<html><head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000"><blockquote style="border:
0px none;" cite="mid:D069CA95-6E3E-44C6-85F6-70F887AF5CCE@apple.com"
type="cite">
<div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div
style="width:100%;border-top:1px solid #EDEEF0;padding-top:5px"> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:49%;">
<a moz-do-not-send="true" href="mailto:eskimo1@apple.com"
style="color:#737F92
!important;padding-right:6px;font-weight:bold;text-decoration:none
!important;">Quinn "The Eskimo!"</a></div> <div
style="display:inline-block;white-space:nowrap;vertical-align:middle;width:48%;text-align:
right;"> <font color="#9FA2A5"><span style="padding-left:6px">August
24, 2016 at 12:38 AM</span></font></div> </div></div>
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody"><pre wrap="">On 23 Aug 2016, at 17:53, James Bucanek <a class="moz-txt-link-rfc2396E" href="mailto:subscriber@gloaming.com"><subscriber@gloaming.com></a> wrote:
</pre><blockquote type="cite"><pre wrap="">P.S. I would be nice if the UserName launchd property would also accept a number and interpret it as a UID: <key>UserName</key><integer>501</integer>.
</pre></blockquote><pre wrap=""><!---->
Yeah, that’s not really how launchd is architected.</pre></div>
</blockquote>
<br>
That's OK. I sometimes find that launchd doesn't fit my needs. ;)<br>
<br>
<blockquote style="border: 0px none;"
cite="mid:D069CA95-6E3E-44C6-85F6-70F887AF5CCE@apple.com" type="cite">
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody">
<pre wrap=""></pre>
<blockquote type="cite"><pre wrap="">Each daemon is named after its user: com.qrecall.switchboard.501, com.qrecall.switchboard.502, and so on. Each user connects only with its switchboard, and that switchboard only manages endpoints belonging to that user.
</pre></blockquote><pre wrap=""><!---->
Hmmm, that’s weird. How do you stop code running as user 502 connecting to the `com.qrecall.switchboard.501` service? Presumable the daemon has a user ID check on its IPC.</pre></div>
</blockquote>
Correct.<br>
<br>
uid_t uid = (uid_t)connection.effectiveUserIdentifier;<br>
if (uid==switchboard.userID || uid==0)<br>
return switchboard;<br>
// Otherwise, block any attempts to connect with a switchboard belonging
to
another user<br>
return nil;<br>
<br>
<blockquote style="border: 0px none;"
cite="mid:D069CA95-6E3E-44C6-85F6-70F887AF5CCE@apple.com" type="cite">
<div style="color: rgb(136, 136, 136); margin-left: 24px;
margin-right: 24px;" __pbrmquotes="true" class="__pbConvBody">
<pre wrap="">If you’re doing that anyway, you could just have one daemon that handles all users.</pre>
</div>
</blockquote>
That was my original plan!<br>
<br>
But it eventually got way too complicated, from an installation
standpoint. The problem is that this process is only installed as a
system
daemon if the user has administrative privileges. If it's a non-admin
account, or the user can't provide admin credentials, this process gets
installed as per-user (background) agent. When switching back and forth
between these two scenarios (privileged and non-privileged), the agent
gets uninstalled and the daemon
gets installed, or vice versa. But if there are multiple users, and I'm
uninstalling the daemon, do I remove it or not (as there may be other
users that still need the system daemon)? And what if different users
are running different versions of the app? Which version of the system
daemon should get installed? Etc., etc.<br>
<br>
I might tackle these, and other problems, in the future. But for now,
installing multiple system daemons, one for each user, was—by far—the
most manageable solution.<br>
<br>
James<br>
</body></html>