First, I come from Linux so there are many things which confuse me such as daemons.
I installed VOX.app and it has some kind of agents and cloud-related processes which can be started automatically. There is no option in the VOX UI which can disable them. I tried the following to remove those daemons:
launchctl remove com.coppertino.VOXCloud launchctl remove com.coppertino.VOXAgent
The above commands are weird already because I didn't need to use sudo
. The most weird part is what I did is apparently useless since everytime I launch VOX.app, it can create them again and again. This is just crazy.
If this is the security model of macOS how can I understand things and perhaps control for this?
Best Answer
The general security model is that normal users can add any startup items to their realm (user library for them) and not for the system, so don’t let people have admin accounts if you don’t trust them to not run software that installer system level startup items.
There is no easy way to stop an admin user from changing the system. You can enforce gatekeeper or signed apps, but most admin users can bypass that setting so at best, you slow down an uneducated admin user for a bit.
Per-user and Computer Wide Jobs
On macOS, launchd can manage background processes per-user and computer wide.
Per-user jobs exist within your user session. They start and stop with your logging in and out of the computer. If the jobs have associated job tickets, you will find them with the folder
~/Library/LaunchAgents
and~/Library/LaunchDaemons
Computer wide jobs start and stop with the computer. These jobs are stored in
/Library/LaunchAgents
and/Library/LaunchDaemons
.Computer wide jobs managed by Apple are stored in
/System/Library/LaunchAgents
and/System/Library/LaunchDaemons
.Per-user jobs do not need super user permission. Thus you did not need
sudo
to stop jobs installed at the user level byvox.app
.Disabling a
launchd
jobYou can unload a launchd job to block it returning:
The
-w
causes the unload to be written to disk and to persist across sessions.For more about stopping, unloading, and overriding jobs see: