Is it possible for a process launched by a root user to launch some processes as logined user privilege on macOS?

This is tricky to do, and is definitely impossible to do safely prior to the introduction of ‘launchd 2’ in… ah… um… 10.10 I think. There are two main sticking points:

• Extra context — In traditional UNIX the execution context is very limited, so you can switch the UID and you’re pretty much done. That’s not true on macOS, where you need to deal with lots of extra context including the Mach bootstrap namespace and the security context.

• Which user? — macOS supports zero, one, or many logged in users, any combination of which might be using the GUI. When you ‘reach up’ from a daemon you have to decide which of those users you’re going to target. That’s a major architectural decision you have to make, but there are also lots of other, more practical problems to solve, like how do you enumerate login sessions, how do you filter out non-GUI users, and so on.

A good background to these issues in Technote 2083 Daemons and Agents. Be aware, however, that the technote has not been updated in a while and does not reflect the current system accurately.

In terms of actually launching a process in a particular context, you can do this using

launchctl

. Pay specific attention to the target/domain specifier discussion right at the front of the man page.

IMPORTANT The online man page for

launchctl

is way out of date (r. 20381965). You’ll need to look at the local man page (using Terminal or your favourite man page viewer).

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

WWDC runs Mon, 5 Jun through to Fri, 9 Jun. During that time all of DTS will be at the conference, helping folks out face-to-face. http://developer.apple.com/wwdc/

Why do you want to launch processes from root as a user?

Why do you want an installer? Most apps are just apps these days.

And a custom installer? Why punish yourself?

Hmmm...your app is starting to sound suspiciously like adware. We already have plenty of adware. We don't need any more.

If you can describe exactly what you are trying to accomplish, I'm sure people can give you good suggestions on how to accomplish it. As long as it isn't more adware.

My application is not an adware!!

In enterprise software environment, sometimes, only an app bundle cannot be satified with customers' need. For example, security software and management software need to launch deamons. Of course, some processes in my software are launched as a current user.

Some software distribution systems are executed as root. For distributing my software using them, it is considered that a root process launch current user's process.

One less Mac adware developer? That's nice.

But you didn't answer any of my other questions.

Why doesn't an installer package meet your needs?

Why can't a stand-alone app meet your needs?

I answered your questions. I metioned about management and security softwares distributed through software distribution systems executed as root in my previous reply. My software is also a security and management program in enterprise environment that have a plan to be delivered by distribution softwares. I don't know how to explain it more detaily. For it, please tell me what are them you wonder specially? Why you have questions about them?