Load or Reload a LaunchAgent from installer script

Apple has some restrictions in place to prevent access to LaunchAgents running in a user session context.

But you may want to load or refresh a LaunchAgent as part of your install without requiring the user to log out and back in.

I prefer not to require logouts and reboots in my installation packages.  Where possible, I use munki’s unattended option so software installs silently and the user is not prompted.

After some experimentation, I came up with this hacky method of getting a LaunchAgent to load from a package being installed as root.  If you have a cleaner way to accomplish this, please let me know.  Update: Please see Per Olofsson’s comment for a much better method until I update this gist.


7 Comments on “Load or Reload a LaunchAgent from installer script”

  1. Patrick Fergus says:

    Try this syntax (split into multiple lines for clarity):

    loginWindowPid=`ps auwwx | grep [l]oginwindow | awk ‘{ print $2 }’`
    loggedInUser=`ps auwwx | grep [l]oginwindow | awk ‘{ print $1 }’`
    launchctl bsexec $loginWindowPid sudo -u $loggedInUser launchctl load /the/job.plist

  2. Patrick Fergus says:

    More complete:

    loggedInUser=`who | grep console | awk ‘{ print $1 }’`
    if [ ! -z $loggedInUser ]
    launchctl bsexec `ps auwwx | grep [l]oginwindow | awk ‘{ print $2 }’` sudo -u $loggedInUser launchctl load /Library/LaunchAgents/com.company.agent.plist

  3. […] Crawford has an interesting post that covers reloading LaunchAgents while a user is logged in without requiring them to take action […]

  4. Per Olofsson says:

    You’re on the right track, but you should also handle multiple login sessions. Quinn the Eskimo lays it out pretty clearly here:


    I’ve adapted it in my package creation scripts here:


    To unload before loading I just call launchctl bsexec twice.

    • Patrick Fergus says:

      @Per: I found that exact post when I was researching how to do this a few months ago, but could never get the syntax right. The above was suggested by our software management vendor, but I probably should revisit it.

    • Kyle Crawford says:

      Thanks for this Per. Sorry for the delayed reply :)

  5. Chris says:

    I have success and trouble trying to get this kind of thing working in my postflight scripts and I’d say this is the only method that fully works.
    The others have issues actually being in the user context (although it appears to be in there and works for many applications) – no access to keychain, no Kerberos ticket information, perhaps anything security related.
    So, thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 30 other followers