Enable Locate Database

What the locate database enablement does

This Automox Worklet™ enables the locate launchd job on macOS endpoints to build and maintain the locate database. The Worklet checks whether the com.apple.locate service is running and activates it through the launchctl command if needed.

The locate database, stored at /var/db/locate.database, is automatically built and updated by the system. This database indexes all accessible files and directories on the endpoint, enabling fast searches from the terminal without scanning the entire filesystem each time.

The locate database, stored at /var/db/locate.database, is automatically built and updated by the system once the launchd job is enabled.

Once enabled, IT administrators and support teams can use the locate command to quickly find files by name, path patterns, or partial matches, significantly reducing time spent navigating directory structures through slower methods like find or manual browsing.

Why enable locate database on macOS endpoints

The locate database is one of the most efficient tools for file discovery in Unix-like systems. By enabling it across your Mac fleet, you give IT operations teams instant access to a indexed file system search, which is orders of magnitude faster than recursively scanning directories.

File searches are common during troubleshooting, log analysis, configuration verification, and incident response. The locate command returns results in milliseconds, while alternatives like find or mlocate scanning can take minutes on large filesystems or external drives. This efficiency directly reduces mean time to resolution (MTTR) during security events or operational issues.

Locate database also enables compliance and audit scenarios where administrators need to verify file presence, track configuration files, or search for suspicious executables across endpoints. The locate service runs as a background launchd job with minimal overhead.

How locate database enablement works

1. Evaluation phase: The Worklet runs launchctl list and searches for the com.apple.locate service. If the service is found and running, the Worklet exits successfully indicating no action is needed. If the service is not listed or is not loaded, the Worklet exits with status 1 to trigger remediation.

2. Remediation phase: If the service is not enabled, the Worklet executes launchctl load -w /System/Library/LaunchDaemons/com.apple.locate.plist to load the locate launchd job. The -w flag makes the service load persistently across reboots. If the service is already enabled, the Worklet skips remediation and exits cleanly.

Locate database requirements

• macOS 10.12 (Sierra) or later

• Root or administrator privileges to execute launchctl commands

• Sufficient disk space for the locate.database file (typically less than 50 MB depending on filesystem size)

• System LaunchDaemon plist file present at /System/Library/LaunchDaemons/com.apple.locate.plist

Expected locate database state

After remediation, the com.apple.locate launchd job will be enabled and running on the endpoint. Within 24 hours, the system automatically builds the locate database by scanning accessible filesystems. You can verify the Worklet succeeded by running launchctl list on the endpoint and confirming that com.apple.locate appears in the output.

Once the database is built, IT administrators can use commands like locate filename or locate *.log to instantly search for files without waiting for directory traversal. The database updates automatically through the updatedb launchd job (com.apple.update.locate) which typically runs daily at 3:15 AM.

How to validate enable locate database changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for enable locate database.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit.

4. Validate remediation effects from script operations such as launchctl, else, then rerun evaluation for compliance.