问题描述
我试图从以root用户身份运行的启动守护程序中运行pluginkit(管理OS X上的扩展程序的可执行文件).
I'm trying to run pluginkit (The executable that manages extensions on OS X) from a launch daemon running as root.
/usr/bin/pluginkit -m -i "<identifier>"失败,输出为match: Connection invalid.这并不是非常意外的事情,因为扩展设置是根据每个用户来处理的.
/usr/bin/pluginkit -m -i "<identifier>" fails with an output of match: Connection invalid. This is not terribly unexpected, since extension settings are handled on a per-user basis.
但是,我尝试使用su作为普通用户运行pluginkit,但仍然无法正常工作.
However, I've tried to use su to run pluginkit as a normal user, and it still doesn't work.
su <username> -l -c "/usr/bin/pluginkit -m -i "<identifier>"也失败,输出为match: Connection invalid.
在某种程度上,pluginkit所运行的环境与普通用户仍然存在很大差异,因此无法正常工作.无论如何,以root身份运行pluginkit?还是有其他方法可以以另一个用户身份启动一个流程,而该流程可能会提供更完整的环境?
Somehow the environment that pluginkit is running in is still different enough from a normal user that it doesn't work properly. Is there anyway to run pluginkit as root? Or is there any other way to launch a process as another user that might provide a more complete environment?
我正在使用用Swift编写的命令行工具对此进行测试:
I'm testing this with a command line tool written in Swift:
main.swift
import Foundation
let task = NSTask()
// Option 1: Run pluginkit directly
task.launchPath="/usr/bin/pluginkit"
task.arguments = ["-m", "-i", "com.example.findersyncext"]
// Option 2: Run pluginkit as <username> using 'su'
//task.launchPath="/usr/bin/su"
//task.arguments = ["<username>", "-l", "-c", "/usr/bin/pluginkit -m -i \"com.example.findersyncext\""]
// Option 3: Run pluginkit as <username> using 'sudo'
//task.launchPath="/usr/bin/sudo"
//task.arguments = ["-u", "<username>", "/usr/bin/pluginkit", "-m", "-i", "com.example.findersyncext"]
task.standardOutput = NSPipe()
task.standardError = NSPipe()
task.launch()
task.waitUntilExit()
NSLog("Exit code: \(task.terminationStatus)")
let output = NSString(data: (task.standardOutput!.fileHandleForReading.readDataToEndOfFile()), encoding: NSUTF8StringEncoding)
NSLog("Output: \(output)")
let error = NSString(data: (task.standardError!.fileHandleForReading.readDataToEndOfFile()), encoding: NSUTF8StringEncoding)
NSLog("Error: \(error)")
/Library/LaunchDaemons/com.example.PluginKitTest.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.example.PluginKitTest</string>
<key>Program</key>
<string>/path/to/PluginKitTest</string>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/Users/<username>/Desktop/pluginkit-error.log</string>
<key>StandardOutPath</key>
<string>/Users/<username>/Desktop/pluginkit-out.log</string>
</dict>
</plist>
推荐答案
事实证明,还有su命令未设置的其他用户上下文,需要使用命令launchctl asuser进行设置.因此,我能够通过更新命令来调用launchctl asuser和su来更新上下文的所有方面来解决我的问题:
It turns out that there is additional user context that is not set by the su command, that needs to be set by using the command launchctl asuser. So, I was able to solve my problem by updating my command to invoke both launchctl asuser and su to update all aspects of the context:
launchctl asuser $USER_UID su $USER_UID -c "<command>"
根据launchctl asuser的文档:
我对这些概念还不太熟悉,无法确切地告诉您它们的作用,但是足以使pluginkit正常工作.
I'm not familiar enough with these concepts to tell you exactly what these do, but it was enough to get pluginkit working.
这篇关于是否可以从以root用户身份运行的进程中运行pluginkit?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!