At 8:24 -0700 27/8/08, Shawn Erickson wrote:

Sorry the guy that has been playing around with this isn't in just yet so I don't know the exact specifics but... It is my understanding he is using authorization services to run a script and that script is removing files, etc. just fine but launchctl running from under that script cannot see the top level launchctl instance to remove the launch daemon job. I believe he used id in the script as it logged the current user.

OK, this sounds like one of the standard gotchas with AuthorizationExecutionWithPrivileges; it runs the resulting program with EUID == 0 but RUID inherited from the process that called AEWP <rdar://problem/4098710>, and launchctl is getting confused by the RUID. If you were writing real code I would recommend: 1. don't use a script, use a C-based tool 2. in that tool call setuid(0) to force the RUID to 0 However, given that you're just putting in a temporary hack then I'll recommend the following trick: $ chroot -u 0 / launchctl <args> which converts an EUID == 0 / RUID != 0 context into a EUID == RUID == 0. Sneaky huh? IMPORTANT: Please don't leave these hacks in your production code. In my experience "temporary + work == permanent". S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware