[launchd-dev] Launchd and logging and users and groups

Damien Sorresso dsorresso at apple.com
Wed Jul 15 13:34:22 PDT 2009 

On Jul 15, 2009, at 1:06 PM, Scott Haneda wrote:
> Please be gentle, this is outside my comfort level in launchd.
>
> I have a spam proxy written in perl that needs to be started by  
> launchd.
>
> When it starts, a few 100 lines of startup data is sent to whatever  
> started it.  If I start with with launchd, all that data will end up  
> in /var/log/system.log
>
> I set the 'StandardOutPath'
> 	<key>StandardOutPath</key>
> 	<string>/dev/null</string>
> but I am not sure that is the correct way to deal with this.  All  
> the startup data is also sent to the proxy's log file, so to me, it  
> seems redundant.  However, I think the above StandardOutPath change  
> may also mask away some important bits of launchd that may be  
> desirable to be seen.

launchd doesn't do anything to changethe log data it redirects. It  
just blurts it out to syslog. You should set your StandardOutPath to  
your log file path.

> All the files the proxy uses are owned by _assp:_assp, so I set:
> 	<key>UserName</key>
> 	<string>_assp</string>
> according to the docs, I need not se the group, it will auto set to  
> the user.  When I do that, launchd restarts repeatedly,

Do you mean that the job restarts repeatedly?

> and the logs that the perl file logs to aka: the proxy logs, will  
> get this line repeated:
>
> Jul-14-09 23:58:03 Requested to switch to user/group '_assp/_assp'  
> but cannot set effective uid to 0 -- quitting; uid is 504
>
> If the proxy is automatically dropping into the correct user and  
> group, then does that mean there is no need to run with the lunachd  
> settings for UserName?
>
> Can I get some guidance on the best way to deal with this?  Any  
> suggestions on how this should be set up to be most ideal, is most  
> appreciated.

Your daemon is calling setuid(2), but you've requested that you be run  
as the _assp user, which will cause setuid(2) to fail. launchd does  
not save your EUID when applying the UserName key. See the setuid(2)  
man page.

Also please see launchd.plist(5). Daemons should not call setuid(2).  
Your daemon should decide what set of credentials (root or non-root)  
it wants and stick with that decision.
-- 
Damien Sorresso
BSD Engineering
Apple Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2425 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/launchd-dev/attachments/20090715/f682bc9a/attachment.bin>

More information about the launchd-dev mailing list