Whenever I'm logged in as a certain user and trigger a shutdown or restart, I get prompted to enable FileVault. - I have searched everywhere to find the hook that causes this prompt, but I can't find it. - I've searched all the LaunchDaemon and LaunchAgent directories I can find. - I've reviewed the output of launchctl find. - I've done other things in the past as well but I don't remember them all. - I have upgraded my computer and transferred my user account multiple times since this started happening. It seems to stick to my user account. - I believe this might have come from Symantec Endpoint Encryption that was installed by my employer many years ago. But I've also tried all the uninstaller techniques I can find for that. It appears after all the desktop stuff has gone away. Any ideas for where else I can look for a hook that might trigger this? Update: **FileVault** is not currently enabled on the disk and I do not want to enable it. ![Screenshot of the FileVault dialog box saying 'To add this user to FileVault, enter the password for 'cquenell.'' ][1]

I want to run a script based on one line in launchctl list output. I know there are ways to simplify this output using awk sed grep etc. The question is, is there a native or non-native tool for parsing this output? (It would be helpful if I just knew the name of the output format so I could do a search for that) launchctl list outputs in this format:

% sudo launchctl list com.privateinternetaccess.vpn.daemon 
Password:
{
	"LimitLoadToSessionType" = "System";
	"Label" = "com.privateinternetaccess.vpn.daemon";
	"OnDemand" = false;
	"LastExitStatus" = 0;
	"PID" = 35114;
	"Program" = "/Applications/Private Internet Access.app/Contents/MacOS/pia-daemon";
	"ProgramArguments" = (
		"/Applications/Private Internet Access.app/Contents/MacOS/pia-daemon";
	);
};

Essentially this is a semi-colon delimited list inside of curly brackets - sorry don't know the name of this output format. Right now I am getting by with these commands to get the PID, but as stated I would like to use tools specifically for this output format if they exist.

% sudo launchctl list com.privateinternetaccess.vpn.daemon  | grep PID | egrep -o  -e '[0-9]{1,}'
35114

My intention is to run a script based on whether this daemon is currently active or not. My initial thought was to get the PID and use that to determine if it was running as I understand a running daemon has a PID and otherwise it does not. Using an if...fi statement should do the trick.

Right up until a week ago, my simple Applescript that had to simply click on a specific coordinate on screen just stopped working. Here is the Applescript: tell application "System Events" click at {693, 619} end tell And I automate it's trigger at a specific time of day with the help of osascript (recommended for Applescripts) using the following plist file. Label com.mouseclick.plist ProgramArguments /usr/bin/osascript /Users/mugenvoid/Downloads/mouseclick.scpt StartCalendarInterval Hour 6 Minute 10 I've added this plist file to the LaunchDaemons folder of my core Library folder. This will ensure it's a global daemon, so it should have the highest chance of always triggering correctly. Beyond that, I've given all the relevant access and permissions (Accessibility, Automation, disk access etc) for this setup to work correctly. To ensure the job is loaded correctly and functional, I use an application called Launchcontrol 2. Over there, it is always loaded in correctly and the status shows as OK. Despite all these checks and balances, the script just doesn't click on the specific coordinate no more. It was always working perfectly fine up until a week ago and I haven't made any changes whatsoever to this whole setup. The Launchcontrol 2 application has some launchd(8) logs of the job trigger event at the designated time that I would like to share. Perhaps it will help with the debugging. Here it is: 2024-10-22 06:10:03.808584 internal event: WILL_SPAWN, code = 0 2024-10-22 06:10:03.808688 service state: spawn scheduled 2024-10-22 06:10:03.808692 service state: spawning 2024-10-22 06:10:03.808727 launching: xpc event 2024-10-22 06:10:03.810543 xpcproxy spawned with pid 28683 2024-10-22 06:10:03.810593 internal event: SPAWNED, code = 0 2024-10-22 06:10:03.810599 service state: xpcproxy 2024-10-22 06:10:03.810718 internal event: SOURCE_ATTACH, code = 0 2024-10-22 06:10:03.827675 service state: running 2024-10-22 06:10:03.827703 internal event: INIT, code = 0 2024-10-22 06:10:03.827709 job state = running 2024-10-22 06:10:03.827726 Successfully spawned osascript because xpc event 2024-10-22 06:10:10.104597 exited due to exit(0), ran for 6293ms 2024-10-22 06:10:10.104617 service state: exited 2024-10-22 06:10:10.104630 internal event: EXITED, code = 0 2024-10-22 06:10:10.104633 job state = exited 2024-10-22 06:10:10.104665 service inactive: com.mouseclick.plist 2024-10-22 06:10:10.104681 service state: not running To the best of my knowledge, I've checked everything possible from my end and am still faced with this roadblock. I'd really appreciate your support here! Condensed view of what I've tried so far: - Under the Privacy & Security settings section, I enabled Accessibility for osascript, launchcontrol and the script editors I've used for the Applescript and the plist file. See image attached below. - Under the Privacy & Security settings section, under Automation, the requisite access has been given to Osascript and relevant applications. See image attached below. - Ensured the job is loaded correctly with no errors and that it is loaded in as a global daemon (by adding the plist file to the LaunchDaemons foler in my core Library folder). See image attached below. - Verified the script file and plist file and found no syntax errors (code used for both has been shared above). - Ran the script file from the Script Editor itself to confirm if it's working fine and got the following results. See image attached below.

