Local User LaunchAgent via SSH: Operation not permitted


I have a launch agent on a remote machine which runs Yosemite. The LaunchAgent is saved to ~/Library/LaunchAgents/ and I am the owner:

$ ls -l ~/Library/LaunchAgents
-rw-r--r--@ 1 me  staff  803 Jan 13 15:13 org.my.custom.plist
$ ls -l@ ~/Library/LaunchAgents/org.my.custom.plist
-rw-r--r--@ 1 me  staff  803 Jan 13 15:13 /Users/me/Library/LaunchAgents/org.my.custom.plist
    com.apple.TextEncoding   15

When logging in via SSH (as that particular user), attempting to load the file produces the following exchange:

$ launchctl load ~/Library/LaunchAgents/org.my.custom.plist
/Users/me/Library/LaunchAgents/org.my.custom.plist: Operation not permitted

Why is the operation not permitted when I'm the owner? It works fine under Sierra.

Best Answer

This appears to be an issue with the launchctl 'session' that is used for the agent and that is incorrectly inferred by the start command. The new version of launchctl has some new commands for loading agents that allow you to specify this, see here.

The following seems to work via SSH:

launchctl bootstrap gui/<UID> /Users/me/Library/LaunchAgents/org.my.custom.plist

You can then (re)start the service using

launchctl kickstart -k gui/<UID>/org.my.custom

Here <UID> is the user's UID which can be found with id -u <username>.