How do I run a launchd command as root

I have the following launchctl command as a .plist file. It's loaded and set to run once a day but, it needs to run as root and I'm not sure how to verify this.

Also, this cron job basically CDs into a directory and runs a command. I'm sure launchd has a better way of specifying the directory where it's supposed to run the command.

How do I know it's run as root and is there a better way to write this?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>dev.project.frontpage.feedparser</string>
    <key>ProgramArguments</key>
    <array>
        <string>cd</string>
        <string>/Users/eman/src/project/trunk/includes/;</string>
        <string>./feed-parser.php</string>
        <string>-c</string>
        <string>./feed-parser-config.xml</string>
    </array>
    <key>QueueDirectories</key>
    <array/>
    <key>StartCalendarInterval</key>
    <dict>
        <key>Hour</key>
        <integer>12</integer>
        <key>Minute</key>
        <integer>0</integer>
    </dict>
    <key>WatchPaths</key>
    <array/>
</dict>
</plist>

Solution 1:

What folder is the .plist stored in?

launchd runs Daemons (/Library/LaunchDaemons or /System/Library/LaunchDaemons) as root, and will run them regardless of whether users are logged in or not. Launch Agents (/Library/LaunchAgents/ or ~/Library/LaunchAgents/) are run when a user is logged in as that user. You can not use setuid to change the user running the script on daemons.

Because you will want to add it in /Library/LaunchDaemons you will want to make sure you load it into launchd with administrator privileges (eg. sudo launchctl load -w /Library/LaunchDaemons/com.apple.samplelaunchdscript.plist)

Check out man launchd for more information.

Solution 2:

Have you tried using one of the launchd editors?

• Lingon (abandoned, but supposedly works on Leopard and Snow Leopard)
• Launchd Editor
• launchctl

To make sure it is run as root, I'm pretty sure launchd will run the programs as root. Ever think of giving ownership of the script to root using chmod? This way, it won't run unless run as root. You need to then verify that it runs.

sudo chown root:admin script_to_run_by_launchd

Solution 3:

Property lists in LaunchAgents also work, but you have to load both agents and daemons with sudo:

sudo chown root /Library/LaunchAgents/test.plist
sudo launchctl load /Library/LaunchAgents/test.plist

If the plist doesn't have a disabled key, it is loaded on the next login or restart by default, and -w is not necessary.

Technical Note TN2083: Daemons and Agents:

A daemon is a program that runs in the background as part of the overall system (that is, it is not tied to a particular user). A daemon cannot display any GUI; more specifically, it is not allowed to connect to the window server.

[...]

An agent is a process that runs in the background on behalf of a particular user. Agents are useful because they can do things that daemons can't, like reliably access the user's home directory or connect to the window server.

Solution 4:

For Googlers looking to specifically run a LaunchAgent with root privileges intead of a LaunchDaemon, it can be done by:

• Create your LaunchAgent in ~/Library/LaunchAgents
• Run your application with sudo via the ProgramArguments property in your plist
• Set the NOPASSWD option for your application in /etc/sudoers.d

For more detail, see this and this answer.