Running Launchd Services with Non Root User on macOS

I am building a launchctl service which can run a java service. I am able to create launchctl service with root user and test start/stop/status/automatic start at reboot use cases.

I am struggling with running same launchctl service with non root user(ec2-user in my case)

My plist file looks like below

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>siem</string>
  <key>ProgramArguments</key>
  <array>
    <string>java</string>
    <string>-jar</string>
    <string>/Users/ec2-user/siem.jar</string>
  </array>
  <key>RunAtLoad</key>
  <true/> <!-- run the program at login -->
  <key>KeepAlive</key>
  <true/> <!-- run the program again if it terminates -->
  <key>WorkingDirectory</key>
  <string>/Users/ec2-user</string>
   <key>StandardErrorPath</key>
   <string>/tmp/mycommand.err</string>
   <key>StandardOutPath</key>
   <string>/tmp/mycommand.out</string>
</dict>
</plist>

I have tried various steps to run the above service with ec2-user. UID for ec2-user is 501.

ec2-user@ip-172-31-30-212 ~ % launchctl bootstrap gui/501 ~/Library/LaunchDaemons/siem.plist
Bootstrap failed: 125: Unknown error: 125

Verified the content of plist file

ec2-user@ip-172-31-30-212 ~ % plutil ~/Library/LaunchDaemons/siem.plist
/Users/ec2-user/Library/LaunchDaemons/siem.plist: OK

Tried bootstraping service with user

ec2-user@ip-172-31-30-212 ~ % launchctl bootstrap user/501 ~/Library/LaunchDaemons/siem.plist
Bootstrap failed: 5: Input/output error

All of the above errors are not verbose and doesn't seem to find any way.

My goal : I want to run launchctl service with non root user.

Environment Details:

OS : macOS on AWS EC2 Instance

macOS Version : BigSur and Monterey

Update 1:

Checked system logs

Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem[2159]): Service could not initialize: 20G224: xpcproxy + 23787 [839][86D1F823-583D-36B7-A047-55971A034143]: 0xd
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem.label[2160]): Service could not initialize: 20G224: xpcproxy + 23787 [839][86D1F823-583D-36B7-A047-55971A034143]: 0xd
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem[2159]): Service exited with abnormal code: 78
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem.label[2160]): Service exited with abnormal code: 78
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem.label): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.

Solution 1:

Used tool LaunchControl to debug the problem. I recommend to install the brew cask install launchcontrol, which is a gui tool for launchctl, it can help detect errors and trouble shooting.

In my case, there were the following issues

• StandardOutPath and StandardErrorPath were given where my user had no write permissions with it.
• I started my service first with the root user thus service created logs location. Then I started the same service with another non-root user and as logs location were already created, the non-root user had no permission there to write on that.

The reason it took some time to figure out the above issues is the very poor error logging provided by macOS.