Performing a task in the "middle" of a log-in and log-out process possible?
Performing a task in the "middle" of a log-in and log-out process possible?
- Subject: Performing a task in the "middle" of a log-in and log-out process possible?
- From: Markus Hanauska <email@hidden>
- Date: Wed, 4 Mar 2009 13:01:14 +0100
== Situation:
We have a user agent, that is started by launchd as soon as a user
logs in. It then reads a preference file (~/Library/Preferences) and
keeps the data cached in memory. While running, it constantly updates
information in that file. The file is asynchronously written back to
disk every now and then. When the user logs out, it receives a
SIGTERM, updates the plist one last time, makes sure it's written to
disk immediately and quits. So the preferences are read as soon as the
process starts and they might change up to the very last second, till
the process quits. This file should be kept in sync across multiple
Macs.
== The Problems:
1) To make sure the latest state of these preferences are backed-up,
the back up must happen after this process has quit. Only then the
pref file will really contain the latest changes. However every other
user space process will be quit if the user logs out, first with a
SIGTERM, then with a SIGKILL if it refuses to quit.
2) If this is a UI process, it can prevent the log out from taking
place by refusing to quit, but then the agent process might never get
killed in the first place and the pref file may not be up-to-date.
3) A root process running constantly in the background can notice if a
user logs out, but it cannot necessarily access the file after log
out. The user may have a FileVault, so access to the file after logout
is impossible unless the process knows the mount password of the
FileVault (insecure!). The user also may have a network home. Root
processes cannot access data over networks in the first place.
4) The user may actually not log out, he may select to shutdown/
restart the system, in that case the root process also only would have
a very limited time to sync the file. Since a sync can take
arbitrarily long, it may get killed before it had a chance to really
syn anything.
5) How can the pref file, that may have been back-up'ed (assuming
problems 1 to 4 can be solved) to an external storage (e.g. an USB
stick) be synced back to disk before the user logs in on the other
Mac? If it is synced "after" the user logged in, the agent is already
running, it has already read the pref file. Overwriting this file with
new data will fail, as the changes won't be noticed by the already
running agent.
== The Solution that would work:
Issues 1 to 4 could be solved if there was a way to run a program
similar like the compacting FileVault process. This process can run
after the user has already logged out and it can delay a shutdown/
reboot till its operation completes... of course if the FileVault/
Network Home has already been unmounted, this won't work. Issue 5
could be solved if a process could be run after the user has logged
in, but before any other user processes have been started.
To describe that in more detail, the login process looks like that:
1) The user logs in
2) If this is a FileVault or Network Home user, the home directory is
mounted (either from the local FileVault DMG or via the network)
3) launchd starts the login agents for this user
4) Login Items of the user are started
5) The user gains control
Here we'd need a step between 2 and 3. The user home is ready to be
accessed by processes belonging to the user and a process is started
that can delay step 3 till it is done with whatever operation it needs
to perform.
The logout process looks like that:
1) The user logs out (or issues a shutdown/reboot)
2) All applications of the users are quit
3) All launchd agents of the user are quit/killed
4) If this is a FileVault or Network Home user, the home directory is
unmounted
5) Either the login screen is started again or the system shuts down
(possibly reboots after shutdown)
Here we'd need a step between 3 and 4, so all processes (maybe except
launchd) are already quit, the user has no control anymore, but we can
still start a process belonging to this user to perform operations
before step 4 and we can delay step 4 and 5 till it is done with
whatever operation it needs to perform.
== The Question:
Does anything like this exist? Can it be done without hacking the
system to shrimps?
And if this is not the right mailing list for asking such a question,
what is the right mailing list?
--
Kindest regards,
Markus
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden