[launchd-dev] User Deamon
James Bucanek
subscriber at gloaming.com
Mon Nov 26 16:20:20 PST 2007
Welcome,
I was invited to bring this thread here by Quinn. My apologies
if you've seen bits and pieced of this thread before; it's
traveled around the Cocoa, Carbon, and MacNetworkProg lists
before landing here.
I'm developing a backup and document archiving solution
(<http://www.qrecall.com/> -- not an ad, just for reference).
The program provides "actions" that can be scheduled to run at
regular intervals or in response to certain events. These
actions should be performed whether the user is logged in or
out. In fact, actions can be scheduled to run only when the user
is logged out or because the user logged out.
There is a scheduler process which is responsible for managing
all of this. The scheduler works on behalf of a single user.
(Other users may have their own schedule/scheduler.) For
security, the scheduler runs under the UID of that user.
So, what I have is a process that
- Needs to start up when the system boots and runs until the
system shuts down, independent of whether the user is logged in
or not.
- Runs as a single user (not as root) without any special privileges.
- Can be installed and removed without requiring administrative authorization.
In effect, I need a "User Daemon" -- a class of process that
launchd does not provide.
I was simulating this (pretty well) using crontab. The crontab
will allow non-admin users to install a cronjob that runs
periodically and independently of their login session.
Unfortunately, recent versions of Tiger and Leopard have become
downright hostile towards user cronjobs, sending them SIGKILL
signals whenever the user is logged out (without even the
courtesy of a SIGTERM first!).
I'm now simulating this by installing a system-wide daemon for
each user (/Library/LaunchDaemons/QRecallScheduler501.plist,
.../QRecallScheduler502.plist, etc.). Each daemon is configured
to run as that user (via the UserName property). But this
requires administrative privileges to install/uninstall a
non-privileged process. Beyond being annoying, it limits the
usefulness of the application for non-admin users. And in the
pit of my stomach, I feel that it presents a security hole.
I'm basically just throwing this out to the launchd team for
comments, which might result in filing a feature request.
I also understand some of the potential problems in implementing
user daemons. (For example, the logical place to place a user
daemon configuration file would be in ~/Library/LaunchDaemons,
but that obviously won't work with FileVault or users who mount
their home folder over a network.) However, there are also
potential solutions to some of these and there's also the
principle that one shouldn't necessarily eliminate a feature
just because 0.1% of the users can't use it. ;)
Any thoughts?
--
James Bucanek
More information about the launchd-dev
mailing list