Since Yosemite and in every later operating system OS X/macOS runs **coreduetd** from /usr/libexec/coreduetd with the bundle-id com.apple.coreduetd.osx in the background. - What exactly is this process doing? - On which hardware does this run (i.e.: is its functionality supported)? - Can it be disabled? - How can it be disabled? - Should it be disabled? - What are the (potential) side effects of it being disabled (dependencies)? This question should not be read as a YX-Problem but an attempt to eventually add to the list of canonical questions.

I'm using The Pritunl VPN software for one of my Mac's user accounts. The software installer creates a system LaunchDaemon found under /Library/LaunchDaemons called com.pritunl.service.plist Unfortunately this service remains active when I log out from the user profile it's intended for, causing the VPN connection to also remain active for different user accounts. What I would like to do is to remove this service from the /system/ and add it as a /user/username startup service. My intention is for the service to be started whenever I log in with the specific user and for it to stop whenever the user is logged out. What I've tried to do so far is to unload the system service, remove the .plist from the system directory /Library/LaunchDaemons and to move it to the user directory ~/Library/LaunchAgents after which I attempted loading and registering it for the specific user account. I've not yet succeeded in performing these steps correctly as the user account in question does not have root access.

Label
	com.pritunl.service
	ProgramArguments
	
		/Applications/Pritunl.app/Contents/Resources/pritunl-service
	
	KeepAlive
	
	Umask
	0

sudo launchctl list com.pritunl.service
{
	"LimitLoadToSessionType" = "System";
	"Label" = "com.pritunl.service";
	"OnDemand" = false;
	"LastExitStatus" = 0;
	"PID" = XXXX;
	"Program" = "/Applications/Pritunl.app/Contents/Resources/pritunl-service";
	"ProgramArguments" = (
		"/Applications/Pritunl.app/Contents/Resources/pritunl-service";
	);
};

Reference material I've used: https://rakhesh.com/mac/macos-launchctl-commands/ When trying to learn more about LimitLoadToSessionType I've only managed to find this archived older documentation. https://developer.apple.com/library/archive/technotes/tn2083/_index.html Trying to find it on the current documentation page hasn't resulted in what I'm looking for. https://developer.apple.com/search/?q=LimitLoadToSessionType I've found this excellent post detailing a lot of related subjects. https://apple.stackexchange.com/questions/366281/launchd-confusion-on-semantics-of-bootstrap-and-bootout-etc-after-reading-manu

When I try to load a self-created LaunchDaemon using

sudo launchctl bootstrap system /Library/LaunchDaemons/local.setup-network.plist

I get the following error

Bootstrap failed: 5: Input/output error

And I don't know what is wrong. My plist looks like this:

label
        local.setup-network

		ProgramArguments
        
			/Library/Scripts/setup-network.sh
        

    	RunAtLoad

The plist is well formed

# plutil -lint /Library/LaunchDaemons/local.setup-network.plist
/Library/LaunchDaemons/local.setup-network.plist: OK

I checked all file permissions and they all look fine to me. The console application shows no errors either.

