I have a command line application (not .app bundle), a single executable file. It runs from e.g. usr/bin/myapp . This should be accessible by all users in the mac. It is a LaunchDaemon and run as a as root user. If I keep it in usr/bin it works fine.
When a user install the app, pkgbuild copy the file to /usr/bin and postinstall script starts the LaunchDaemon.
The app depends on nss library. so now I need to copy the nss binary and dylib files to somewhere e.g. usr/bin/lib/nss folder. Is it possible to do using pkgbuild or preinstall script? Since pkgbuild --install-location set to /usr/bin will copy myapp there, but how to copy nss folder to usr/lib?
The other option is to make a whole folder structure /usr/bin/MyApp and copy my myapp binary file there and keep nss files at /usr/bin/MyApp/nss folder. But is that a good idea?
Or should I make the file structure at /usr/local/MyApp ?
Which is the best location to run myapp LaunchDaemon as a root user?
/usr/local or usr/bin or some other place?
You should take a look at antivirus programs for the Mac and where they keep their files. That's how I think I have learned to answer your question:
If you absolutely must, then install your command in /usr/bin on older systems and /usr/local/bin on newer systems. (I think when OSX 10.10 shipped, they switched to /usr/local/bin, but don't know the version exactly.) The only real reason why you want to put something there is so that your product consumers can open a terminal window and run commands. If you're not doing that, then you don't need to put it there.
So, if someone isn't meant to type your command in a terminal window, and if you don't need to run with special privileges, and if your my.app is the only thing calling it, then then you should put the command in your /Applications/my.app/Contents/Resources folder.
Now, if none of that applies to you, then you should create the command in a /Library/Application Support/[my product name] folder if it applies to all users and ~/Library/Application Support/[my product name] folder if it applies only to the current user. Now, one problem you may have is folder name collision here. So, instead of "my product name", you could do it the Java folder way, like for instance what the Opera browser does for their product: ~/Library/Application Support/com.operasoftware.Opera.
As for supporting libraries for your LaunchDaemon or LaunchAgent, then you can install them in either /Library/Application Support/[my product name] or ~/Library/Application Support/[my product name]. The latter one with the tilde (~) means it only applies to a certain user, while the other one would apply to all users.