Insecure startup item disabled

As a follow-up to my post about startup items, I want to point out that a Startup Item must have proper permissions or it will be disabled at startup with the following message:

The error message saying a startup item has been disabled

In my case, the files under /Library/StartupItems/MyApache still belonged to me instead of root:wheel.

Fixed with a simple:

mbp:StartupItems florent$ sudo chown -Rv root:wheel /Library/StartupItems/MyApache/

It also appears that StartupItems permissions need to be set to 755 (executable/script file) and 644 (plist file) respectively.

Startup Items: launch services at boot

This post is a follow-up on the setup of your own Apache web server (although the technique can be used to start about anything of course).

Unlike classical Linuces that stock programs to launch at boot in a /etc/init.d folder for example; OS X uses a mechanism called Startup Items. These items can be found in /Library/StartupItems/, ~/Library/StartupItems and /System/Library/StartupItems.

One particular strength of the Startup Items is that you can specify in which order to launch them.

Let’s say I’ll make a startup item called MyApache. I’ll start by create the folder:

mbp:~ florent$ sudo mkdir /Library/StartupItems/MyApache

This folder will contain at least two files: an executable script called MyApache, and a file called StartupParameters.plist.

The script will be called at startup and shutdown, and will look like this:

#!/bin/sh

## Apache Web Server ; custom install ##

. /etc/rc.common
StartService (){
    ConsoleMessage "Starting Apache"
    /usr/local/apache2/bin/launchctl start
}

StopService (){
    ConsoleMessage "Stopping Apache"
    /usr/local/apache2/bin/launchctl stop
}

RestartService (){
    ConsoleMessage "Restarting Apache"
    /usr/local/apache2/bin/launchctl restart
}

RunService "$1"

The StartupParameters.plist file will contain data about the information to launch. It’s an XML file that will look like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Description</key>
    <string>My own Apache webserver</string>
    <key>Messages</key>
    <dict>
        <key>start</key>
        <string>Starting my Apache</string>
        <key>stop</key>
        <string>Stopping my Apache</string>
    </dict>
    <key>Preference</key>
    <string>Late</string>
    <key>Provides</key>
    <array>
        <string>MyApache</string>
    </array>
    <key>Requires</key>
    <array>
        <string>Network</string>
    </array>
    <key>Uses</key>
    <array>
        <string>Disks</string>
    </array>
</dict>
</plist>

We can see that Apache Requires the networks to be up, and will use Disks.

Let’s imagine I want to launch my Apache after my Jabber server for some reason. I’ll just create a StartupItem called “Jabber”, the same way as we just did, then add the following line to MyApache’s StartupParameters.plist “Requires” section:

                <string>Jabber</string>

Now at startup, OS X will launch Jabber and wait until it’s up and running before launching Apache.