[launchd-dev] UserName ignored on per-user LaunchAgents

Dave Zarzycki zarzycki at apple.com
Wed Dec 5 09:15:46 PST 2007

On Dec 5, 2007, at 6:59 AM, Jeremy Reichman wrote:

> I can understand the desire/need for privilege separation.
> Not being skilled in IPC, though, is there a way that systems  
> administrators
> operating at a scripting level can set up what you've described?

Not really. That is a sore spot in the operating system right now.  
Actually, scripting in general is a sore spot of most, if not all,  
operating systems, given that the core routines tend to be written in  
compiled languages first, and those routines are NOT automatically  
bridged to the interpreted languages.

> The reality is that LoginHook/LogoutHook exist today and do what I  
> want, but
> I'd rather be doing the same thing with launchd because it gives me  
> a little
> more granularity in setup and control. Instead of editing  
> loginwindow.plist
> for root and having a hook script that does its work itself or calls  
> other
> scripts to do work during those system events, I would like to have  
> the
> benefit of setting up multiple compartmentalized, modularized  
> launchd jobs.

Setup a launchd job that launches at login. Have it do the LoginHook  
stuff you used to do. Then have the program wait for SIGTERM. Once  
SIGTERM arrives, do the LogoutHook stuff and exit.


More information about the launchd-dev mailing list