On May 1, 2009, at 12:45 PM, J.B. Nicholson-Owens wrote:
Is there a good book or article on using launchd and its future for replacing other program-launching programs? Preferably something with examples to illustrate running launchd in the context of a program?
No, there is no book. There are, however, man pages and the Daemonomicon. http://developer.apple.com/technotes/tn2005/tn2083.html#SECDAEMONOMICON
Specifically, I manage multiple labs of Macs all running MacOS X 10.5.6 and I'd like to kick off some processes, some as root, some as the user:
- add a link icon to the dock so the user has one-click access to a shared SMB volume. I have been using a Python script to add this dock icon but knowing when to run the Python script is tricky; on some machines this works perfectly every time, on other machines running MacOS X 10.5.6, the dock icon script doesn't run. I'm guessing I want to run this Python script in the dock context but I'm not sure if that's correct.
Please don't do this. It's unsupported, and we have no qualms about breaking it. Place an icon on the Desktop or in a Dock stack instead.
- will launchd replace login/logout scripts run as root? I'd like to clear the print queues on the machine (using CUPS' "cancel -a" run as root) when the user logs out. I'd like to do this without prompting the user for admin credentials (which our users don't have); print jobs left at logout time should simply be cancelled/ deleted.
Logging out is a destructive operation, so we don't spawn new processes after loginwindow has completed its logout-related work. (There are two forces at work when you log out. loginwindow gets rid of GUI applications and then triggers a session teardown in launchd.) A more sustainable architecture would be for you to have a system daemon to perform the privileged operations. You would also have a launchd agent running in the login session and waiting for a logout notification from notifyd. Upon receiving that notification, the agent would issue a request to the daemon to clean up the print jobs for its UID and exit.
- some programs don't take preference settings via MCX (Adobe CS3's Acrobat, for instance) and I'll need to set certain preferences for the user every time they login via a script (turning off Adobe Acrobat's Javascript, for example).
You should do this with a launchd agent that is set to be KeepAlive as long as it has exited unsuccessfully. This way, if your agent crashes, it'll be respawned until it exits successfully. See launchd.plist(5).
I'm trying to limit running scripts as the user to functions our users would like to have done for them, rather than enforcing policy or attempting any security setting by running scripts as the user. It's my hope that by doing this the user won't have any incentive to want to disable running those scripts.
This should all be doable with judicious use of privilege separation. -- Damien Sorresso BSD Engineering Apple Inc.