IMHO, If you are managing / administering the user's machine... You can change the file ownership / permissions of /bin/launchctl to prevent that user (or those users) from running launchctl. But that will prevent those users from using launchctl on any other jobs. To prevent launchctl being used with only a specific job would require recompilation and replacement of the launchctl / launchd binaries on the users system. On the other hand, if you aren't administering the user's computer I would argue that there are only a few valid reasons for doing this on a user-level launch agent. It would make more sense to be writing a system-level launchdaemon that monitered the users as they were logging in / logging out. As recently discussed on another thread: check the file ownership of /dev/console. On Tue, Aug 24, 2010 at 2:34 PM, Peter <peteralsh@gmail.com> wrote:
Hi all,
Is there a simple way to prevent the user from unloading the launch agent by opening the terminal and using the launchctl unload command? My user agent is loaded when the user logs in and unloaded when the user logs out. I set the flag to keep alive in case the user kills/terminates the process in order to reload but this doesn't prevent him/her from using the launchctl unload command.
Thanks, Peter
_______________________________________________ launchd-dev mailing list launchd-dev@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/launchd-dev