its hostname and its domain name, including the top-level domain. Technically the name that gethostbyname(2) returns for the host named by gethostname(2). For example, speedy is a hostname and is an FQDN. An FQDN is sufficient to determine a unique Internet address for a machine on the Internet.FOLDOC


A data link layer packet that contains, in addition to data, the header and trailer information required by the physical medium. Network layer packets are encapsulated to become frames.FOLDOC See also datagram (page 929) and packet (page 946).

free list

In a filesystem, the list of blocks that are available for use. Information about the free list is kept in the superblock of a UFS (page 959) filesystem.

free space

The portion of a hard disk that is not within a partition. A new hard disk has no partitions and contains all free space.

full duplex

The ability to receive and transmit data simultaneously. A network switch (page 945) is typically a full-duplex device. Contrast with half-duplex (page 934).

fully qualified domain name



See shell function on page 953.


A generic term for a computer or a special device connected to more than one dissimilar type of network to pass data between them. Unlike a router, a gateway often must convert the information into a different format before passing it on. The historical usage of gateway to designate a router is deprecated.




General Electric Comprehensive Operating System. For historical reasons, the user information field in the passwd database is called the GECOS field. Also GCOS.


In the binary system, the prefix giga- multiplies by 230 (i.e., 1,073,741,824). Gigabit and gigabyte are common uses of this prefix. Abbreviated as G. See also large number on page 940.


A symbol that communicates a specific piece of information nonverbally. A smiley (page 954) is a glyph.


Greenwich Mean Time. See UTC on page 960.

graphical display

A bitmapped monitor that can display graphical images. Contrast with ASCII terminal (page 921).

graphical user interface

See GUI.

group (of users)

A collection of users. Groups are used as a basis for determining file access permissions. If you are not the owner of a file and you belong to the group the file is assigned to, you are subject to the group access permissions for the file. A user can simultaneously belong to several groups.

group (of windows)

A way to identify similar windows so they can be displayed and acted on similarly. Typically windows started by a given application belong to the same group.

group ID

A unique number that identifies a set of users. It is stored in the passwd and group databases. The group database associates group IDs with group names.


Graphical user interface. A GUI provides a way to interact with a computer system by choosing items from menus or manipulating pictures drawn on a display screen instead of by typing command lines. Under Mac OS X, the Aqua environment provides a graphical display and mouse/keyboard input. Contrast with character-based (page 925).


A person who enjoys exploring the details of programmable systems and learning how to stretch their capabilities, as opposed to users, who prefer to learn only the minimum necessary. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.FOLDOC Contrast with cracker (page 928).


A half-duplex device can only receive or transmit at a given moment; it cannot do both. A hub (page 936) is typically a half-duplex device. Contrast with full duplex (page 933).

hard link

A directory entry that contains the filename and inode number for a file. The inode number identifies the location of control information for the file on the disk, which in turn identifies the location of the file's contents on the disk. Every file has at least one hard link, which locates the file in a directory. When you remove the last hard link to a file, you can no longer access the file. See link (page 940) and symbolic link (page 957).


A string that is generated from another string. See one-way hash function on page 945. When used for security, a hash can prove, almost to a certainty, that a message has not been tampered with during transmission: The sender generates a hash of a message, encrypts the message and hash, and sends the encrypted message and hash to the recipient. The recipient decrypts the message and hash, generates a second hash from the message, and compares the hash that the sender generated to the new hash. When they are the same, the message has probably not been tampered with. A hash can also be used to create an index called a hash table. Also hash value.

hash table

An index created from hashes of the items to be indexed. The hash function makes it highly unlikely that two items will create the same hash. To look up an item in the index, create a hash of the item and search for the hash. Because the hash is typically shorter than the item, the search is more efficient.


When you are formatting a document, the header goes at the top, or head, of a page. In electronic mail the header identifies who sent the message, when it was sent, what the subject of the message is, and so forth.

Here document

A shell script that takes its input from the file that contains the script.


The nameserver of project Athena. Hesiod is a name service library that is derived from BIND (page 923) and leverages a DNS infrastructure.


Consisting of different parts. A heterogeneous network includes systems produced by different manufacturers and/or running different operating systems.

hexadecimal number

A base 16 number. Hexadecimal (or hex) numbers are composed of the hexadecimal digits 09 and AF. See Table G-1 (next page).


Hierarchical File System (new). HFS+ is the native OS X filesystem. Introduced in Mac OS 8.1, HFS+ is based on the older HFS.


HFS+ Extended. The case sensitive version of HFS+, used primarily on Mac OS X Server.

hidden file

See invisible file on page 938.


An organization with a few things, or thingone at the topand with several things below each other thing. An inverted tree structure. Examples in computing include a file tree where each directory may contain files or other directories, a hierarchical network, and a class hierarchy in object-oriented programming.FOLDOC Refer to "The Hierarchical Filesystem" on page 72.


A shell mechanism that enables you to modify and reexecute recent commands.

home directory

The directory that is your working directory when you first log in. The pathname of this directory is stored in the HOME shell variable.


To leave the mouse pointer stationary for a moment over an object. In many cases hovering displays a tooltip (page 958).

Table G-1. Decimal, octal, and hexadecimal numbers





































































































Hypertext Markup Language. A hypertext document format used on the World Wide Web. Tags, which are embedded in the text, consist of a less than sign (<), a directive, zero or more parameters, and a greater than sign (>). Matched pairs of directives, such as <TITLE> and </TITLE>, delimit text that is to appear in a special place or style.FOLDOC For more information on HTML, go to


Hypertext Transfer Protocol. The client/server TCP/IP protocol used on the World Wide Web for the exchange of HTML documents.


A multiport repeater. A hub rebroadcasts all packets it receives on all ports. This term is frequently used to refer to small hubs and switches, regardless of the device's intelligence. It is a generic term for a layer 2 shared-media networking device. Today the term hub is sometimes used to refer to small intelligent devices, although that was not its original meaning. Contrast with network switch (page 945).


A collection of documents/nodes containing (usually highlighted or underlined) cross-references or links, which, with the aid of an interactive browser program, allow the reader to move easily from one document to another.FOLDOC

Hypertext Markup Language


Hypertext Transfer Protocol


i/o device

Input/output device. See device on page 929.


Internet Assigned Numbers Authority. A group that maintains a database of all permanent, registered system services (


Internet Control Message Protocol. A type of network packet that carries only messages, no data.


In a GUI, a small picture representing a file, directory, action, program, and so on. When you click an icon, an action, such as opening a window and starting a program or displaying a directory or Web site, takes place. From miniature religious statues.FOLDOC


The process of changing a window into an icon. Contrast with restore (page 951).

ignored window

A state in which a window has no decoration and therefore no buttons or titlebar to control it with.


See indention.


The blank space between the margin and the beginning of a line that is set in from the margin.


A data structure (page 929) that contains information about a file. An inode for a file contains the file's length, the times the file was last accessed and modified, the time the inode was last modified, owner and group IDs, access privileges, number of links, and pointers to the data blocks that contain the file itself. Each directory entry associates a filename with an inode. Although a single file may have several filenames (one for each link), it has only one inode. Only some filesystems have inodes. HFS+ (page 935) filesystems, for example, do not have inodes while UFS (page 959) filesystems do.


Information that is fed to a program from a terminal or other file. See standard input on page 955.


A computer at a specific location. Some aspects of the Mac OS X system are installation dependent. Also site.


A program that allows ongoing dialog with the user. When you give commands in response to shell prompts, you are using the shell interactively. Also, when you give commands to utilities, such as vim and mail, you are using the utilities interactively.


The meeting point of two subsystems. When two programs work together, their interface includes every aspect of either program that the other deals with. The user interface (page 959) of a program includes every program aspect the user comes into contact with: the syntax and semantics involved in invoking the program, the input and output of the program, and its error and informational messages. The shell and each of the utilities and built-in commands have a user interface.

