My application is launching under root and I need to be able to unload processes using NSTask and launchctl Here is a code I do:
NSPipe *pipe = [NSPipe pipe];
NSTask *task = [[NSTask alloc] init];
[task setLaunchPath: @"/bin/launchctl"];
[task setCurrentDirectoryPath:@"/"];
[task setStandardError:pipe];
NSLog(@"/bin/launchctl unload %@", plistAutostartLocation);
NSArray *arguments;
arguments = [NSArray arrayWithObjects: enableCommand, plistAutostartLocation, nil];
[task setArguments: arguments];
NSFileHandle * read = [pipe fileHandleForReading];
[task launch];
[task waitUntilExit];
If process need to be unload is launched under "root" then it unloads successfully if not the fails. The question is how to run "launchctl" under specific user (e.g. "myusername")?
Edit: In terminal if I want to run some command under specific user I do next and it works well:
su - myusername -c "ls /Users/myusername"
But when I try to run "launchctl" under specific user it fails:
su - myusername -c "launchctl load /Library/LaunchAgents/com.google.keystone.agent.plist"
It says: "nothing found to load"
The failing of your last command is related to bootstrap namespaces, you are trying to load the agent in the wrong bootstrap namespace. The system is creating two different bootstrap namespaces, excerpt from Apple documentation:
The
sucommand is not launched in the same bootsrap namespace used bylaunchd.There are two ways to run a command like the ones you want to run in the correct bootstrap namespace:
10.10 and above: use
launchctl asuser. This will run any command as it was launched by the specified<myusername>. It is worth to mention that you must run this as root, otherwise the command will fail. Your last command should be run like this:10.10 and below (since 10.11, SIP blocks this method): use
launchctl bsexec. This requires a process id to retrieve the correct namespace in which to run another command. Also, you have to change the UID of the command manually, like this: