Well, I cracked it, it wasn't loginHooks I needed, but launchctl.
Basically, create two scripts (executable of course, you can make em root only too):
User1.sh
!/bin/bash ifconfig en0 up; ifconfig en1
down;
User2.sh
!/bin/bash ifconfig en1 up; ifconfig en0
down;
These of course make the assumption you're using an imac, en0 is the enthernet, en1 is the WiFi.
Then create a plist file (with root ownership, 644), mine was this:
User1's went in /Users/user1/Library/LaunchAgents/org.user1.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.user1.plist</string>
<key>ProgramArguments</key>
<array>
<string>/Users/user1/bin/User1.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
User2's in /Users/user2/Library/LaunchAgents/org.user2.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.user2.plist</string>
<key>ProgramArguments</key>
<array>
<string>/Users/user2/bin/User2.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
After that run
sudo launchctl load -w
/Users/user1/Library/LaunchAgents/org.user1.plist
and
sudo launchctl load -w
/Users/user2/Library/LaunchAgents/org.user2.plist
as each user.
That's it, it's quick, simple, and if you set the owner of the scripts as someone else (and on another path), it's fairly secure (not bulletproof, but that's not in my scope at the moment).
Best Answer
Even with multi-homing on iOS 7 starting to allow traffic over LTE and WiFi simultaneously, there isn't a good way to accomplish this on OS X Mavericks and lower.
I have run Link Aggregation on macs since 10.4 and it's really nice when you have a gigabit switch. You will need a switch that runs LACP and two physical ethernet ports like is typical on G4 & G5 PowerMacs days and of course the entire MacPro line. This is built into the OS X network stack and you need nothing but the hardware and a compatible ethernet switch.
Mac OS X won't show LACP as an option without two ethernet ports. I don't know of a switch that does LACP over wireless or allows mixing of wired and wireless interfaces. You might be able to trick the OS some way, but without the switch to cooperate you'll have to rewrite LACP on the switch for that to work.
It's much easier to segregate certain traffic over specific interfaces by modifying your routing table. This will allow you to send some traffic over wifi and others over the wire.
For example netflix and such could be routed over one connection if you set up a route to their network to prefer one gateway IP on the ISP you prefer. It's not feasible to tell an application to use only one interface as that has to be "baked" in to that app and not common practice. What is common practice is to use local routing tables (or routing tables on the router) to steer certain traffic to one gateway. More sophisticated routers have quality of service where you specify some metric like VOIP or video conference traffic is a priority - so when the network is overloaded in some specific, measurable way, then non critical traffic will be shaped or steered to a different route to keep the fast network clear for better responses.
These routers and the knowledge to run them do not come cheaply. I'd guess $3k us for the hardware and triple that for training and software licenses on the routers.