I'm trying to setup a TeamCity Build Agent on a Mac Mini Server running 10.7.3. I have successfully got it running and building but only if I login and launch the process manually.
We'd prefer to have the process kick off at startup which appears to be easily done by putting a plist file in the /Library/LaunchDaemon folder. Unfortunately this doesn't work for us as the process fires off as root rather than as our specified user. We really would prefer to keep things constrained to the user's folder and moreover need access to a keychain to handle the iOS code signing mechanics. Unfortunately, using ~/Library/LaunchAgents doesn't work as that seems to require someone visit the terminal and login — this needs to kick off from boot and stay running when the user is logged out.
Is there a way to launch a process as a specified user on boot?
Best Answer
You can easily run as another user with
sudo -u
like so:Just change 'jsmith' to the appropriate short user name, and then save that as a script somewhere, and call from /Library/LaunchDaemons
Remember that all files in /Library/LaunchDaemons must be owned by root to be run.
(I think this is what bmike was suggesting)
Another option
However, I wrote up a HOWTO for making auto-login more secure:
Terminally Geeky: use automatic login more securely
The executive summary is this:
What it does:
As soon as you login, launchd will throw you back to the login screen using:
Note that is all one long line.
Considering that someone with physical access to your computer has a lot of potential exploits, I consider this relatively safe, but of course everyone has to make their own determination. I run this in my small office, but my iMac is in my private office which I can lock when I'm not there.
Also note that automatic login doesn't work with FileVault 2.