International Organization for Standardization

See ISO on page 939.


A large network that encompasses other, smaller networks.


The largest internet in the world. The Internet (uppercase "I") is a multilevel hierarchy composed of backbone networks (ARPANET, NSFNET, MILNET, and others), midlevel networks, and stub networks. These include commercial (.com or .co), university (.ac or .edu), research (.org or .net), and military (.mil) networks and span many different physical networks around the world with various protocols, including the Internet Protocol (IP). Outside the United States, country code domains are popular (.us, .es, .mx, .de, and so forth), although you will see them used within the United States as well.

Internet Protocol

See IP.

Internet Service Provider

See ISP on page 939.


An inhouse network designed to serve a group of people such as a corporation or school. The general public on the Internet does not have access to the intranet.

invisible file

A file whose filename starts with a period. These files are called invisible because the ls utility does not normally list them. Use the a option of ls to list all files, including invisible ones. The shell does not expand a leading asterisk (*) in an ambiguous file reference to match the filename of an invisible file. Also hidden file.

Under OS X, also used to refer to a file with the invisible file attributes (page 932).


Internet Protocol. The network layer for TCP/IP. IP is a best-effort, packet-switching, connectionless protocol (page 927) that provides packet routing, fragmentation, and reassembly through the data link layer. IPv4 is slowly giving way to IPv6.FOLDOC

IP address

Internet Protocol address. A four-part address associated with a particular network connection for a system using the Internet Protocol (IP). A system that is attached to multiple networks that use the IP will have a different IP address for each network interface.

IP multicast

See multicast on page 943.

IP spoofing

A technique used to gain unauthorized access to a computer. The would-be intruder sends messages to the target machine. These messages contain an IP address indicating that the messages are coming from a trusted host. The target machine responds to the messages, giving the intruder (privileged) access to the target.


Interprocess communication. A method to communicate specific information between programs.


IP version 4. See IP and IPv6.


IP version 6. The next generation of Internet Protocol, which provides a much larger address space (2128 bits versus 232 bits for IPv4) that is designed to accommodate the rapidly growing number of Internet addressable devices. IPv6 also has built-in autoconfiguration, enhanced security, better multicast support, and many other features.


Integrated Services Digital Network. A set of communications standards that allows a single pair of digital or standard telephone wires to carry voice, data, and video at a rate of 64 kilobits per second.


International Organization for Standardization. A voluntary, nontreaty organization founded in 1946. It is responsible for creating international standards in many areas, including computers and communications. Its members are the national standards organizations of 89 countries, including the American National Standards Institute.FOLDOC


The ISO standard defining a filesystem for CD-ROMs.


Internet service provider. Provides Internet access to its customers.

job control

A facility that enables you to move commands from the foreground to the background and vice versa. Job control enables you to stop commands temporarily.

journaling filesystem

A filesystem that maintains a noncached log file, or journal, which records all transactions involving the filesystem. When a transaction is complete, it is marked as complete in the log file.

The log file results in greatly reduced time spent recovering a filesystem after a crash, making it particularly valuable in systems where high availability is an issue.


Joint Photographic Experts Group. This committee designed the standard algorithm for compressing images. JPEG is intended for compressing either full-color or gray-scale digital images of natural, real-world scenes and does not work as well on nonrealistic images, such as cartoons or line drawings. Filename extensions: .jpg, .jpeg.FOLDOC


To expand a line of type in the process of formatting text. A justified line has even margins. A line is justified by increasing the space between words and sometimes between letters on the line.


An MIT-developed security system that authenticates users and machines. It does not provide authorization to services or databases; it establishes identity at logon, which is used throughout the session. Once you are authenticated, you can open as many terminals, windows, services, or other network accesses as you like until your session expires.


The part of the operating system that allocates machine resources, including memory, disk space, and CPU (page 928) cycles, to all other programs that run on a computer. The kernel includes the low-level hardware interfaces (drivers) and manages processes (page 948), the means by which Mac OS X executes programs.


The part of memory (RAM) where the kernel resides. Code running in kernelspace has full access to hardware and all other processes in memory. See the KernelAnalysis-HOWTO.

key binding

A keyboard key is said to be bound to the action that results from pressing it. Typically keys are bound to the letters that appear on the keycaps: When you press A, an A appears on the screen. Key binding usually refers to what happens when you press a combination of keys, one of which is CONTROL, ALT, META, OPTION, or SHIFT, or when you press a series of keys, the first of which is typically ESCAPE.


A hardware input device consisting of a number of mechanical buttons (keys) that the user presses to input characters to a computer. By default a keyboard is connected to standard input of a shell.FOLDOC


In the binary system, the prefix kilo- multiplies by 210 (i.e., 1,024). Kilobit and kilobyte are common uses of this prefix. Abbreviated as k.

Korn Shell

ksh. A command processor, developed by David Korn at AT&T Bell Laboratories, that is compatible with the Bourne Shell but includes many extensions. See also shell on (page 953)


Local area network. A network that connects computers within a localized area (such as a single site, building, or department).

large number

Go to for a comprehensive list.


Lightweight Directory Access Protocol. A simple protocol for accessing online directory services. Traditionally LDAP has been used to access information such as email directories; in some cases, it can be used as an alternative for services such as NIS. Given a name, many mail clients can use LDAP to discover the corresponding email address. See directory service on page 930.


In a tree structure, the end of a branch that cannot support other branches. When the Mac OS X filesystem hierarchy is conceptualized as a tree, files that are not directories are leaves. See node on page 945.

least privilege, concept of

Mistakes that Superuser makes can be much more devastating than those made by an ordinary user. When you are working on the computer, especially when you are working as the system administrator, always perform any task using the least privilege possible. If you can perform a task logged in as an ordinary user, do so. If you must be logged in as Superuser, do as much as you can as an ordinary user, log in as or give an su or sudo command so that you are working as Superuser, do as much of the task that has to be done as Superuser, and revert to being an ordinary user as soon as you can.

Because you are more likely to make a mistake when you are rushing, this concept becomes more important when you have less time to apply it.

Lightweight Directory Access Protocol



A pointer to a file. Two kinds of links exist: hard links and symbolic (soft) links. A hard link associates a filename with a place on the disk where the contents of the file is located. A symbolic link associates a filename with the pathname of a hard link to a file. See hard link (page 934) and symbolic link (page 957). Sometimes called an alias by Macintosh users and documentation.


See PAM on page 946.

Linux-Pluggable Authentication Modules

See PAM on page 946.

loadable kernel module

See loadable module.

loadable module

A portion of the operating system that controls a special device and that can be loaded automatically into a running kernel as needed to access that device.

local area network

See LAN on page 940.


The language; date, time, and currency formats; character sets; and so forth that pertain to a geopolitical place or area. For example, en_US specifies English as spoken in the United States and dollars; en_UK specifies English as spoken in the United Kingdom and pounds. See the locale man page for more information.

log in

To gain access to a computer system by responding correctly to the login: and Password: prompts. Also log on, login.

log out

To end your session by exiting from your login shell. Also log off.

logical expression

A collection of strings separated by logical operators (>,>=,=,!=,<=, and <) that can be evaluated as true or false. Also Boolean expression.

.login file

A file in a user's home directory that the TC Shell executes when you log in. You can use this file to set environment variables and to run commands that you want executed at the beginning of each session.

login name

See username on page 960.

login shell

The shell that you are using when you log in. The login shell can fork other processes that can run other shells, utilities, and programs.

.logout file

A file in a user's home directory that the TC Shell executes when you log out, assuming that the TC Shell is your login shell. You can put in the .logout file commands that you want run each time you log out.

