From "Getting started with launchd" (http://developer.apple.com/macosx/launchd.html):

"Of particular interest is that launchd can run a job as a non-root user, but still bind it to a privileged port. This removes one common reason to run daemons as root." Is it possible for a user agent to be bound to a privileged port? This might sound like an odd thing to do, but I wish to automatically mount a remote SMB share on my local machine using SSH port forwarding. Unfortunately, since Finder is too stupid to let me mount shares at alternative ports on localhost (it tells me that I should just access the files locally!) and mount_smbfs doesn't take a port argument, I need to bind the remote ports 139 and 445 to the same ports on my local machine. I want this as an agent rather than a daemon for the purposes of SSH key management. It needs to run as an agent in the GUI context when I log in, as this is where the automatic SSH_AUTH_SOCK facility in Leopard lives. As far as I can tell, there are two ways of demonstrating to launchd that you have the authority to perform privileged operations such as binding to a port < 1024: putting a plist file in /Library/Launch*, or running launchctl sudo. The former means that the operation would be executed for all users, and the latter is sort of missing the point of the original exercise (not to mention bringing file permissions problems of its own). Is what I am trying to do possible with launchd? Hamish