I'm trying use launchctl run a small program, but have not been able to consistently target system. What appears to be happening is target gui, then target system, try to target system, it'll give this error:

Bootstrap failed: 5: Input/output error

So I run this, which works

sudo launchctl bootstrap gui/$(id -u) /Library/LaunchDaemons/com.skl.cron.plist

Then I boot out of it

sudo launchctl bootout gui/$(id -u) /Library/LaunchDaemons/com.skl.cron.plist

Then try to bootstrap system, as below, it'll throw the bootstrap failed error.

sudo launchctl bootstrap system /Library/LaunchDaemons/com.skl.cron.plist

I was only able to target system (with the same set of commands) and have the program to run after some time passed, which almost suggests that launchctl is keeping some kind of cache that prevents developers from targeting system after they've targeted as gui. This is my plist file, stored in /Library/LaunchDaemons/

Label
    com.skl.cron
    ProgramArguments
    
        /opt/homebrew/bin/python3.11
        -m
        sklcron.program
    
    EnvironmentVariables
    
        HOME
        /Users/ron
    
    UserName
    ron
    StandardOutPath
    /Users/ron/.sklcron/daemon/stdout.log
    StandardErrorPath
    /Users/ron/.sklcron/daemon/stderr.log

I'd like to target system and I'm currently getting the error. It was working yesterday until I switched service target to today for debugging and have not been able to target system since.

I have recently had to start using Global Protect VPN on my Mac. It has a dark pattern of auto-loading on startup in a very intrusive way (popping up VPN login window). Meanwhile it isn't even listed in "Login items", making it impossible to disable from there. To top it off, Global Protect starts up immediately after I kill the process. I want it to _only_ start when I ask it to, and be able to kill it again after I no longer need it. How can I tame this undesired start and continually running application on macOS?

I have mongod running in the background, installed through homebrew. I've updated to macOS 13.1 yesterday and now mongod fails to start. The launchd sys log shows the following error:

2022-12-14 09:50:42.208654  xpcproxy exited due to OS_REASON_CODESIGNING | Launch Constraint Violation, error info: cpme, (cdhash) launch type 0, failure proc [vc: 0]: /usr/local/Cellar/mongodb-community/5.0.4/bin/mongod
2022-12-14 09:50:42.208663  removing service since it exited with consistent failure - OS_REASON_CODESIGNING | Launch Constraint Violation, error info: cpme, (cdhash) launch type 0, failure proc [vc: 0]: /usr/local/Cellar/mongodb-community/5.0.4/bin/mongod
2022-12-14 09:50:42.208666  exited with exit reason (namespace: 3 code: 0x4) - OS_REASON_CODESIGNING | Launch Constraint Violation, error info: cpme, (cdhash) launch type 0, failure proc [vc: 0]: /usr/local/Cellar/mongodb-community/5.0.4/bin/mongod

Running the command manually works fine, so it is a problem with launchd trying to run the command. How can I 'sign' the binary that I've installed a long time ago?

The ptpcamerad process is preventing a python script from accessing a connected DSLR by not allowing use of the usb ports. I would like to know how to suspend or kill the process without it immediately respawning. I have tried: 1. Quit/Force Quit in Activity monitor (immediately respawns; cannot quit the owning process, as it is owned by launchd) 2. sudo kill [PID] (immediately appears with new PID; also respawns with -9) 3. launchctl disable gui/$(id -u)/com.apple.ptpcamerad (does nothing) How can I stop this process from constantly respawning and preventing access to usb-connected cameras? MacOs 13.3.1 (a) MacBookAir M1

>Why does setting the hard-limit for maxfiles to "unlimited" using launchctl limit result in a hard-limit slightly above the soft-limit? By setting the maxfiles limit using launchctl to launchctl limit maxfiles 10000 unlimited, I get the following result: nlykkei-mbp:~ nlykkei$ launchctl limit maxfiles maxfiles 10000 10240 Initially, after the system has booted, hard-limit is set to "unlimited", so why can't I set the same hard-limit by setting it manually?

