Running Launchd Services with Non Root User on macOS
I am building a launchctl service which can run a java service. I am able to create launchctl service with root user and test start/stop/status/automatic start at reboot use cases.
I am struggling with running same launchctl service with non root user(ec2-user
in my case)
My plist
file looks like below
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>siem</string>
<key>ProgramArguments</key>
<array>
<string>java</string>
<string>-jar</string>
<string>/Users/ec2-user/siem.jar</string>
</array>
<key>RunAtLoad</key>
<true/> <!-- run the program at login -->
<key>KeepAlive</key>
<true/> <!-- run the program again if it terminates -->
<key>WorkingDirectory</key>
<string>/Users/ec2-user</string>
<key>StandardErrorPath</key>
<string>/tmp/mycommand.err</string>
<key>StandardOutPath</key>
<string>/tmp/mycommand.out</string>
</dict>
</plist>
I have tried various steps to run the above service with ec2-user
. UID for ec2-user
is 501.
ec2-user@ip-172-31-30-212 ~ % launchctl bootstrap gui/501 ~/Library/LaunchDaemons/siem.plist
Bootstrap failed: 125: Unknown error: 125
Verified the content of plist file
ec2-user@ip-172-31-30-212 ~ % plutil ~/Library/LaunchDaemons/siem.plist
/Users/ec2-user/Library/LaunchDaemons/siem.plist: OK
Tried bootstraping service with user
ec2-user@ip-172-31-30-212 ~ % launchctl bootstrap user/501 ~/Library/LaunchDaemons/siem.plist
Bootstrap failed: 5: Input/output error
All of the above errors are not verbose and doesn't seem to find any way.
My goal : I want to run launchctl service with non root user.
Environment Details:
OS : macOS on AWS EC2 Instance
macOS Version : BigSur and Monterey
Update 1:
Checked system logs
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem[2159]): Service could not initialize: 20G224: xpcproxy + 23787 [839][86D1F823-583D-36B7-A047-55971A034143]: 0xd
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem.label[2160]): Service could not initialize: 20G224: xpcproxy + 23787 [839][86D1F823-583D-36B7-A047-55971A034143]: 0xd
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem[2159]): Service exited with abnormal code: 78
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem.label[2160]): Service exited with abnormal code: 78
Nov 26 17:51:23 ip-172-31-30-212 com.apple.xpc.launchd[1] (siem.label): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Solution 1:
Used tool LaunchControl
to debug the problem. I recommend to install the brew cask install launchcontrol
, which is a gui tool for launchctl, it can help detect errors and trouble shooting.
In my case, there were the following issues
-
StandardOutPath
andStandardErrorPath
were given where my user had no write permissions with it. - I started my service first with the root user thus service
created logs location. Then I started the same service with another
non-root
user and as logs location were already created, thenon-root
user had no permission there to write on that.
The reason it took some time to figure out the above issues is the very poor error logging provided by macOS.