MAC address

Media Access Control address. The unique hardware address of a device connected to a shared network medium. Each Ethernet adapter has a globally unique MAC address in ROM. MAC addresses are 6 bytes long, enabling 2566 (about 300 trillion) possible addresses or 65,536 addresses for each possible IPv4 address.

A MAC address performs the same role for Ethernet that an IP address performs for TCP/IP: It provides a unique way to identify a host.

machine collating sequence

The sequence in which the computer orders characters. The machine collating sequence affects the outcome of sorts and other procedures that put lists in alphabetical order. Many computers use ASCII codes so their machine collating sequences correspond to the ordering of the ASCII codes for characters.


A single instruction that a program replaces by several (usually more complex) instructions. The C compiler recognizes macros, which are defined using a #define instruction to the preprocessor.

magic number

A magic number, which occurs in the first 512 bytes of a binary file, is a 1-, 2-, or 4-byte numeric value or character string that uniquely identifies the type of file (much like a DOS 3-character filename extension). See /usr/share/file/magic and the magic man page (5) for more information.

main memory

Random access memory (RAM), an integral part of the computer. Although disk storage is sometimes referred to as memory, it is never referred to as main memory.

major device number

A number assigned to a class of devices, such as terminals, printers, or disk drives. Using the ls utility with the l option to list the contents of the /dev directory displays the major and minor device numbers of many devices (as major, minor).


Metropolitan area network. A network that connects computers and LANs (page 940) at multiple sites in a small regional area, such as a city.


To appear to come from one domain or IP address when actually coming from another. Said of a packet or message (sendmail). See also NAT on page 944.


Message Digest 5. A one-way hash function (page 945).


Mail delivery agent. One of the three components of a mail system; the other two are the MTA and MUA. An MDA accepts inbound mail from an MTA and delivers it to a local user.


In the binary system, the prefix mega- multiplies by 220 (i.e., 1,048,576). Megabit and megabyte are common uses of this prefix. Abbreviated as M.


A list from which the user may select an operation to be performed. This selection is often made with a mouse or other pointing device under a GUI but may also be controlled from the keyboard. Very convenient for beginners, menus show which commands are available and facilitate experimenting with a new program, often reducing the need for user documentation. Experienced users usually prefer keyboard commands, especially for frequently used operations, because they are faster to use.FOLDOC


To combine two ordered lists so that the resulting list is still in order. The sort utility can merge files.

META key

On the keyboard, a key that is labeled META or ALT. Use this key as you would the SHIFT key. While holding it down, press another key. The emacs editor makes extensive use of the META key. On the Mac, often labeled OPTION. For more information see the "Activating the META key" tip on page 31.


A character that has a special meaning to the shell or another program in a particular context. Metacharacters are used in the ambiguous file references recognized by the shell and in the regular expressions recognized by several utilities. You must quote a metacharacter if you want to use it without invoking its special meaning. See regular character (page 950) and special character (page 954).


Data about data. In data processing, metadata is definitional data that provides information about, or documentation of, other data managed within an application or environment.

For example, metadata can document data about data elements or attributes (name, size, data type, and so on), records or data structures (page 929) (length, fields, columns, and so on), and data itself (where it is located, how it is associated, who owns it, and so on). Metadata can include descriptive information about the context, quality and condition, or characteristics of the data.FOLDOC

Examples of metadata on Mac OS X systems include file attributes (page 932), ACLs (page 920), and traditional UNIX access permissions (page 87).

metropolitan area network

See MAN.


Multipurpose Internet Mail Extension. Originally used to describe how specific types of files that were attached to email were to be handled. Today MIME types describe how a file is to be opened or worked with, based on its filename extension.


See iconify on page 937.

minor device number

A number assigned to a specific device within a class of devices. See major device number on page 942.


Modulator/demodulator. A peripheral device that modulates digital data into analog data for transmission over a voice-grade telephone line. Another modem demodulates the data at the other end.


See loadable module on page 940.


To make a filesystem accessible to system users. When a filesystem is not mounted, you cannot read from or write to files it contains.

mount point

A directory that you mount a local or remote filesystem on.


A device you use to point to a particular location on a display screen, typically so you can choose a menu item, draw a line, or highlight some text. You control a pointer on the screen by sliding a mouse around on a flat surface; the position of the pointer moves relative to the movement of the mouse. You select items by pressing one or more buttons on the mouse.

mouse pointer

In a GUI, a marker that moves in correspondence with the mouse. It is usually a small arrow. Differs from the cursor (page 928).


The action of passing the mouse pointer over an icon or other object on the screen.


Mail transfer agent. One of the three components of a mail system; the other two are the MDA and MUA. An MTA accepts mail from users and MTAs.


Mail user agent. One of the three components of a mail system; the other two are the MDA and MTA. An MUA is an end-user mail program such as Kmail, mutt, or Outlook.

multiboot specification

Specifies an interface between a boot loader and an operating system. With compliant boot loaders and operating systems, any boot loader should be able to load any operating system. The object of this specification is to ensure that different operating systems will work on a single machine. For more information, go to


A multicast packet has one source and multiple destinations. In multicast, source hosts register at a special address to transmit data. Destination hosts register at the same address to receive data. In contrast to broadcast (page 924), which is LAN-based, multicast traffic is designed to work across routed networks on a subscription basis. Multicast reduces network traffic by transmitting a packet one time, with the router at the end of the path breaking it apart as needed for multiple recipients.


A computer system that allows a user to run more than one job at a time. A multitasking system, such as Mac OS X, allows you to run a job in the background while running a job in the foreground.

multiuser system

A computer system that can be used by more than one person at a time. Mac OS X is a multiuser operating system. Contrast with single-user system (page 953).


Network Address Translation. A scheme that enables a LAN to use one set of IP addresses internally and a different set externally. The internal set is for LAN (private) use. The external set is typically used on the Internet and is Internet unique. NAT provides some privacy by hiding internal IP addresses and allows multiple internal addresses to connect to the Internet through a single external IP address. See also masquerade on page 942.


NetBIOS over TCP/IP. A protocol that supports NetBIOS services in a TCP/IP environment. Also NetBT.


Network Basic Input/Output System. An API (page 921) for writing network-aware applications.


To boot a computer over the network (as opposed to booting from a local disk).


The conventions of etiquettethat is, polite behaviorrecognized on Usenet and in mailing lists, such as not (cross-)posting to inappropriate groups and refraining from commercial advertising outside the business groups.

The most important rule of netiquette is "Think before you post." If what you intend to post will not make a positive contribution to the newsgroup and be of interest to several readers, do not post it. Personal messages to one or two individuals should not be posted to newsgroups; use private email instead.FOLDOC


A 32-bit mask (for IPv4), that shows how an Internet address is to be divided into network, subnet, and host parts. The netmask has ones in the bit positions in the 32-bit address that are to be used for the network and subnet parts and zeros for the host part. The mask should contain at least the standard network portion (as determined by the address class). The subnet field should be contiguous with the network portion.FOLDOC

network address

The network portion (netid) of an IP address. For a class A network, it is the first byte, or segment, of the IP address; for a class B network, it is the first two bytes; and for a class C network, it is the first three bytes. In each case the balance of the IP address is the host address (hostid). Assigned network addresses are globally unique within the Internet. Also network number.

Network Filesystem

See NFS on page 945.

Network Information Service

See NIS.

network number

See network address.

network segment

A part of an Ethernet or other network on which all message traffic is common to all nodes; that is, it is broadcast from one node on the segment and received by all others. This commonality normally occurs because the segment is a single continuous conductor. Communication between nodes on different segments is via one or more routers.FOLDOC

network switch

A connecting device in networks. Switches are increasingly replacing shared media hubs in an effort to increase bandwidth. For example, a 16-port 10BaseT hub shares the total 10 megabits per second bandwidth with all 16 attached nodes. By replacing the hub with a switch, both sender and receiver can take advantage of the full 10 megabits per second capacity. Each port on the switch can give full bandwidth to a single server or client station or to a hub with several stations. Network switch refers to a device with intelligence. Contrast with hub (page 936).

