I am trying to get a followup on the following thread.
It seems like it is not possible to prevent non-admin users from unloading launch agents through the terminal or deleting the user level ones.
I am trying to get a followup on the following thread.
Sorry about not replying over there; I wasn’t notified of your replies on that other thread )-:
It seems like it is not possible to prevent non-admin users from unloading launch agents …
Yep.
This comes up from time-to-time (see here for example) and the answer depends on the context. For example, if you’re building a screen sharing product and you want to prevent the user shooting themselves in the foot then, honestly, I wouldn’t worry about it. However, I suspect that you’re building a security product, in which case the answer is that you should design your product to ‘fail secure’. Presumably your daemon needs the agent to be running to perform certain activities on behalf of the user. If the agent goes away, just start denying those activities.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"