[launchd-dev] Stopping and uninstalling a LaunchDaemon job
Quinn
eskimo1 at apple.com
Wed Aug 27 08:36:43 PDT 2008
At 8:24 -0700 27/8/08, Shawn Erickson wrote:
>Sorry the guy that has been playing around with this isn't in just yet
>so I don't know the exact specifics but... It is my understanding he
>is using authorization services to run a script and that script is
>removing files, etc. just fine but launchctl running from under that
>script cannot see the top level launchctl instance to remove the
>launch daemon job. I believe he used id in the script as it logged the
>current user.
OK, this sounds like one of the standard gotchas with
AuthorizationExecutionWithPrivileges; it runs the resulting program
with EUID == 0 but RUID inherited from the process that called AEWP
<rdar://problem/4098710>, and launchctl is getting confused by the
RUID.
If you were writing real code I would recommend:
1. don't use a script, use a C-based tool
2. in that tool call setuid(0) to force the RUID to 0
However, given that you're just putting in a temporary hack then I'll
recommend the following trick:
$ chroot -u 0 / launchctl <args>
which converts an EUID == 0 / RUID != 0 context into a EUID == RUID
== 0. Sneaky huh?
IMPORTANT: Please don't leave these hacks in your production code.
In my experience "temporary + work == permanent".
S+E
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
More information about the launchd-dev
mailing list