Network Time Protocol

See NTP.


Network Filesystem. A remote filesystem designed by Sun Microsystems, available on computers from most UNIX system vendors.


Network interface card (or controller). An adapter circuit board installed in a computer to provide a physical connection to a network.FOLDOC


Network Information Service. A distributed service built on a shared database to manage system-independent information (such as login names and passwords).

NIS domain name

A name that describes a group of systems that share a set of NIS files. Different from domain name (page 930).


Network News Transfer Protocol.


In a tree structure, the end of a branch that can support other branches. When the Mac OS X filesystem hierarchy is conceptualized as a tree, directories are nodes. See leaf on page 940.

nonprinting character

See control character on page 927. Also nonprintable character.

nonvolatile storage

A storage device whose contents are preserved when its power is off. Also NVS and persistent storage. Some examples are CD-ROM, paper punch tape, hard disk, ROM (page 951), PROM (page 948), EPROM (page 931), and EEPROM (page 931). Contrast with RAM (page 950).


Network Time Protocol. Built on top of TCP/IP, NTP maintains accurate local time by referring to known accurate clocks on the Internet.

null string

A string that could contain characters but does not. A string of zero length.

octal number

A base 8 number. Octal numbers are composed of the digits 07, inclusive. Refer to Table G-1 on page 936.

one-way hash function

A one-way function that takes a variable-length message and produces a fixed-length hash. Given the hash, it is computationally infeasible to find a message with that hash; in fact, you cannot determine any usable information about a message with that hash. Also message digest function. See also hash (page 935).

Open Firmware

A standardized boot firmware (page 933) used on Macintosh and Sun computers. Open Firmware handles device access and is the primary boot loader (page 923) for Mac OS X. Open Firmware is believed to be the only IEEE standard ever to have its own song.


A free version of the SSH (secure shell) protocol suite that replaces TELNET, rlogin, and more with secure programs that encrypt all communicationeven passwordsover a network.

operating system

A control program for a computer that allocates computer resources, schedules tasks, and provides the user with a way to access resources.


A command line argument that modifies the effects of a command. Options are usually preceded by hyphens on the command line and traditionally have single-character names (such as h or n). Some commands allow you to group options following a single hyphen (for example, -hn). GNU utilities frequently have two arguments that do the same thing: a single-character argument and a longer, more descriptive argument that is preceded by two hyphens (such as --show-all and --invert-match).

ordinary file

A file that is used to store a program, text, or other user data. See directory (page 930) and device file (page 930).


Information that a program sends to the terminal or another file. See standard output on page 955.


Peer-to-Peer. A network that does not divide nodes into clients and servers. Each computer on a P2P network can fulfill the roles of client and server. In the context of a file-sharing network, this ability means that once a node has downloaded (part of) a file, it can act as a server. BitTorrent implements a P2P network.


A unit of data sent across a network. Packet is a generic term used to describe a unit of data at any layer of the OSI protocol stack, but it is most correctly used to describe network or application layer data units ("application protocol data unit," APDU).FOLDOC See also frame (page 933) and datagram (page 929).

packet filtering

A technique used to block network traffic based on specified criteria, such as the origin, destination, or type of each packet. See also firewall (page 933).

packet sniffer

A program or device that monitors packets on a network. See sniff on page 954.


A utility that allows you to view a file one screen at a time (for example, less and more).


The process by which virtual memory is maintained by the operating system. The contents of process memory is moved (paged out) to the swap space (page 956) as needed to make room for other processes.


Linux-PAM or Linux-Pluggable Authentication Modules. These modules allow a system administrator to determine how various applications authenticate users. PAM did not originate on Linux, but Mac OS X uses the version developed for Linux.

parent process

A process that forks other processes. See process (page 948) and child process (page 926).


A section of a (hard) disk that has a name so you can address it separately from other sections. A disk partition can hold a filesystem or another structure, such as the swap area. Under DOS and Windows, partitions (and sometimes whole disks) are labeled C:, D:, and so on. Also disk partition and slice.

passive FTP

Allows FTP to work through a firewall by allowing the flow of data to be initiated and controlled by the client FTP program instead of the server. Also called PASV FTP because it uses the FTP PASV command.


A string of words and characters that you type in to authenticate yourself. A passphrase differs from a password only in length. A password is usually short6 to 10 characters. A passphrase is usually much longerup to 100 characters or more. The greater length makes a passphrase harder to guess or reproduce than a password and therefore more secure.FOLDOC


To prevent unauthorized access to a user's account, an arbitrary string of characters chosen by the user or system administrator and used to authenticate the user when attempting to log in.FOLDOC See also passphrase.


See passive FTP on page 946.


A list of directories separated by slashes (/) and ending with the name of a file, which can be a directory. A pathname is used to trace a path through the file structure to locate or identify a file.

pathname, last element of a

The part of a pathname following the final /, or the whole filename if there is no /. A simple filename. Also basename.

pathname element

One of the filenames that forms a pathname.

peripheral device

See device on page 929.


Data that is stored on nonvolatile media, such as a hard disk.


An attempt to trick users into revealing or sharing private information, especially passwords or financial information. The most common form is email purporting to be from a bank or vendor that requests that a user fill out a form to "update" an account. Generally sent as spam (page 954).

physical device

A tangible device, such as a disk drive, that is physically separate from other, similar devices.


Process identification, usually followed by the word number. Mac OS X assigns a unique PID number as each process is initiated.


A connection between programs such that standard output of one program is connected to standard input of the next. Also pipeline.


The smallest element of a picture, typically a single dot on a display screen.


Text that is not encrypted. Also cleartext. Contrast with ciphertext (page 926).

Pluggable Authentication Modules

See PAM on page 946.

point-to-point link

A connection limited to two endpoints, such as the connection between a pair of modems.


A logical channel or channel endpoint in a communications system. The TCP (page 957) and UDP (page 959) transport layer protocols used on Ethernet use port numbers to distinguish between different logical channels on the same network interface on the same computer.

The /etc/services file (see the beginning of this file for more information) or the services database specifies a unique port number for each application program. The number links incoming data to the correct service (program). Standard, well-known ports are used by everyone: Port 80 is used for HTTP (Web) traffic. Some protocols, such as TELNET and HTTP (which is a special form of TELNET), have default ports specified as mentioned earlier but can use other ports as well.FOLDOC

port forwarding

The process by which a network port on one computer is transparently connected to a port on another computer. If port X is forwarded from system A to system B, any data sent to port X on system A is sent to system B automatically. The connection can be between different ports on the two systems.


A server that converts TCP/IP port numbers into RPC (page 952) program numbers.

printable character

One of the graphic characters: a letter, number, or punctuation mark. Contrast with a nonprintable, or CONTROL, character. Also printing character.

private address space

IANA (page 937) has reserved three blocks of IP addresses for private internets or LANs: - - -

You can use these addresses without coordinating with anyone outside of your LAN (you do not have to register the system name or address). Systems using these IP addresses cannot communicate directly with hosts using the global address space but must go through a gateway. Because private addresses have no global meaning, routing information is not stored by DNSs and most ISPs reject privately addressed packets. Make sure that your router is set up not to forward these packets onto the Internet.

privileged port

A port (page 947) with a number less than 1,024. On Mac OS X and other UNIX-like systems, only root can bind to a privileged port. Any user on Windows 98 and earlier Windows systems can bind to any port. Also reserved port.


