This repository has been archived by the owner. It is now read-only.

Remove unnecessary UserName/UserGroup keys from LaunchAgent plists across all formulas #18293

Closed
rspeed opened this Issue Mar 6, 2013 · 7 comments

Comments

Projects
None yet
4 participants

rspeed commented Mar 6, 2013

launchd always uses the current user's permissions when running a LaunchAgent, even if UserName or UserGroup are explicitly stated. This is the primary differentiation between a LaunchDaemon and a LaunchAgent. Having these keys present in the LaunchAgent plists bundled with homebrew formulas can be very misleading.

The following formulas contain the text UserName:

apollo
arangodb
automysqlbackup
beanstalk
collectd
couchdb-lucene
elasticsearch
gearman
graylog2-server
ircd-hybrid
logrotate
luciddb
mariadb
mongodb
mosquitto
mysql-cluster
mysql
nagios
nginx
percona-server
perforce-proxy
pgbouncer
pincaster
polipo
postgres-xc
postgresql
pure-ftpd
rabbitmq
redis
ser2net
sickbeard
squid
tor

There also seems to be some built-in support in brew services start to generate LaunchAgent plist files with UserName keys.

Contributor

adamv commented Mar 6, 2013

Can you link us to the documentation on this? (And is it consistent across 10.6-10.8?)

rspeed commented Mar 6, 2013

It's in the manfile for launchd.plist.

UserName
This optional key specifies the user to run the job as. This key is only applicable when launchd is running as root.

When a user logs in, the main launchd (PID 1) spawns a new instance of launchd with the user's permissions. That new instance runs the LaunchAgents. This can be confirmed by tracing the parent process of a LaunchAgent back to the user's launchctl instance.

This can be secondarily confirmed by editing a LaunchAgent plist to include a UserName key with a value of another user, then restarting it using launchctl. The process will continue to run as the current user.

As for changes, the documentation is identical in 10.6 (what I linked to), 10.7.8 (also visible on that site through the "Choose a version" dropdown), and 10.8.2 (just checked by running man launchd.plist).

Contributor

Sharpie commented Mar 7, 2013

When a user logs in, the main launchd (PID 1) spawns a new instance of launchd with the user's permissions.

Would this affect the use case of placing the plist in /Library/LaunchAgents with root ownership, but still wanting it to run as a specific user other than root?

rspeed commented Mar 7, 2013

/Library/LaunchAgents and ~/Library/LaunchAgents behave identically, except that the plists in /Library are executed for all users. They have to be root-owned as a security measure, but they're still executed as the current user.

rspeed commented Mar 7, 2013

To clarify a bit, only LaunchDaemons are executed as root, so they're the only case where the UserName and UserGroup keys are applied.

Owner

MikeMcQuaid commented Mar 8, 2013

Seems reasonable to me. @adamv @Sharpie thoughts?

Contributor

Sharpie commented Mar 8, 2013

Seems reasonable to me as well.

nesv added a commit to nesv/homebrew that referenced this issue Apr 12, 2013

dshean added a commit to dshean/homebrew that referenced this issue Sep 24, 2013

@xu-cheng xu-cheng locked and limited conversation to collaborators Feb 16, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.