I ran the following command: launchctl load -w /Library/LaunchAgents/...plist The plist file has the following values: KeepAlive StandardErrorPath /dev/null StandardOutPath /dev/null LimitLoadToSessionType Aqua ProcessType Interactive When I run: sudo launchctl bootstrap gui/501 /Library/LaunchAgents/...plist` I got /Applications/...app/Contents/scripts/...plist: Service is disabled And then I ran: launchctl load -w /Library/LaunchAgents/...plist with the error: Service cannot load in requested session

I've built a simple Python script that tries to discover my Sonos speakers via mDNS/UPnP/Bonjour and set some music sources to them. This is done using the [soco](https://soco.readthedocs.io/en/latest/getting_started.html) lib. The script works well when started on the shell. Starting it from a LaunchAgent (same machine, same user), it can't find the speakers.

import soco
from soco import discovery

found_speakers = discovery.discover(timeout=30)

Label
        sonos
        ProgramArguments
        
                /usr/local/bin/poetry
                run
                sonos-sanitizer
        
        RunAtLoad
        
        StandardErrorPath
        /var/log/sonos/sonos.stderr
        StandardOutPath
        /var/log/sonos/sonos.stdout
        StartCalendarInterval
        
                Hour
                5
                Minute
                35
        
        WorkingDirectory
        /Users/xxx/Code/sonos_sanitzer

I'm a bit puzzled as of why it doesn't seem to get network access when run via LaunchAgent. I've even extended the discovery timeout to 30 seconds. System is macOS 15 Sequoia. Caveat: The Mac is connected to multiple networks using VLANs.

According to the man page of launchctl, there is an export command: export Export all of the environment variables of launchd for use in a shell eval statement. However, when I try to use this command, I get the following message. Unrecognized subcommand: export Usage: launchctl ... | help [subcommand] What's going on here? Did the command exist at some point, but was removed for some reason, and someone forgot to update the man page?

I'm trying to create a LaunchDaemon that runs a script when a USB-C or Thunderbolt dock is connected. I've found several solutions to run a script when a *specific* device is connected. But I need a solution that runs a script when *any* dock is connected. As virtually all docks include a USB Hub, I tried to identify those and include them in a LauchDeamon: No luck. Then I looked into just triggering a script on any USB device like this: LaunchEvents com.apple.iokit.matching com.apple.device-attach IOProviderClass IOUSBHostDevice IOMatchLaunchStream IOMatchStream (Not the complete files) Basically the same approach I've found for specific devices, but removing the device identifiers. Also no luck. I've found *EventScript* . This application can run a script when a USB device is attached. But I prefer a solution that leverages macOS built-in tools/capabilities.

xxx Hello, all. I have a launchagent that I've been using for well over 10 years. Once a week it cleans up my desktop, moving any files it finds to a "Desktop_Archive" folder. Unfortunately, while the script still runs fine when I execute it by hand, when it is run by launchd it does not see any files on my Desktop, no matter how many there actually are?!? At first I thought this was a permissions issue, but adding a "who am i" to the script confirms that it is run as me. **Even more strangely, if I kickstart the script but I change the target to a different directory, it also runs fine.** Any ideas? As far as I can tell, launchd is unable to see any files in ~/Desktop even though it should be running with my own permissions. For example:

$ launchctl kickstart gui/501/com.pdc.test_agent

Produces:

who am i: pdc                  Apr  8 19:25
ls /Users/pdc/Desktop:

Looking at the console, I found:

error	09:27:51.586719-0400	kernel	System Policy: ls(53142) deny(1) file-read-data /Users/michaelheinz/Desktop
error	09:27:51.588784-0400	kernel	3 duplicate reports for System Policy: ls(53142) deny(1) file-read-data /Users/michaelheinz/Desktop

However, as I said above, the script runs correctly if I run it by hand and the agent runs correctly if it is pointed at folders that aren't shared via iCloud. Any ideas on how to get this working again?

I use [syncthing](https://syncthing.net/) for backups and data sync. In Linux, I run it via a systemd hardened unit, restricting what directories the process can read, access to privileged kernel ops and, most important, I restrict TCP/UDP traffic to a particular subnet, to ensure no data egress happens. I'm installing it on a Mac laptop via Brew which uses launchd to run it, the file is this one:

KeepAlive
	
	Label
	homebrew.mxcl.syncthing
	LimitLoadToSessionType
	
		Aqua
		Background
		LoginWindow
		StandardIO
		System
	
	ProgramArguments
	
		/opt/homebrew/opt/syncthing/bin/syncthing
		-no-browser
		-no-restart
	
	RunAtLoad
	
	StandardErrorPath
	/opt/homebrew/var/log/syncthing.log
	StandardOutPath
	/opt/homebrew/var/log/syncthing.log

I've done some research and I could not found a way to harden security. I can live without data and privileged access restrictions, but I'd like to ensure no data egress happens. Is this possible? Note: tried sandbox-exec, but it does not support IP addresses (error: sandbox-exec: host must be * or localhost in network address)

I want to run oxipng *.png in /Users/user/Desktop/ immediately after a PNG screenshot (Cmd-Shift-3) is created in my Desktop folder. I have the following plist file in ~/Library/LaunchAgents/ :

Label
    oxipng
    ProgramArguments
    
        oxipng
        *.png
    
    WatchPaths
    
        /Users/user/Desktop/

Then, I run launchctl load ~/Library/LaunchAgents/oxipng.plist. However, the PNG are never modified after creation. ----- How do I make oxipng run after a screenshot is saved to the Desktop folder?

I would like to make periodic backups using rsnapshot on my MacBook. However, as it is a laptop, it will only be powered on at random times. Thus, scheduled tasks might be missed while it is powered off. A solution for this would be anacron which does not seem to be available on macOS though. Apparently macOS' native launchd service is not capable of scheduling jobs in the manner of anacron. Here it says: > If you schedule a launchd job by setting the StartCalendarInterval key > and the computer is asleep when the job should have run, your job will > run when the computer wakes up. However, if the machine is off when > the job should have run, the job does not execute until the next > designated time occurs. All other launchd jobs are skipped when the > computer is turned off or asleep; they will not run until the next > designated time occurs. If my monthly rsnapshot backup is, for example, scheduled for the first day of every month but the laptop is powered off that day, that would mean I lack that backup and only get the next one a whole month later. Is there any workaround to this? Perhaps linking the launchd schedule with some conditional commands in a bash script? The only idea I had to solve this was to schedule the launchd job for every single day at a specific time and execute a script which: 1. Checks a timestamp log file if a successful backup has run this month 2. If yes --> exit, if no --> run backup 3. If backup successful --> add timestamp to that file Though that seems unnecessarily complex in comparison to anacron jobs that you can create on Unix systems.

I have created a daemon that runs at system startup, and has root privileges; call it a 'system daemon'. I have created this daemon using [the LaunchControl app](https://soma-zone.com/LaunchControl/) . This daemon runs a bash script once per day that monitors an off-site resource, and I would like to have it send a Notification to my "regular user" account on my Mac. Here is a simplified version of the script:

#!/opt/local/bin/bash

PATH=/opt/local/libexec/gnubin:/opt/local/bin:$PATH

osascript -e 'display notification "** This is only a test **" with title "NOTICE of Notification"'

touch /Users/seamus/Desktop/NOTICEOFNOTHING.TXT

I added the touch command to verify the daemon & script are actually working. I do see the file created on my Desktop, but I get ***no Notification***. I've done some research using the term *'macos osascript post "notification" to specified user'*, and related terms - but I am not turning up anything useful. I don't actually know that it is possible to do this as I'm attempting to do it, but it certainly seems like a reasonable use of the Notifications facility! I suppose I could create a "User Agent" in LaunchControl to check for the presence of the file created by the "system daemon", but that seems such a kludge for a modern OS. Also - it's been suggested elsewhere that posting a Notification to a user from a system daemon is *somehow* a "security issue"?! But it is unclear how posting a user Notification can be a security issue when the root user can log a regular user off - or even render the entire system unusable. And so my question: Can someone tell me how to issue a notification to a regular user from a "system daemon"?