[launchd-dev] Getting user parameters as an agent

Quinn eskimo1 at apple.com
Mon Nov 19 12:41:48 PST 2007 

At 21:37 +0200 19/11/07, Yaniv Aknin wrote:
>My apologies, I'm unable to reproduce the behavior I saw earlier 
>with 'user-specific' DAApprovalSessionRef. I haven't the faintest 
>how it happened, maybe a bug in some other part of my code and I 
>jumped to conclusions. Anyhow, if I hit an obstacle, I'd re-raise 
>the issue with the list.

No worries.  I'm glad that you have things working the right way.

>Still, I'd be interested in knowing how can I provide username based 
>variables in launchd's plists, if at all possible.

OK, I'll take a stab at your original questions...

At 23:14 +0200 17/11/07, Yaniv Aknin wrote:
>I've seen references on the list to the fact that an Agent in Tiger 
>absolutely must run as the user

That's basically true, and it applies to both 10.4.x (where launchd 
agents have severe restrictions) and to 10.5 (where launchd agents 
are truly useful).

>no workarounds.

Well, there are always workarounds (-:  For example, you could make 
your agent setuid root.  However, that's a /really/ bad idea.  In 
general, we recommend that you separate the functionality that 
requires elevated privileges out of your agent and into a privileged 
daemon.  This has all sorts of security benefits.

We plan to publish a sample that illustrates this technique soon.

>Also, there's the issue of having launchd tell my agent which user 
>it's running for, either on the command line, as an environment 
>variable, or otherwise.

Given that the agent always runs as the user associated with the 
session, you can do this by calling <x-man-page://2/getuid>.

>And if I'm not asking for too much (I know I am...) - also redirect 
>stdout to a user-specific locations (/var/log/my-app/log.$USERNAME).

I don't think launchd provides a way to do this.  You'd have to write 
code in your agent to set up the user-specific log file.  This might 
make a good feature request.

<http://developer.apple.com/bugreporter/>

Or, better yet, log via <x-man-page://3/asl>.

S+E
-- 
Quinn "The Eskimo!"                    <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

More information about the launchd-dev mailing list