Local Network Permissions - launchd service running as non-root user

App & System Services Networking
jcoffman OP
Created Jan ’25
Replies 6
Boosts 0
Views 294
Participants 3

Hello,

Title states it basically. I have a java program (launched via shell script) running as a service using launchd which is running as a user (not root) and it does not request Local Network permissions ever.

I feel like i'm missing something here. I combed through all of the Local Network FAQs and don't really see this use case addressed.

I do see that there is an open ticket for an API to trigger the request, but no update on that and the ticket is not visible publicly.

Is there is a way to accomplish this for java or other programs running via launchd with a user other than root? something like an entitlement or an API to seed the permission of Local Network when installing the service via launchctl etc?

Replies  6
Boosts  0
Views  294
Participants  3
DTS Engineer OP
Apple
Jan ’25
Written by jcoffman in 772178021
I have a java program (launched via shell script) running as a service using launchd which is running as a user (not root)

That’s a lot of complicating factors. I’d like to start by understanding the context in which your code is started. Are you running it as a launchd daemon or a launchd agent? That is:

  • Did you put the launchd property list in /Library/LaunchDaemons and then configure the user via the UserName property in that property list?

  • Or did you put the launchd property list in /Library/LaunchAgents or ~/Library/LaunchAgents?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
jcoffman OP
Jan ’25

I am doing the first option of putting the launchd property list in /Library/LaunchDaemons and then configure the user via the UserName property in that property list. This plist calls a shell script which starts up the java process with proper arguments.

0
DTS Engineer OP
Apple
Jan ’25
Written by jcoffman in 820679022
then configure the user via the UserName property in that property list.

Is that a role account? Or a real user?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
jcoffman OP
Jan ’25

It is a real user

0
jcoffman OP
Jan ’25

Any thoughts about this scenario?

Thanks

0
Valkhes OP
4d

Hi,

I have the exact same problem. Trying to launch a service through launchd with UserName in the property list in /Library/LaunchDaemons

It seems nothing is working, I can't access Local Network with my service. As soon as I remove the UserName so it run as root, this is working as expected.

Any news about this ? Did someone find a way to use UserName ?

0
Local Network Permissions - launchd service running as non-root user
First post date Last post date
 
 
Q