A sequence of instructions for performing a particular task. Most programming languages, including machine languages, enable a programmer to define procedures that allow the procedure code to be called from multiple places. Also subroutine.FOLDOC


The execution of a command by Mac OS X. See "Processes" on page 293.

.profile file

A startup file in a user's home directory that the Bourne Again Shell executes when you log in. The TC Shell executes .login instead. You can use the .profile file to run commands, set variables, and define functions.


A sequence of executable computer instructions contained in a file. Mac OS X utilities, applications, and shell scripts are all programs. Whenever you run a command that is not built into a shell, you are executing a program.


Programmable readonly memory. A kind of nonvolatile storage. ROM (page 951) that can be written to using a PROM programmer.


A cue from a program, usually displayed on the screen, indicating that it is waiting for input. The shell displays a prompt, as do some of the interactive utilities, such as mail. By default the Bourne Again and Z Shells use a dollar sign ($) as a prompt, and the TC Shell uses a percent sign (%).


A set of formal rules describing how to transmit data, especially across a network. Low-level protocols define the electrical and physical standards, bit and byte ordering, and transmission, error detection, and correction of the bit stream. High-level protocols deal with data formatting, including message syntax, terminal-to-computer dialog, character sets, and sequencing of messages.FOLDOC


A service that is authorized to act for a system while not being part of that system. See also proxy gateway and proxy server.

proxy gateway

A computer that separates clients (such as browsers) from the Internet, working as a trusted agent that accesses the Internet on their behalf. A proxy gateway passes a request for data from an Internet service, such as HTTP from a browser/client, to a remote server. The data that the server returns goes back through the proxy gateway to the requesting service. A proxy gateway should be transparent to the user.

A proxy gateway often runs on a firewall (page 933) system and acts as a barrier to malicious users. It hides the IP addresses of the local computers inside the firewall from Internet users outside the firewall.

You can configure browsers, such as Mozilla and Netscape, to use a different proxy gateway or to use no proxy for each URL access method including FTP, netnews, SNMP, HTTPS, and HTTP. See also proxy.

proxy server

A proxy gateway that usually includes a cache (page 925) that holds frequently used Web pages so that the next request for that page is available locally (and therefore more quickly). The terms proxy server and proxy gateway are frequently interchanged so that the use of cache does not rest exclusively with the proxy server. See also proxy.


A simple, high-level, interpreted, object-oriented, interactive language that bridges the gap between C and shell programming. Suitable for rapid prototyping or as an extension language for C applications, Python supports packages, modules, classes, user-defined exceptions, a good C interface, and dynamic loading of C modules. It has no arbitrary restrictions. For more information, see www.python.orgFOLDOC


When you quote a character, you take away any special meaning that it has in the current context. You can quote a character by preceding it with a backslash. When you are interacting with the shell, you can also quote a character by surrounding it with single quotation marks. For example, the command echo \* or echo '*' displays *. The command echo * displays a list of the files in the working directory. See ambiguous file reference (page 920), metacharacter (page 942), regular character (page 950), regular expression (page 950), and special character (page 954). See also escape on page 931.

radio button

One of a group of buttons similar to those used to select the station on a radio. Only one button can be selected at a time.


Redundant array of inexpensive/independent disks. Two or more (hard) disk drives used in combination to improve fault tolerance and performance. RAID can be implemented in hardware or software.


Random access memory. A kind of volatile storage. A data storage device for which the order of access to different locations does not affect the speed of access. Contrast with a hard disk or tape drive, which provides quicker access to sequential data because accessing a nonsequential location requires physical movement of the storage medium and/or read/write head rather than just electronic switching. Contrast with nonvolatile storage (page 945).FOLDOC

RAM disk

RAM that is made to look like a floppy diskette or hard disk. A RAM disk is frequently used as part of the boot (page 923) process.


Remote access server. In a network, a computer that provides access to remote users via analog modem or ISDN connections. RAS includes the dial-up protocols and access control (authentication). It may be a regular fileserver with remote access software or a proprietary system, such as Shiva's LANRover. The modems may be internal or external to the device.


Resource Description Framework. Being developed by W3C (the main standards body for the World Wide Web), a standard that specifies a mechanism for encoding and transferring metadata (page 942). RDF does not specify what the metadata should or can be. It can integrate many kinds of applications and data, using XML as an interchange syntax. Examples of the data that can be integrated include library catalogs and worldwide directories; syndication and aggregation of news, software, and content; and collections of music and photographs. Go to for more information.


The process of directing standard input for a program to come from a file rather than from the keyboard. Also, directing standard output or standard error to go to a file rather than to the screen.


Code that can have multiple simultaneous, interleaved, or nested invocations that do not interfere with one another. Noninterference is important for parallel processing, recursive programming, and interrupt handling.

It is usually easy to arrange for multiple invocations (that is, calls to a subroutine) to share one copy of the code and any readonly data. For the code to be reentrant, however, each invocation must use its own copy of any modifiable data (or synchronized access to shared data). This goal is most often achieved by using a stack and allocating local variables in a new stack frame for each invocation. Alternatively, the caller may pass in a pointer to a block of memory that that invocation can use (usually for output), or the code may allocate some memory on a heap, especially if the data must survive after the routine returns.

Reentrant code is often found in system software, such as operating systems and teleprocessing monitors. It is also a crucial component of multithreaded programs, where the term thread-safe is often used instead of reentrant.FOLDOC

regular character

A character that always represents itself in an ambiguous file reference or another type of regular expression. Contrast with special character.

regular expression

A stringcomposed of letters, numbers, and special symbolsthat defines one or more strings. See Appendix A.

relative pathname

A pathname that starts from the working directory. Contrast with absolute pathname (page 920).

remote access server

See RAS on page 950.

remote filesystem

A filesystem on a remote computer that has been set up so that you can access (usually over a network) its files as though they were stored on your local computer's disks. An example of a remote filesystem is NFS.

remote procedure call

See RPC on page 952


The TCP/IP library software that formats requests to be sent to the DNS (page 930) for hostname-to-Internet address conversion.FOLDOC

Resource Description Framework

See RDF on page 950.

resource fork

A fork (page 933) of a file on an HFS+ filesystem (page 935). The resource fork is a database that allows random access to resources. Contrast with data fork (page 929).


The process of turning an icon into a window. Contrast with iconify (page 937)

return code

See exit status on page 932.


Request for comments. Begun in 1969, one of a series of numbered Internet informational documents and standards widely followed by commercial software and freeware in the Internet and UNIX/Linux communities. Few RFCs are standards but all Internet standards are recorded in RFCs. Perhaps the single most influential RFC has been RFC 822, the Internet electronic mail format standard.

The RFCs are unusual in that they are floated by technical experts acting on their own initiative and reviewed by the Internet at large rather than being formally promulgated through an institution such as ANSI. For this reason they remain known as RFCs, even after they are adopted as standards. The RFC tradition of pragmatic, experience-driven, after-the-fact standard writing done by individuals or small working groups has important advantages over the more formal, committee-driven process typical of ANSI or ISO. For a complete list of RFCs, go to


To move a computer between wireless access points (page 961) on a wireless network without the user or applications being aware of the transition. Moving between access points typically results in some packet loss, although this loss is transparent to programs that use TCP.


Readonly memory. A kind of nonvolatile storage. A data storage device that is manufactured with fixed contents. In general, ROM describes any storage system whose contents cannot be altered, such as a phonograph record or printed book. When used in reference to electronics and computers, ROM describes semiconductor integrated circuit memories, of which several types exist, and CD-ROM.

