[launchd-dev] Stopping and uninstalling a LaunchDaemon job

[Quinn]

At 8:24 -0700 27/8/08, Shawn Erickson wrote:
>Sorry the guy that has been playing around with this isn't in just yet
>so I don't know the exact specifics but... It is my understanding he
>is using authorization services to run a script and that script is
>removing files, etc. just fine but launchctl running from under that
>script cannot see the top level launchctl instance to remove the
>launch daemon job. I believe he used id in the script as it logged the
>current user.

OK, this sounds like one of the standard gotchas with 
AuthorizationExecutionWithPrivileges; it runs the resulting program 
with EUID == 0 but RUID inherited from the process that called AEWP 
<rdar://problem/4098710>, and launchctl is getting confused by the 
RUID.

If you were writing real code I would recommend:

1. don't use a script, use a C-based tool

2. in that tool call setuid(0) to force the RUID to 0

However, given that you're just putting in a temporary hack then I'll 
recommend the following trick:

$ chroot -u 0 / launchctl <args>

which converts an EUID == 0 / RUID != 0 context into a EUID == RUID 
== 0.  Sneaky huh?

IMPORTANT:  Please don't leave these hacks in your production code. 
In my experience "temporary + work == permanent".

S+E
-- 
Quinn "The Eskimo!"                    <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware