On 27 Jun 2012, at 17:45, Chris Waldrip wrote:

On Jun 27, 2012, at 10:28 AM, Harald Wagener wrote:

...

LaunchAgents run in user context. Move your launchd job to /Library/LaunchDaemons to get it run as root.

I'd read and understood that /System/Library/Launch* allowed for processes to be run as root, regardless of the user context (hence why OS level processes are started from there), where /Library/Launch* would run based on the user context. But I tested your suggestion, and got my normal errors...

No. LaunchAgents run with user permissions. LaunchDaemons run with root permissions. That's why Harald said to move it to /Library/LaunchDaemons. /System/Library/LaunchDaemons is intended for daemons provided by Apple. Third-party launch daemons (like yours) should go in /Library/LaunchDaemons. http://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSys...

The portion of the script that is the upgrade function at the moment...

#Check spupload version number, and download and install the latest update if it's newer remoteVersion=$(curl -s http://my.server.com/profiles/version.html) if [ "$spuploadVersion" -lt "$remoteVersion" ] then cd /tmp/ curl -C - -O http://my.server.com/profiles/latest.zip unzip -d latest latest.zip mv -f latest/com.spupload.plist /System/Library/LaunchAgents/ chmod 644 /System/Library/LaunchAgents/com.cnn.spupload.plist mv -f latest/spupload.sh /usr/local/sbin/ launchctl load /System/Library/LaunchAgents/com.cnn.spupload.plist rm -rf latest* exit fi

You are opening the system to attack by not using SSL to verify the authenticity of the updates server. Anyone on the network can intercept your request to my.server.com and send it to their own server which then gives your launch daemon a malicious payload to install as root. David B. _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com