Posted on 05-06-2019 09:14 AM
I wrote a process for my network team to scan for when a user connects to the company through VPN. I use a post-install script to load a Launch Agent - however, I can't get the launch agent to start -- without the user restarting. I don't know what my next step to troubleshoot would be
The agent script is:
#!/bin/sh
function runCompany
{
cat << EOF > /Library/LaunchAgents/com.highmark.Highmark.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.highmark.Highmark</string>
<key>Program</key>
<string>/usr/local/bin/Highmark</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
</dict>
</plist>
EOF
launchctl load /Library/LaunchAgents/com.highmark.Highmark.plist
}
runCompany
Posted on 05-06-2019 09:41 AM
@k3vmo LaunchAgents are run by the user logged into the system, not by root. Remove the last line of the runCompany function and add this:
# if someone is logged in
if who | grep -q console; then
# get the logged in user's uid
LOGGED_IN_UID=$(ls -ln /dev/console | awk '{ print $3 }')
# use launchctl asuser to run launchctl in the same Mach bootstrap namespace hierachy as the Finder
launchctl asuser "$LOGGED_IN_UID" launchctl load /Library/LaunchAgents/com.highmark.Highmark.plist
fi
Posted on 05-06-2019 09:43 AM
You might also have to do this:
chmod 644 /Library/LaunchAgents/com.highmark.Highmark.plist
Posted on 05-06-2019 11:35 AM
@ryan.ball I removed my launchctl line and added your code .. I save this script out - it's executable. I bundle it with my .pkg [which simply starts a process on the host] yet I had no luck. It worked when the system was restarted
Do I have this correct?
#!/bin/bash
function runHighmark
{
cat << EOF > /Library/LaunchAgents/com.highmark.Highmark.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.highmark.Highmark</string>
<key>Program</key>
<string>/usr/local/bin/Highmark</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
</dict>
</plist>
EOF
# if someone is logged in
if who | grep -q console; then
# get the logged in user's uid
LOGGED_IN_UID=$(ls -ln /dev/console | awk '{ print $3 }')
# use launchctl asuser to run launchctl in the same Mach bootstrap namespace hierachy as the Finder
launchctl asuser "$LOGGED_IN_UID" launchctl load /Library/LaunchAgents/com.highmark.Highmark.plist
fi
}
runHighmark
Posted on 05-06-2019 12:15 PM
@k3vmo This seems to work fine for me:
#!/bin/bash
function runHighmark
{
/usr/bin/defaults write /Library/LaunchAgents/com.highmark.Highmark.plist Label "com.highmark.Highmark"
/usr/bin/defaults write /Library/LaunchAgents/com.highmark.Highmark.plist Program "/usr/local/bin/Highmark"
/usr/bin/defaults write /Library/LaunchAgents/com.highmark.Highmark.plist RunAtLoad -bool true
/usr/bin/defaults write /Library/LaunchAgents/com.highmark.Highmark.plist KeepAlive -bool true
chmod 644 /Library/LaunchAgents/com.highmark.Highmark.plist
# if someone is logged in
if who | grep -q console; then
# get the logged in user's uid
LOGGED_IN_UID=$(ls -ln /dev/console | awk '{ print $3 }')
# use launchctl asuser to run launchctl in the same Mach bootstrap namespace hierachy as the Finder
launchctl asuser "$LOGGED_IN_UID" launchctl load /Library/LaunchAgents/com.highmark.Highmark.plist
fi
}
runHighmark
You need to check your permissions on /usr/local/bin/Highmark to make sure the user can execute it. You can probably just do this:
sudo chmod 755 /usr/local/bin/Highmark
You might be able to use LaunchControl to troubleshoot issues with the agent.