This is tricky to do, and is definitely impossible to do safely prior to the introduction of ‘launchd 2’ in… ah… um… 10.10 I think. There are two main sticking points:
Extra context — In traditional UNIX the execution context is very limited, so you can switch the UID and you’re pretty much done. That’s not true on macOS, where you need to deal with lots of extra context including the Mach bootstrap namespace and the security context.
Which user? — macOS supports zero, one, or many logged in users, any combination of which might be using the GUI. When you ‘reach up’ from a daemon you have to decide which of those users you’re going to target. That’s a major architectural decision you have to make, but there are also lots of other, more practical problems to solve, like how do you enumerate login sessions, how do you filter out non-GUI users, and so on.
A good background to these issues in Technote 2083 Daemons and Agents. Be aware, however, that the technote has not been updated in a while and does not reflect the current system accurately.
In terms of actually launching a process in a particular context, you can do this using
launchctl
. Pay specific attention to the target/domain specifier discussion right at the front of the man page.
IMPORTANT The online man page for
launchctl
is
way out of date (r. 20381965). You’ll need to look at the local man page (using Terminal or your favourite man page viewer).
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
WWDC runs Mon, 5 Jun through to Fri, 9 Jun. During that time all of DTS will be at the conference, helping folks out face-to-face. http://developer.apple.com/wwdc/