[launchd-dev] Permissions/ownership for a per-user launch agent
Mitchell J Laurren-Ring
lists at rynosoft.com
Mon Dec 2 10:12:29 PST 2013
I have a per-user agent that needs to be able to access the default printer for the current user. I'm having problems figuring out how to load it in the current user context from my installer postflight script.
If I use "launchctl load" without sudo from Terminal, my agent loads correctly in the current user context and is able to access the user's default printer. If I load using sudo from Terminal, my agent cannot get the user's default printer.
I have the following at the end of my postflight script:
> chmod 755 /Library/Application\ Support/MyFolder/myd
> chmod 644 /Library/LaunchAgents/com.mycompany.myd.plist
> launchctl load -w /Library/LaunchAgents/com.mycompany.myd.plist
The problem is that my postflight script is running as root which results in the launchctl command being executed as root, leading to the problem with not being able to access the default printer.
There seem to be a few options I could use to fix this issue but most of them are poorly documented. Among these are:
* The ProcessType, UserName and GroupName keys in the launchd.list
* The -s sessiontype option for launchctl load
* This note from the launchctl man page: "Note that per-user configuration files (LaunchAgents) must be owned by the user loading them."
In case it helps, here is the plist that I install into /Library/LaunchAgents:
<dict>
<key>Label</key>
<string>com.mycompany.myd</string>
<key>Debug</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/MyFolder/myd</string>
<string>launchd</string>
</array>
<key>Sockets</key>
<dict>
<key>PrimaryListeningSocket</key>
<dict>
<key>SockServiceName</key>
<string>2687</string>
<key>SockNodeName</key>
<string>localhost</string>
<key>SockFamily</key>
<string>IPv4</string>
</dict>
</dict>
</dict>
/Mick
More information about the launchd-dev
mailing list