[launchd-dev] LaunchAgents

Dreamcat4 dreamcat4 at gmail.com
Tue Aug 24 07:05:37 PDT 2010


IMHO,
If you are managing / administering the user's machine...

You can change the file ownership / permissions of /bin/launchctl to
prevent that user (or those users) from running launchctl. But that
will prevent those users from using launchctl on any other jobs.

To prevent launchctl being used with only a specific job would require
recompilation and replacement of the launchctl / launchd binaries on
the users system.

On the other hand, if you aren't administering the user's computer I
would argue that there are only a few valid reasons for doing this on
a user-level launch agent. It would make more sense to be writing a
system-level launchdaemon that monitered the users as they were
logging in / logging out. As recently discussed on another thread:
check the file ownership of /dev/console.


On Tue, Aug 24, 2010 at 2:34 PM, Peter <peteralsh at gmail.com> wrote:
> Hi all,
>
> Is there a simple way to prevent the user from unloading the launch agent by opening the terminal and using the launchctl unload  command?
> My user agent is loaded when the user logs in and unloaded when the user logs out. I set the flag to keep alive in case the user kills/terminates the process in order to reload but this doesn't prevent him/her from using the launchctl unload command.
>
> Thanks,
> Peter
>
> _______________________________________________
> launchd-dev mailing list
> launchd-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/launchd-dev
>


More information about the launchd-dev mailing list