Mac application installer needs to start user agent but not as root

I've built an install using Apple's PackageMaker utility.  It installs a daemon and a user agent.  At the end of the install I would like to start the user agent using launchctl.  However, since I had to elevate privileges during the install in order to install my daemon, I end up starting the user agent as root.  If I use sudo -u <user> launchctl, I just get an error: "launch_msg(): Socket is not connected".

Is there any way to un-elevate privileges during an install?
postflight:
 
# this just errors out with launch_msg(): Socket is not connected".
# sudo -u current_user /bin/launchctl load ""/Library/LaunchAgents/com.myuseragent.plist"
 
#  this works but starts the user agent as root.  I want it to run as the current user
/bin/launchctl load "/Library/LaunchAgents/com.myuseragent.plist"

Open in new window

jimbojjAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

heteronymousCommented:
How are you determining the current user ?

You have "current_user" but that's not a shell/bash internal so that's not going to work.

From Nigel Kersten (see http://explanatorygap.net , afp548.comApple's Server mailing list, MacEnterprise list)

to get the current logged in user
/usr/bin/who | /usr/bin/grep console | /usr/bin/cut -d " " -f 1

So you would use:

current_user=$(/usr/bin/who | /usr/bin/grep console | /usr/bin/cut -d " " -f 1)

You might also try specifying the user in your launchd plist via the provided
UserName  key.

See
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man5/launchd.plist.5.html

You could also get the user in Python via
import os
os.getenv('USER')
0
jimbojjAuthor Commented:
I came up with an applescript to solve my problem.  Since it will be run in the context of the logged-on user, my app starts correctly.

So far I haven't seen any negative side affects from this.


postflight:
 
osascript -e "tell application \"System Events\"" -e "do shell script \"launchctl load -S Aqua /Library/LaunchAgents/com.myproduct.plist\"" -e "end tell"

Open in new window

0
heteronymousCommented:
Ok, but you hardly specified you wanted or needed an AppleScript-based solution, but yours is another way to go.
What I replied with already does work.

If you're running as root, you can run another command via:

su <username> -c /path/to/binary

Or
 
sudo -u [username] [command]
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

jimbojjAuthor Commented:
I was looking for any solution that would work--I didn't have any specific technology in mind.

Just launching the app won't solve the problem--when the current user logs out and another logs in, since nothing has told launchd to run it, it won't automatically start for the new user.

As far as your previous suggestion, I need my launchd agent to run as whoever is logged in--which can be anybody.  I can't put a specific user in the .plist file.   Was this your solution?
0
jimbojjAuthor Commented:
OK, you were right.  Just starting the app as the user works because when they log out launchd does refresh its list of what should be run and will start it anyway.  I like your solution better than mine because I HATE applescript. Thanks for your help!!  
0
heteronymousCommented:
Actually, what a good way to go would be to have your plist launch your script: that way, via the script,
you can get the current user, and have the launch app as/for them.

If you look at (don't modify of course !) some of the Apple plists in /System/Library/LaunchDaemons
eg: cat /System/Library/LaunchDaemons/ssh.plist

you can see that it does just that - invokes a script ( /usr/libexec/sshd-keygen-wrapper )that invokes the desired binary with specific options.


0
heteronymousCommented:
typo: "have the launch app" should read: have that launch the app
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Swift Programming

From novice to tech pro — start learning today.