Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

Chapter 4. Handling Multiple Processes > HOW TO USE SETUID AND SETGID - Pg. 106

106 CHAPTER 4 Handling Multiple processes The third argument to both SMJobSubmit() and SMJobRemove() is an authorization reference, which can be NULL when you are working with the user launchd domain. To change jobs in the system domain (for example, to install a daemon), the authorization reference must contain the com.apple.ServiceManagement.daemons.modify privilege so that unprivileged users cannot tamper with the system services. You will see how to acquire this privilege in Chapter 6. Most launchd helper and daemon jobs will be triggered on a socket connection, either a network connection from another computer or an IPC connection from a user application. In either case, the daemon needs to check in with launchd before it hands over the socket to the tool. Checking in is accomplished with launchd's IPC interface, defined in <launch.h>. A process sends the LAUNCH_ KEY_CHECKIN message to launchd. The reply to this is a dictionary of its job properties, although the socket descriptions specified when the job was submitted are replaced by file descriptor numbers corresponding to the streams associated with each socket in the process. The process can then use this dictionary to identify each of its IPC or RPC connections. Launchd still has the look of an all-or-nothing service. Launchd jobs are either user agents running in each user's session on behalf of that user, or system daemons running in the system session as the super-user. The principle of least privilege suggests that you not use higher privilege than is really required, so what should you do if you need to provide a system daemon but it does not need super- user privileges? If the daemon will never need to operate as root, its launchd job can specify that launchd should