[launchd-dev] Binding an individual user's agent to a privileged port

Hamish Allan hamish at gmail.com
Wed Jan 23 14:23:57 PST 2008

>From "Getting started with launchd"

"Of particular interest is that launchd can run a job as a non-root
user, but still bind it to a privileged port. This removes one common
reason to run daemons as root."

Is it possible for a user agent to be bound to a privileged port?

This might sound like an odd thing to do, but I wish to automatically
mount a remote SMB share on my local machine using SSH port
forwarding. Unfortunately, since Finder is too stupid to let me mount
shares at alternative ports on localhost (it tells me that I should
just access the files locally!) and mount_smbfs doesn't take a port
argument, I need to bind the remote ports 139 and 445 to the same
ports on my local machine.

I want this as an agent rather than a daemon for the purposes of SSH
key management. It needs to run as an agent in the GUI context when I
log in, as this is where the automatic SSH_AUTH_SOCK facility in
Leopard lives.

As far as I can tell, there are two ways of demonstrating to launchd
that you have the authority to perform privileged operations such as
binding to a port < 1024: putting a plist file in /Library/Launch*, or
running launchctl sudo. The former means that the operation would be
executed for all users, and the latter is sort of missing the point of
the original exercise (not to mention bringing file permissions
problems of its own).

Is what I am trying to do possible with launchd?


More information about the launchd-dev mailing list