MacOS Launchd – Modifying a Launch Daemon Permanently under OS X El Capitan

launchdmacosplistsip

I modified the default org.postfix.master.plist of postfix to run as a daemon, so it can send me e-mail whenever a local user receives a mail.

Default:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>org.postfix.master</string>
    <key>Program</key>
    <string>/usr/libexec/postfix/master</string>
    <key>ProgramArguments</key>
    <array>
        <string>master</string>
        <string>-e</string>
        <string>60</string>
    </array>
    <key>QueueDirectories</key>
    <array>
        <string>/var/spool/postfix/maildrop</string>
    </array>
    <key>AbandonProcessGroup</key>
    <true/>
</dict>
</plist>

Modified:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>KeepAlive</key>
        <true/>
        <key>Label</key>
        <string>org.postfix.master</string>
        <key>Program</key>
        <string>/usr/libexec/postfix/master</string>
        <key>ProgramArguments</key>
        <array>
                <string>master</string>
        </array>
        <key>QueueDirectories</key>
        <array>
                <string>/var/spool/postfix/maildrop</string>
        </array>
        <key>AbandonProcessGroup</key>
        <true/>
</dict>
</plist>

However this file is under /System/Library/LaunchDaemons/ so I had to disable SIP temporarily to modify the file. I read that after the next OS Update all my changes will be gone because of SIP. What can I do to make this permanent? Can I put my Launch Daemon under /Library/LaunchDaemons as a second one?

Best Answer

I haven't had to deal with this "for real" yet, but I think the best solution is to:

  1. Copy the .plist file into /Library/LaunchDaemons.
  2. Rename it (e.g. by adding "local." to the beginning of the filename), and edit its Label value to match. If you don't change this, launchd is likely to get confused between this and the original.
  3. Make whatever other edits you need
  4. Make sure the ownership is set to root:wheel, and permissions to 644.
  5. Deactivate the original item with e.g. sudo launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist (the -w makes this permanent).
  6. Load your customized replacement with e.g. sudo launchctl load /Library/LaunchDaemons/local.org.postfix.master.plist (or just reboot).

BTW, if you do just disable SIP and modify the existing file, it won't necessarily be reverted by an OS update. But it might, and you'd have to check after every update (including security updates, etc), which is a pain.

Related Question