views:

127

answers:

1

I have a pair of launchd daemons, one of which is a true daemon (runs as root) and one of which is a GUI agent that runs as a per GUI session basis (session type Aqua).

I need to prevent non admin level users from disabling the user level agent using launchctl, or at the very least figure out how to reload the agent from the root level daemon.

The best article I've found so far is this one, but it doesn't really offer any clear solutions.

The easiest way would seem to be to fetch the current console user periodically in the root daemon and then run launchctl load ... as that user, but I'm not entirely if if that's possible/how I would go about this (if I just run load from the daemon without posing as the user, it will be loaded under the root user, which does no good).

Any ideas?

A: 

you could check for authorization in your SIGTERM handler, see http://developer.apple.com/mac/library/technotes/tn2002/tn2095.html for sample custom authorization check

Zoran Regvart