-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
privoxy - why LaunchAgents, not LaunchDaemons? #38
Comments
This is how it was recommended in Homebrew, I guess because most people run as single-user admin. Correct me if I'm wrong, but dnsmasq and dnscrypt are recommended as launch daemons because they run on privileged port 53. Anyway, running privoxy as a launch daemon so it's available to all users is probably fine, however you should probably look at its bug tracker and source code to determine it's trustworthiness to run as root. |
Minor addition to this. If you don't need a low-range port then you can create a non-privileged user 'privoxy' and add that as the UserName key for the launchdaemon. That will give you the all-user service at boot without any risks associated with running as root. |
Being paranoid, even dnscrypt could be run on a higher port as a non-privileged user, as only dnsmasq actually needs to be on port 53 and even that could be avoided with some pf rules. |
I have a machine w/ a few different users. In order to make privoxy work for all users, I need to put the privoxy *plist in LaunchDaemons, not LaunchAgents. Is there a reason I should not do this? Both dnsmasq and dnscrypt are setup through LaunchDaemons.
The text was updated successfully, but these errors were encountered: