On Dec 5, 2007, at 6:59 AM, Jeremy Reichman wrote:
I can understand the desire/need for privilege separation.
Not being skilled in IPC, though, is there a way that systems administrators operating at a scripting level can set up what you've described?
Not really. That is a sore spot in the operating system right now. Actually, scripting in general is a sore spot of most, if not all, operating systems, given that the core routines tend to be written in compiled languages first, and those routines are NOT automatically bridged to the interpreted languages.
The reality is that LoginHook/LogoutHook exist today and do what I want, but I'd rather be doing the same thing with launchd because it gives me a little more granularity in setup and control. Instead of editing loginwindow.plist for root and having a hook script that does its work itself or calls other scripts to do work during those system events, I would like to have the benefit of setting up multiple compartmentalized, modularized launchd jobs.
Setup a launchd job that launches at login. Have it do the LoginHook stuff you used to do. Then have the program wait for SIGTERM. Once SIGTERM arrives, do the LogoutHook stuff and exit. davez