ROM is nonvolatile storageit retains its contents even after power has been removed. ROM is often used to hold programs for embedded systems, as these usually have a fixed purpose. ROM is also used for storage of the BIOS (page 923) in a computer. Contrast with RAM (page 950).FOLDOC

root directory

The ancestor of all directories and the start of all absolute pathnames. The name of the root directory is /.

root filesystem

The filesystem that is available when the system is brought up in single-user mode. The name of this filesystem is always /. You cannot unmount or mount the root filesystem. You can remount root to change its mount options. Also the startup disk (page 955) or startup volume.

root login

Usually the login name of Superuser (page 956).

root (user)

Another name for Superuser (page 956).


When a file, such as a log file, gets indefinitely larger, you must keep it from taking up too much space on the disk. Because you may need to refer to the information in the log files in the near future, it is generally not a good idea to delete the contents of the file until it has aged. Instead you can periodically save the current log file under a new name and create a new, empty file as the current log file. You can keep a series of these files, renaming each as a new one is saved. You will then rotate the files. For example, you might remove xyzlog.4, xyzlog.3 xyzlog.4, xyzlog.2 xyzlog.3, xyzlog.1 xyzlog.2, xyzlog xyzlog.1, and create a new xyzlog.4, it will not contain any information more recent than you want to remove.


A device (often a computer) that is connected to more than one similar type of network to pass data between them. See gateway on page 934.


Remote procedure call. A call to a procedure (page 948) that acts transparently across a network. The procedure itself is responsible for accessing and using the network. The RPC libraries make sure that network access is transparent to the application. RPC runs on top of TCP/IP or UDP/IP.


A public key encryption technology that is based on the lack of an efficient way to factor very large numbers. Because of this lack, it takes an extraordinary amount of computer processing time and power to deduce an RSA key. The RSA algorithm is the de facto standard for data sent over the Internet.


To execute a program.


A free suite of programs that implement the Server Message Block (SMB) protocol. See SMB (page 953).


Within a GUI, a pattern that helps you see and interpret the information that is presented in a window, making it easier to understand new information that is presented using the same schema.


To move lines on a terminal or window up and down or left and right.


A widget found in graphical user interfaces that controls (scrolls) which part of a document is visible in the window. A window can have a horizontal scroll bar, a vertical scroll bar (more common), or both.FOLDOC


A powerful centralized computer (or program) designed to provide information to clients (smaller computers or programs) on request.


The lifetime of a process. For a desktop, it is the desktop session manager. For a character-based terminal, it is the user's login shell process. A session may also be the sequence of events between when you start using a program, such as an editor, and when you finish.


When you execute a file that has setgid (set group ID) permission, the process executing the file takes on the privileges of the group the file belongs to. The ls utility shows setgid permission as an s in the group's executable position. See also setuid.


When you execute a file that has setuid (set user ID) permission, the process executing the file takes on the privileges of the owner of the file. As an example, if you run a setuid program that removes all the files in a directory, you can remove files in any of the file owner's directories, even if you do not normally have permission to do so. When the program is owned by root, you can remove files in any directory that root can remove files from. The ls utility shows setuid permission as an s in the owner's executable position. See also setgid.


In the British system, 1036. In the American system, this number is named undecillion. See also large number (page 940).


A directory and the filesystem hierarchy below it that are shared with another system using SMB. Also Windows share (page 961).

shared network topology

A network, such as Ethernet, in which each packet may be seen by systems other than its destination system. Shared means that the network bandwidth is shared by all users.


A Mac OS X system command processor. The three major shells are the Bourne Again Shell (page 924), the TC Shell (page 957), and the Z Shell (page 962).

shell function

A series of commands that the shell stores for execution at a later time. Shell functions are like shell scripts but run more quickly because they are stored in the computer's main memory rather than in files. Also, a shell function is run in the environment of the shell that calls it (unlike a shell script, which is typically run in a subshell).

shell script

An ASCII file containing shell commands. Also shell program.


A very brief message that the UNIX system can send to a process, apart from the process's standard input. Refer to "trap: Catches a Signal" on page 577.

simple filename

A single filename containing no slashes (/). A simple filename is the simplest form of pathname. Also the last element of a pathname. Also basename (page 922).

single-user system

A computer system that only one person can use at a time. Contrast with multiuser system (page 944).


Server Message Block. Developed in the early 1980s by Intel, Microsoft, and IBM, SMB is a client/server protocol that is the native method of file and printer sharing for Windows. In addition, SMB can share serial ports and communications abstractions, such as named pipes and mail slots. SMB is similar to a remote procedure call (RPC, page 952) that has been customized for filesystem access. Also Microsoft Networking.FOLDOC


A character-based glyph (page 934), typically used in email, that conveys an emotion. The characters :-) in a message portray a smiley face (look at it sideways). Because it can be difficult to tell when the writer of an electronic message is saying something in jest or in seriousness, email users often use :-) to indicate humor. The two original smileys, designed by Scott Fahlman, were :-) and :-(. Also emoticon, smileys, and smilies. For more information search on smiley on the Internet.


See smiley.


Simple Mail Transfer Protocol. A protocol used to transfer electronic mail between computers. It is a server-to-server protocol, so other protocols are used to access the messages. The SMTP dialog usually happens in the background under the control of a message transport system such as sendmail.FOLDOC

snap (windows)

As you drag a window toward another window or edge of the workspace, it can move suddenly so that it is adjacent to the other window/edge. Thus the window snaps into position.


Using hand-carried magnetic media to transfer files between machines.


To monitor packets on a network. A system administrator can legitimately sniff packets and a malicious user can sniff packets to obtain information such as usernames and passwords. See also packet sniffer (page 946).


A networking proxy protocol embodied in a SOCKS server, which performs the same functions as a proxy gateway (page 949) or proxy server (page 949). SOCKS works at the application level, requiring that an application be modified to work with the SOCKS protocol, whereas a proxy (page 949) makes no demands on the application.

SOCKSv4 does not support authentication or UDP proxy. SOCKSv5 supports a variety of authentication methods and UDP proxy.


To put in a specified order, usually alphabetic or numeric.

SPACE character

A character that appears as the absence of a visible character. Even though you cannot see it, a SPACE is a printable character. It is represented by the ASCII code 32 (decimal). A SPACE character is considered a blank or whitespace (page 961).


Posting irrelevant or inappropriate messages to one or more Usenet newsgroups or mailing lists in deliberate or accidental violation of netiquette (page 944). Also, sending large amounts of unsolicited email indiscriminately. This email usually promotes a product or service. Another common purpose of spam is to phish (page 947). Spam is the electronic equivalent of junk mail. From the Monty Python "Spam" song.FOLDOC

sparse file

A file that is large but takes up little disk space. The data in a sparse file is not dense (thus its name). Examples of sparse files are core files and dbm files.


See fork on page 933.

special character

A character that has a special meaning when it occurs in an ambiguous file reference or another type of regular expression, unless it is quoted. The special characters most commonly used with the shell are * and ?. Also metacharacter (page 942) and wildcard.

special file

See device file on page 930.


In a GUI, a type of text box (page 957) that holds a number you can change by typing over it or using the up and down arrows at the end of the box.


See IP spoofing on page 938.


To place items in a queue, each waiting its turn for some action. Often used when speaking about printers. Also used to describe the queue.


Structured Query Language. A language that provides a user interface to relational database management systems (RDBMS). SQL, the de facto standard, is also an ISO and ANSI standard and is often embedded in other programming languages.FOLDOC

square bracket

A left square bracket ([) or a right square bracket (]). These special characters define character classes in ambiguous file references and other regular expressions.

