I have a pair of launchd daemons, one of which is a true daemon (runs as root) and one of which is a GUI agent that runs as a per GUI session basis (session type Aqua).
I need to prevent non admin level users from disabling the user level agent using launchctl, or at the very least figure out how to reload the agent from the root level daemon.
The best article I've found so far is this one, but it doesn't really offer any clear solutions.
The easiest way would seem to be to fetch the current console user periodically in the root daemon and then run launchctl load ... as that user, but I'm not entirely if if that's possible/how I would go about this (if I just run load from the daemon without posing as the user, it will be loaded under the root user, which does no good).
Any ideas?
you could check for authorization in your SIGTERM handler, see http://developer.apple.com/mac/library/technotes/tn2002/tn2095.html for sample custom authorization check
Related
I'm developing an app which will periodically download files from a remote server for a user. I'm wondering whether I should, in OS X parlance, use a daemon, i.e. it will run as long as OS X has been started, or a user agent, i.e. it will run as long as the particular user is logged in. Is there a convention? Are there any rules to abide by when thinking about this? I certainly don't want buck convention and end up having my app do something a user isn't expecting it to do.
Also, for such background processes, it seems like there might be a convention to have the app show up on the status bar. E.g. both Google drive and Mozy on my machine, which monitor for changes and upload in the background, both are represented in the status bar. Is this something I should do with my app?
there is absolutely a convention, a daemon is typically run as root or a special user (mysql, www), and a Agent runs as the user...
it doesn't matter with respect to how long they may live etc, as a daemon can either be long running like httpd, ftpd, etc, or launched just in time for use, as in a helper tool.
from man launchd:
In the launchd lexicon, a "daemon" is, by definition, a system-wide
service of which there is one
instance for all clients. An "agent" is a service that runs on a per-user basis. Daemons should not
attempt to display UI or interact directly with a user's login session. Any and all work that involves
interacting with a user should be done through agents.
so you may mix with some sort of IPC as in a backup daemon may send messages to a status bar app, which runs as and agent for your user.
Daemon vs Agent
UNIX Daemon - program(.plist + binary) which is running as a background process(like service in Windows)
Daemon is a UNIX Daemon without GUI. launchd starts it when a system has started(behalf on root). *launchd is also daemon - pid is 1 and it creates all other processes. Usually daemons have -d suffix(e.g. launchd, nsurlsessiond[About]). For example daemons can be used for Printer, Bluetooth...
Agent - is a UNIX daemon which can work with GUI through window server. launchd starts agent behalf on user after login with defined user permissions. For example Calendar, Skype...
launchd knows about daemons based on .plist in
User Agents ~/Library/LaunchAgents specific user
Global Agents /Library/LaunchAgents all users
System Agents /System/Library/LaunchAgents MacOS
Global Daemons /Library/LaunchDaemon installed apps
System Daemons /System/Library/LaunchDaemons MacOS
[Java Daemon tread]
I'm trying to a background program that need to connect to window server, which is not allowed in a daemon. But may job is quite appropriate to be done in [System] session which daemons act.
I have tried to set session of the Agent.(Aqua by default)
LimitLoadToSessionType: System
But it didn't work.. Is it wrong? How can I do it?
May be [LoginWindow] + [Aqua] could match the right session. But between the two session, the program need to be shutdown and relaunched.
I am developing an utility application which logs other apps' file system activities. Therefore I am looking for a way to receive file system change notifications including the file paths as well as the corresponding PIDs.
According to my state of knowledge the only way to do this is to listen at "/dev/fsevents" using root privileges. Is there another option to track those file system changes without running a root privileged process?
Thanks in advance!
regards,
Tobias
No. You need to use /dev/fsevents or dtrace or something, all of which require root privilege.
As you know, the public FSEvents api doesn't give you fine grained info as you want.
But this is as it should be. When you ask "is this possible without root privilege?", you should ask yourself "do you want others to do this without root privilege on my machine?"
Then you know this is clearly wrong if it's possible without root privilege: you shouldn't be able to know, without root privilege, which file is accessed by a privileged process.
Is it possible to start postgres process with a user account that has "administrative" privileges? I am on windows XP.
--Error shown is --- (Not really error, it is a security feature)
The server must be started under an unprivileged user ID to prevent
possible system security compromises. See the documentation for
more information on how to properly start the server.
Current work around is to create normal user and run process under that. What I am looking at is quick way to start database, do some operations and shut it down as part of build process.
(years later)
Postgres ships with a control program. See details in official documentation
Short answer:
pg_ctl start "args"
From a Windows Service running on a Terminal Server (in global space), we would like to be able to start up a process running a windows application in a specific user's Terminal Server sessions.
How does one go about doing this?
The Scenerio: the windows service starts at boot time. After the user has logged into a Terminal Server user session, based on some criteria known only to the windows service, the windows service wants to start a process in the user's session running a windows application.
An example: We would like to display a 'Shutdown in 5 minutes' warning to the users. The windows service would detect this condition, and start up a process in each user session that starts the windows app that displays the warning. And, yes, I know there are other ways of displaying a warning dialog, this is the example, what we want to do is much more invasive.
You can use CreateProcessAsUser to do this - but it requires a bit of effort. I believe the following steps are the basic required procedure:
Get the user's session (WTSQuerySessionInformation).
Get a token for that user (WTSQueryUserToken).
Create a duplicate token for your use (DuplicateTokenEx).
Use the token to create an environment block (CreateEnvironmentBlock).
Launch the application with CreateProcessAsUser, using the block above.
You'll also want to make sure to clean up all of the appropriate handles, tokens, etc., after you've launched the process.
Really late reply but maybe somebody will find this helpful.
You can use PsExec to launch an application on a remote (or local) server inside a specified session by using the following command:
psexec \\COMPUTER_NAME -i SESSION_ID APPLICATION_NAME
Where SESSION_ID indicates the session id in which to launch the application.
You will need to know what sessions are active on the server and which session id maps to which user login. The following thread provides a nice code sample for this exact problem: How do you retrieve a list of logged-in/connected users in .NET?
Late reply but in the answer above DuplicateToken is not necessary since WTSQueryUserToken already returns a primary token.