In fact the solution was much easier than I thought. I had to fully disable the "System" starting of the 2 postfix related daemons: launchctl disable system/com.apple.postfix.master launchctl disable system/com.apple.postfix.newaliases And check it is correctly registered as disabled: launchctl print-disabled system And finally create my own one inside: /Library/LaunchDaemons which is: org.postfix.master.plist containing: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>org.postfix.master</string> <key>Program</key> <string>/usr/libexec/postfix/master</string> <key>ProgramArguments</key> <array> <string>master</string> </array> <key>QueueDirectories</key> <array> <string>/Library/Server/Mail/Data/spool/maildrop</string> </array> <key>AbandonProcessGroup</key> <true/> <key>KeepAlive</key> <true/> <key>RunAtLoad</key> <true/> </dict> </plist>

[quote='873105022, DTS Engineer, /thread/761587?answerId=873105022#873105022'] I don't know what your specific needs/requirements are here… [/quote] I am a system engineer on Unixes and a security expert. Most of my work is not in my home directory, but in the configuration of macOS so as to conform to a validation process in term of quality and security. This work represent from one to three weeks of configuration testing and validation ( network accesses, servers configuration, encryption, encryption problems recovery… ) for each update or upgrade of any OS. This is the most valuable part of my work. Then this is the part I am routinely backuping on any OS I had the luck to work on since 40 years ( I started on Unix on Cray 1 ). The usual method I professionally validated is a complete clone copy of the / FS, which in case of problem on this FS or on the whole OS, permits an immediate restart of activity with the validated system configuration. Thus avoiding for example a restart of a macOS with a netbiosd server open toward the Internet side of my network ( which could be a total security damage ). One of the tool I used and validated in this process on macOS was the highly known and tested CCC ( aka Carbon Copy Cloner ). I use a very similar shell script based on rsync on other serious Unixes. By serious I mean an OS a good will engineer can secure to a high level easily, and is helped in this task by the architecture of the OS and its admin tools.

The best tool I found and tested thus far is: Murus Sorry, I cannot include the correct URL here ( because of internal security policy ).

Thank you for the information. I understand better why I felt that stupid about not being able to find such a basic software, and wasting half an hour searching. Will this version of macOS server for Monterey permit to manage: bootpd, natpmpd, paquet filter. My core problem is to set correctly all the security settings around /usr/libexec/InternetSharing and paquet filter ( /etc/pf.anchors ). ( I am working on a firewall able to protect against DDOS with 0 impact. ) For the other services I will be able to manage them through usual open sources servers, just the cc inside Xcode + a few hours of basic work.

[quote='799318022, DTS Engineer, /thread/761587?answerId=799318022#799318022'] What problem(s) are these missing files actually causing? [/quote] Sorry for the late answer and a lot of unsuccessful work around this problem ( still a blocking one, only on macOS ). Thank you for your nice answer. It's now very difficult to make a perfect copy, of a macOS core filesystem. One on which it would be possible to restart in case of a failure within less than a few minutes, i.e. a clone copy.

[quote='798802022, DTS Engineer, /thread/761331?answerId=798802022#798802022'] The "/" volume should include NO user information AT ALL and, ideal, should minimize any kind of "configuration specific" data. [/quote] This is perfectly achieved with a simple directory /var inside / volume (RO ) and a bucket of symbolinc links ( the traditionnal one ) pointing to directories inside the var volume ( RW ) mounted on /var, as exposed in my OQ. As a concrete example, there is a need to clearly separate system applications ( RO ) and user installed applications ( RW ), this is achieved throught the use of 2 different clearly distinct directories and one preconfigured symbolic link inside / ( RO ⇒ non modifiable ): User visible path real path to volume ------------------------------------------------ /Applications /Applications / /local/Applications /var/Applications /var And that's all folks! Thus my OQ stands: why didn't Apple choose such a basic, simple and efficient construct with just 2 basic volumes? Real life teach us everyday that complexity is one of the biggest enemy of performance and security.

This is neither a user, nor a developer issue. This is a kernel issue. I am working on this one, and I would like to understand it. Back to the initial question, where is documented the error code -3905? I got it repeatedly in an environment of work after about 6 days of full load of the Wi-Fi network with 4 clients moving. Here is the typical track I get once the network is unusable for everyone end Wi-Fi Logging turned to on on one of the client Mac. Notably, iPhones and another Mac cannot reach anymore the network once this error appear. Sun May 22 10:45:37.994 Driver Event: <airportd[246]> _bsd_80211_event_callback: APPLE80211_M_ROAM_START (en0) Sun May 22 10:45:37.994 Info: <airportd[246]> Roaming started on interface en0 Sun May 22 10:45:37.994 Info: <airportd[246]> PRIORITY LOCK ADDED [client=airportd, type=4, interface=en0, priority=5] Sun May 22 10:45:37.995 Info: <airportd[246]> SUSPEND AWDL for interface en0, timeout=10.0s, reason=Roam, token=166 Sun May 22 10:45:37.995 Info: <airportd[246]> RESUME AWDL for interface en0, reason=Roam token=165 Sun May 22 10:45:37.995 Roam: <airportd[246]> Unschedule roam RSN handshake timeout, received ROAM_START Sun May 22 10:45:41.106 Info: <airportd[246]> PRIORITY LOCK REMOVED [client=airportd, type=4, interface=en0, priority=7] Sun May 22 10:45:41.106 Info: <airportd[246]> RESUME AWDL AFTER TIMEOUT for interface en0, timeout=10.0s, reason=Assoc token=163 Sun May 22 10:45:42.056 Info: <airportd[246]> RESUME AWDL AFTER TIMEOUT for interface en0, timeout=10.0s, reason=Assoc token=164 Sun May 22 10:45:42.513 Driver Event: <airportd[246]> _bsd_80211_event_callback: SCAN_CACHE_UPDATED (en0) Sun May 22 10:45:42.539 <kernel> en0: Terminating supplicant. Sun May 22 10:45:42.539 <kernel> RSNSupplicant: Releasing authenticator for 00:00:00:00:00:00 Sun May 22 10:45:42.540 Assoc: <airportd[246]> <en0> Auto-join association timed out on network ••••• ••• , returned error code -3905 ***** Sun May 22 10:45:42.540 Info: <airportd[246]> Failed to associate to Wi-Fi network ••••• ••• on interface en0, returned error code -3905 *****

[empty answer to replace the missing function: delete answer.]

What is highly strange is that this function LSOpenURLsWithRole is marked as deprecated ending on version 10.10 ( Yosemite ) developer LSOpenURLsWithRole documentation How is it possible that the application Preview.app might use it on a version of MacOS which is the 10.13 ( High Sierra: because this is the one on which the incident is under debugging )?

I advise you to run Disk Utility in recovery mode. Thus there will be one uniq process running on your disk. It is safer and faster.

Why wouldn't you create such a folder: /Library/Application Support/application_name like this: _App_dir_name="/Library/Application Support/application_name" /usr/bin/sudo mkdir ${_App_dir_name} /usr/bin/sudo chmod 2766 ${_App_dir_name} This is the way many application are managing their globally used files. Look for example at: /Library/Application Support/Apple/Photos/Print Products