SSH Communications Security

The company that created the original SSH (secure shell) protocol suite ( Mac OS X uses OpenSSH. See OpenSSH on page 946.

standard error

A file to which a program can send output. Usually only error messages are sent to this file. Unless you instruct the shell otherwise, it directs this output to the screen (that is, to the device file that represents the screen).

standard input

A file from which a program can receive input. Unless you instruct the shell otherwise, it directs this input so that it comes from the keyboard (that is, from the device file that represents the keyboard).

standard output

A file to which a program can send output. Unless you instruct the shell otherwise, it directs this output to the screen (that is, to the device file that represents the screen).

startup disk

The disk or volume used to boot (page 923) a system. Also root filesystem (page 952).

startup file

A file that the login shell runs when you log in. The Bourne Again and Z Shells run .pro-file, and the TC Shell runs .login. The TC Shell also runs .cshrc whenever a new TC Shell or a subshell is invoked. The Z Shell runs an analogous file whose name is identified by the ENV variable.

status line

The bottom (usually the twenty-fourth) line of the terminal. The vim editor uses the status line to display information about what is happening during an editing session.

sticky bit

An access permission bit that causes an executable program to remain on the swap area of the disk. It takes less time to load a program that has its sticky bit set than one that does not. Only Superuser can set the sticky bit. If the sticky bit is set on a directory that is publicly writable, only the owner of a file in that directory can remove the file.

streaming tape

A tape that moves at a constant speed past the read/write heads rather than speeding up and slowing down, which can slow the process of writing to or reading from the tape. A proper blocking factor helps ensure that the tape device will be kept streaming.


See connection-oriented protocol on page 927.


A sequence of characters.


See CSS on page 928.


A directory that is located within another directory. Every directory except the root directory is a subdirectory.


Subnetwork. A portion of a network, which may be a physically independent network segment, that shares a network address with other portions of the network and is distinguished by a subnet number. A subnet is to a network as a network is to an internet.FOLDOC

subnet address

The subnet portion of an IP address. In a subnetted network, the host portion of an IP address is split into a subnet portion and a host portion using a subnet mask (also address mask). See also subnet number.

subnet mask

A bit mask used to identify which bits in an IP address correspond to the network address and subnet portions of the address. Called a subnet mask because the network portion of the address is determined by the number of bits that are set in the mask. The subnet mask has ones in positions corresponding to the network and subnet numbers and zeros in the host number positions. Also address mask.

subnet number

The subnet portion of an IP address. In a subnetted network, the host portion of an IP address is split into a subnet portion and a host portion using a subnet mask (also address mask). See also subnet address.

subpixel hinting

Similar to anti-aliasing (page 921) but takes advantage of colors to do the anti-aliasing. Particularly useful on LCD screens.


See procedure on page 948.


A shell that is forked as a duplicate of its parent shell. When you run an executable file that contains a shell script by using its filename on the command line, the shell forks a subshell to run the script. Also, commands surrounded with parentheses are run in a subshell.


A block that contains control information for a filesystem. The superblock contains housekeeping information, such as the number of inodes in the filesystem and free list information.


The extended Internet services daemon.


A privileged user having access to anything any other system user has access to and more. The system administrator must be able to become Superuser to establish new accounts, change passwords, and perform other administrative tasks. The login name of Superuser is usually root. Also root or root user.


The operating system moving a process from main memory to a disk, or vice versa. Swapping a process to the disk allows another process to begin or continue execution.

swap space

An area of a disk (that is, a swap file) used to store the portion of a process's memory that has been paged out. Under a virtual memory system, the amount of swap spacerather than the amount of physical memorydetermines the maximum size of a single process and the maximum total size of all active processes. Also swap area or swapping area.FOLDOC


See network switch on page 945.

symbolic link

A directory entry that points to the pathname of another file. In most cases a symbolic link to a file can be used in the same ways a hard link can be used. Unlike a hard link, a symbolic link can span filesystems and can connect to a directory.

system administrator

The person responsible for the upkeep of the system. The system administrator has the ability to log in as Superuser. See Superuser on page 956.

system console

The main system terminal, usually directly connected to the computer and the one that receives system error messages. Also console and console terminal.

system mode

The designation for the state of the system while it is doing system work. Some examples are making system calls, running NFS, processing network traffic, and performing kernel operations on behalf of the system. Contrast with user mode (page 960).

System V

One of the two major versions of the UNIX system.

TC Shell

tcsh. An enhanced but completely compatible version of the BSD UNIX C shell, csh.


Transmission Control Protocol. The most common transport layer protocol used on the Internet. This connection-oriented protocol is built on top of IP (page 938) and is nearly always seen in the combination TCP/IP (TCP over IP). TCP adds reliable communication, sequencing, and flow control and provides full-duplex, process-to-process connections. UDP (page 959), although connectionless, is the other protocol that runs on top of IP.FOLDOC


In the binary system, the prefix tera- multiplies by 240 (1,099,511,627,776). Terabyte is a common use of this prefix. Abbreviated as T. See also large number on page 940.


Terminal capability. The /etc/termcap file contained a list of various types of terminals and their characteristics. System V (page 957) replaced the function of this file with the terminfo system. Mac OS X uses the terminfo system as well.


Differentiated from a workstation (page 962) by its lack of intelligence, a terminal connects to a computer that runs Mac OS X. A workstation runs Mac OS X on itself.


Terminal information. The /usr/share/terminfo directory contains many subdirectories, each containing several files. Each of those files is named for and holds a summary of the functional characteristics of a particular terminal. Visually oriented text-based programs, such as vim, use these files. An alternative to the termcap file.

text box

In a GUI, a box you can type in.


Defined as an implicit or recurrent idea, theme is used in a GUI to describe a look that is consistent for all elements of a desktop. Go to for examples.


A type of coaxial cable (thick) used for an Ethernet network. Devices are attached to thicknet by tapping the cable at fixed points.


A type of coaxial cable (thin) used for an Ethernet network. Thinnet cable is smaller in diameter and more flexible than thicknet cable. Each device is typically attached to two separate cable segments by using a T-shaped connector; one segment leads to the device ahead of it on the network and one to the device that follows it.


See reentrant on page 950.


The movable button in the scrollbar that positions the image in the window. The size of the thumb reflects the amount of information in the buffer. Also bubble.


Tagged Image File Format. A file format used for still-image bitmaps, stored in tagged fields. Application programs can use the tags to accept or ignore fields, depending on their capabilities.FOLDOC

tiled windows

An arrangement of windows such that no window overlaps another. The opposite of cascading windows (page 925).

time to live

See TTL.


To switch between one of two positions. For example, the ftp glob command toggles the glob feature: Give the command once, and it turns the feature on or off; give the command again, and it sets the feature back to its original state.


A basic, grammatically indivisible unit of a language, such as a keyword, operator, or identifier.FOLDOC

token ring

A type of LAN (page 940) in which computers are attached to a ring of cable. A token packet circulates continuously around the ring. A computer can transmit information only when it holds the token.


A minicontext help system that you activate by allowing your mouse pointer to hover (page 935) over a button, icon, or applet (such as those on a panel).

transient window

A dialog or other window that is displayed for only a short time.

Transmission Control Protocol

See TCP on (page 957).

Trojan horse

A program that does something destructive or disruptive to your system. Its action is not documented, and the system administrator would not approve of it if she were aware of it.

The term Trojan horse was coined by MIT-hacker-turned-NSA-spook Dan Edwards. It refers to a malicious security-breaking program that is disguised as something benign, such as a directory lister, archive utility, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses. Similar to back door (page 922).FOLDOC


Time to live.

1. All DNS records specify how long they are good forusually up to a week at most. This time is called the record's time to live. When a DNS server or an application stores this record in cache (page 925), it decrements the TTL value and removes the record from cache when the value reaches zero. A DNS server passes a cached record to another server with the current (decremented) TTL guaranteeing the proper TTL, no matter how many servers the record passes through.

2. In the IP header, a field that indicates how many more hops the packet should be allowed to make before being discarded or returned.


Teletypewriter. The terminal device that UNIX was first run from. Today TTY refers to the screen (or window, in the case of a terminal emulator), keyboard, and mouse that are connected to a computer. This term appears in UNIX, and Mac OS X has kept the term for the sake of consistency and tradition.


