Help

Launchagent not working on macOS Monterey

MehdiYawari
New Contributor III

Posted on ‎06-27-2022 02:23 AM

Hallo everyone
I have a launchagent which works perfectly on macOS Big Sur but not on macOS Monterey. This Launchagent should trigger a script  every 10 sec. Very strange. Tried everything but still no luck :-(
Here is the launchagent:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.company.kerberos</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/Library/Application Support/company/Tools/RefreshKerborosTicket.sh</string>
</array>
<key>WatchPaths</key>
<array>
<string>/etc/resolv.conf</string>
<string>/var/run/resolv.conf</string>
<string>/private/var/run/resolv.conf</string>
</array>
<key>StandardOutPath</key>
<string>/var/log/kerborostgt.log</string>
<key>StandardErrorPath</key>
<string>/var/log/errkerborostgt.log</string>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>10</integer>
</dict>
</plist>
The error that I get is:

2022-06-27 10:00:52.823197 (gui/501/com.company.kerberos [28057]) <Error>: Service could not initialize: posix_spawn(/bin/bash) error: 0xd: Permission denied

here is my troubleshooting process:

I checked the Permissions for the script and launchagent. Everything looks good there.
I executed the script manuelly in terminal. it works perfectly
I changed (/bin/bash) to "bash" and "sh" and also deleted the whole string. still getting permission denied error.

Why the permission denied? cant figure out. Has someone experienced such behavior?
The Launchagent should be working as it works on macOS Big Sur.
Thanks in advance
regards
Mehdi

PS: The launchagent and script are used to refresh the SSO Extension tickets. Source: https://community.jamf.com/t5/jamf-pro/sso-kerberos-extension-how-to-refresh-expired-tickets/m-p/251...

0 Kudos
1 REPLY 1

mm2270
Legendary Contributor III

Posted on ‎06-27-2022 08:59 AM

A couple of suggestions for you. I know you said you already tried some of this, so sorry if some of what I'm going to say is a repeat, but go through these steps again.

First, remove any /bin/bash or /bin/sh from the start of the ProgramArguments array in your plist. As long as your script is executable, those aren't needed (see next point)

Second, check the permissions on the script to ensure it is executable. A simple way to ensure this is to run sudo chmod +x /Library/Application\ Support/company/Tools/RefreshKerborosTicket.sh against it in Terminal.

Next, you might want to choose between having the StartInterval in your LaunchAgent job at 10 seconds, OR using the WatchPaths. The Watch Paths are designed to trigger the launchd job into action when changes are detected in any of the files or paths in that array. But a launchd job can ONLY run at most every 10 seconds. The OS will throttle anything trying to run sooner than that. In fact, if you use WatchPaths, I recommend including a ThrottleInterval added with an integer value of 10 seconds. But if you have a StartInterval set to 10 seconds, that's really all you'd need, though I would argue for something like a script checking/renewing Kerberos tickets that's a bit extreme. There's no need to have it run quite that often in my opinion. Bumping it out to every 60 seconds would be more than sufficient it seems.

Lastly, in terms of the script itself, which script are you using from the thread you linked to? Can you post the script here, sanitized if needed? It's possible there is something in the script it's attempting to do that's throwing the error.

0 Kudos