[launchd-dev] Mysterious problem with [NSURL getResourceValue:forKey:error:]

[James Bucanek]

Quinn "The Eskimo!" wrote:
> Let’s see if I understand this properly:
>
> * You have a daemon, A, running as root.
>
> * That daemon fork/exec's a helper tool, B.
>
> * B switches its effective user ID to that of some user.

Just to be clear, B is a SetUID executable, so it's effective UID is set 
during launch ... but yes, the code is running with UID=0, EUID=501.

> * B has mysterious problems.
>
> If this is accurate, it’s not a huge surprise.  B is running in a parlous environment, because half of its context has been switched to that of the user but half of its environment has been inherited from the daemon.  It’s not uncommon for weird problems to crop up in that case. For example, have fun accessing the keychain from B (-:

That's kind of what I thought, but I figured it didn't hurt to ask. And 
yes, I've already run into the keychain issue. :(

> Is B running as a role account user?  Or an actual user?

It's a real user. The sole purpose of this process is to collect 
user-perspective metadata for filesystem items (custom icon, localized 
display name, etc.) on behalf of a second process running as root.

Question: I now how a second system daemon (which I created to support 
XPC communications). This one is a bit special because its launchd 
properties include the <key>UserName</key> so the process is executes as 
the user that installed it. Does the UserName key "do the right thing" 
and set up a system daemon's environment/context as the user, thus 
giving me the context I'm looking for?

James