Encapsulation of protocol A within packets carried by protocol B, such that A treats B as though it were a data link layer. Tunneling is used to transfer data between administrative domains that use a protocol not supported by the internet connecting those domains. It can also be used to encrypt data sent over a public internet, as when you use ssh to tunnel a protocol over the Internet.FOLDOC See also VPN (page 960).


User Datagram Protocol. The Internet standard transport layer protocol that provides simple but unreliable datagram services. UDP is a connectionless protocol (page 927) that, like TCP (page 957), is layered on top of IP (page 938).

Unlike TCP, UDP neither guarantees delivery nor requires a connection. As a result it is lightweight and efficient, but the application program must handle all error processing and retransmission. UDP is often used for sending time-sensitive data that is not particularly sensitive to minor loss, such as audio and video data.FOLDOC


UNIX File System. The Berkeley UNIX standard filesystem, available on Mac OS X, but not used in a standard installation. Contrast with HFS+ (page 935).


User ID. A number that the passwd database associates with a login name.


In the American system, 1036. In the British system, this number is named sexillion. See also large number (page 940).


A packet sent from one host to another host. Unicast means one source and one destination.


A character encoding that gives a unique value to every character in every language.

unmanaged window

See ignored window on page 937.


Universal Resource Identifier. The generic set of all names and addresses that are short strings referring to objects (typically on the Internet). The most common kinds of URIs are URLs.FOLDOC


Uniform (was Universal) Resource Locator. A standard way of specifying the location of an object, typically a Web page, on the Internet. URLs are a subset of URIs.

usage message

A message displayed by a command when you call the command using incorrect command line arguments.

User Datagram Protocol

See UDP.

User ID

See UID.

user interface

See interface on page 937.

user mode

The designation for the state of the system while it is doing user work, such as running a user program (but not the system calls made by the program). Contrast with system mode (page 957).


The name you enter in response to the login: prompt. Other users use your username when they send you mail or write to you. Each username has a corresponding user ID, which is the numeric identifier for the user. Both the username and the user ID are stored in the passwd database. Also login name.


The part of memory (RAM) where applications reside. Code running in userspace cannot access hardware directly and cannot access memory allocated to other applications. Also userland. See the KernelAnalysis-HOWTO.


Coordinated Universal Time. UTC is the equivalent to the mean solar time at the prime meridian (0 degrees longitude). Also called Zulu time (Z stands for longitude zero) and GMT (Greenwich Mean Time).


An encoding that allows Unicode (page 959) characters to be represented using sequences of 8-bit bytes.


A program included as a standard part of Mac OS X. You typically invoke a utility either by giving a command in response to a shell prompt or by calling it from within a shell script. Utilities are often referred to as commands. Contrast with builtin (command) (page 924).


A name and an associated value. The shell allows you to create variables and use them in shell scripts. Also, the shell inherits several variables when it is invoked, and it maintains those and other variables while it is running. Some shell variables establish characteristics of the shell environment; others have values that reflect different aspects of your ongoing interaction with the shell.


Same as workspace (page 961).

virtual console

Additional consoles, or displays, that you can view on the system, or physical, console.


A crackers (page 928) program that searches out other programs and "infects" them by embedding a copy of itself in them, so that they become Trojan horses (page 958). When these programs are executed, the embedded virus is executed as well, propagating the "infection," usually without the user's knowledge. By analogy with biological viruses.FOLDOC


Virtual LAN. A logical grouping of two or more nodes that are not necessarily on the same physical network segment but that share the same network number. A VLAN is often associated with switched Ethernet.FOLDOC


Virtual Private Network. A private network that exists on a public network, such as the Internet. A VPN is a less expensive substitute for company-owned/leased lines and uses encryption to ensure privacy. A nice side effect is that you can send non-Internet protocols, such as Appletalk, IPX, or NetBIOS, over the VPN connection by tunneling (page 959) them through the VPN IP stream.


Windows 2000 Professional or Server.


World Wide Web Consortium (


Wide area network. A network that interconnects LANs (page 940) and MANs (page 942), spanning a large geographic area (typically states or countries).


A bridge or router between wired and wireless networks. Wireless access points typically support some form of access control to prevent unauthorized clients from connecting to the network. Also WAP.

Web ring

A collection of Web sites that provide information on a single topic or group of related topics. Each home page that is part of the Web ring has a series of links that let you go from site to site.


A collective name for SPACEs and/or TABs and occasionally NEWLINEs. Also white space.

wide area network

See WAN.


The basic objects of a graphical user interface. Buttons, text fields, and scrollbars are examples of widgets.

wild card

See metacharacter on page 942.


Wireless Fidelity. A generic term that refers to any type of 802.11 (page 920) wireless network.


On a display screen, a region that runs or is controlled by a particular program.

window manager

A program that controls how windows appear on a display screen and how you manipulate them.

Windows share

See share on page 953.


Windows Internet Naming Service. The service responsible for mapping NetBIOS names to IP addresses. WINS has the same relationship to NetBIOS names that DNS has to Internet domain names.

WINS server

The program responsible for handling WINS requests. This program caches name information about hosts on a local network and resolves them to IP addresses.

wireless access point

See WAP.


A sequence of one or more nonblank characters separated from other words by TABs, SPACEs, or NEWLINEs. Used to refer to individual command line arguments. In vim, a word is similar to a word in the English languagea string of one or more characters bounded by a punctuation mark, a numeral, a TAB, a SPACE, or a NEWLINE.

Work buffer

A location where vim stores text while it is being edited. The information in the Work buffer is not written to the file on the disk until you give the editor a command to write it.

working directory

The directory that you are associated with at any given time. The relative pathnames you use are relative to the working directory. Also current directory.


A subdivision of a desktop (page 929) that occupies the entire display.


A small computer, typically designed to fit in an office and be used by one person and usually equipped with a bit-mapped graphical display, keyboard, and mouse. Differentiated from a terminal (page 957) by its intelligence. A workstation runs Mac OS X on itself while a terminal connects to a computer that runs Mac OS X.


A program that propagates itself over a network, reproducing itself as it goes. Today the term has negative connotations, as it is assumed that only crackers (page 928) write worms. Compare to virus (page 960) and Trojan horse (page 958). From Tapeworm in John Brunner's novel, The Shockwave Rider, Ballantine Books, 1990 (via XEROX PARC).FOLDOC


What You See Is What You Get. A graphical application, such as a word processor, whose display is similar to its printed output.

X terminal

A graphics terminal designed to run the X Window System.

X Window System

A design and set of tools for writing flexible, portable windowing applications, created jointly by researchers at MIT and several leading computer manufacturers.


X Display Manager Control Protocol. XDMCP allows the login server to accept requests from network displays. XDMCP is built into many X terminals.


Different types of DSL (page 931) are identified by a prefixfor example, ADSL, HDSL, SDSL, and VDSL.


Extensible Markup Language. A universal format for structured documents and data on the Web. Developed by W3C (page 960), XML is a pared-down version of SGML.

See and


X Session Manager. This program allows you to create a session that includes certain applications. While the session is running, you can perform a checkpoint (saves the application state) or a shutdown (saves the state and exits from the session). When you log back in, you can load your session so that everything in your session is running just as it was when you logged off.

Z Shell

zsh. A shell (page 953) that incorporates many of the features of the Bourne Again Shell (page 924), Korn Shell (page 940), and TC Shell (page 957), as well as many original features.

Zulu time

See UTC on page 960.

A Practical Guide to UNIX[r] for Mac OS[r] X Users
A Practical Guide to UNIX for Mac OS X Users
ISBN: 0131863339
EAN: 2147483647
Year: 2005
Pages: 234

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: