Launchd Group

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

Launchd Group

A launchd group is a hierarchical structure for managing CodeSonar launch daemons.

Launchd groups are securable resources.

The various LAUNCHDGROUP_* permissions control access to launchd group information. For a given role R and launchd group G, role R may have one or more of these permissions directly assigned to G, resource-inherited from a launchd group that directly or transitively contains G (provided G is not the root launchd group), or any combination of these.
Each role also has, through direct assignment and resource inheritance, a (possibly empty) set of LAUNCHD_* permissions for each launchd group G. These permissions are resource-inherited by the resources that lie under G in the Launchd Group/Launch Daemon hierarchy.
- All launchd groups directly or transitively contained in G will resource-inherit all LAUNCHDGROUP_* and LAUNCHD_* permissions that apply to G.
- All launch daemons directly or transitively contained in G will resource-inherit all LAUNCHD_* permissions that apply to G.

A launchd group is a hierarchical structure for managing CodeSonar launch daemons.

Launchd groups allow you to control access to launch daemons at a coarser granularity than a single daemon, while also providing the opportunity to impose an overall structure that reflects the trust relationships that exist within your organization's network.

The root launchd group is created when the hub is created, and cannot be deleted. Users (with sufficient permissions) can create further levels of launchd groups under the root at any time, but this is not required: some organizations will prefer to maintain a 'flat' structure where every launch daemon is a child of the root launchd group.

Name	Description
LDGroup Name	The name of the launchd group. The root launchd group is named root; its name cannot be modified.
LDGroup ID	A unique ID for the launchd group. The main place that users see the LDGroup ID is in the URL for the Launchd Group page. The root launchd group has LDGroup ID 1.
LDGroup Description	A user-specified string containing a description for the launchd group. The root launchd group has no description; its description cannot be modified.
Created	The date and time at which the launchd group was created.
Parent LDGroup	Every launchd group has exactly one parent launchd group, except for the root launchd group which has no parent.
LDGroup Path	Derived from Parent LDGroup and LDGroup Name: the full path through the launchd group inheritance hierarchy from the hub's root launchd group to this launchd group. The LDGroup Path for a launchd group is always displayed and specified as a /-separated sequence of LDGroup Name. This string can be recursively constructed for a launchd group G as follows. If G is the root launchd group, its LDGroup Path is /. Otherwise, G 's LDGroup Path is parent_path/ g_name, where parent_path is G. Parent LDGroup.LDGroup Path. t_name is G. LDGroup Name. For example, suppose we have a launchd group G whose name is Gname. If G is the root launchd group, the LDGroup Path for G is /. If G is a child of the root launchd group, the LDGroup Path for G is /Gname. If G is a child of a launchd group named Fname that is itself a child of the root launchd group, the LDGroup Path for G is /Fname/Gname.
Ancestors	Derived from Parent LDGroup: the full path through the launchd group inheritance hierarchy from the hub's root launchd group to the Parent LDGroup. The Ancestors for a launchd group are always displayed and specified as a /-separated sequence of LDGroup Name, with a leading / representing the root launchd group. This string can be recursively constructed for a launchd group G as follows. If G is the root launchd group, it has no Ancestors. Otherwise, G.Ancestors is equal to G. Parent LDGroup. LDGroup Path. For example, suppose we have a launchd group G whose parent launchd group F is named Fname. If F is the root launchd group, the Ancestors string for G is /. If F is a child of the root launchd group, the Ancestors string for G is /Fname. If F is a child of a launchd group named Ename that is itself a child of the root launchd group, the Ancestors string for G is /Ename/Fname.

Name

Description

LDGroup Name

The name of the launchd group.
The root launchd group is named root; its name cannot be modified.

LDGroup ID

A unique ID for the launchd group. The main place that users see the LDGroup ID is in the URL for the Launchd Group page.
The root launchd group has LDGroup ID 1.

LDGroup Description

A user-specified string containing a description for the launchd group.
The root launchd group has no description; its description cannot be modified.

Created

The date and time at which the launchd group was created.

Parent LDGroup

Every launchd group has exactly one parent launchd group, except for the root launchd group which has no parent.

LDGroup Path

Derived from Parent LDGroup and LDGroup Name: the full path through the launchd group inheritance hierarchy from the hub's root launchd group to this launchd group.

The LDGroup Path for a launchd group is always displayed and specified as a /-separated sequence of LDGroup Name. This string can be recursively constructed for a launchd group G as follows.

If G is the root launchd group, its LDGroup Path is /.
Otherwise, G 's LDGroup Path is parent_path/ g_name, where
- parent_path is G. Parent LDGroup.LDGroup Path.
- t_name is G. LDGroup Name.

For example, suppose we have a launchd group G whose name is Gname.

If G is the root launchd group, the LDGroup Path for G is /.
If G is a child of the root launchd group, the LDGroup Path for G is /Gname.
If G is a child of a launchd group named Fname that is itself a child of the root launchd group, the LDGroup Path for G is /Fname/Gname.

Ancestors

Derived from Parent LDGroup: the full path through the launchd group inheritance hierarchy from the hub's root launchd group to the Parent LDGroup.

The Ancestors for a launchd group are always displayed and specified as a /-separated sequence of LDGroup Name, with a leading / representing the root launchd group. This string can be recursively constructed for a launchd group G as follows.

If G is the root launchd group, it has no Ancestors.
Otherwise, G.Ancestors is equal to G. Parent LDGroup. LDGroup Path.

For example, suppose we have a launchd group G whose parent launchd group F is named Fname.

If F is the root launchd group, the Ancestors string for G is /.
If F is a child of the root launchd group, the Ancestors string for G is /Fname.
If F is a child of a launchd group named Ename that is itself a child of the root launchd group, the Ancestors string for G is /Ename/Fname.

Launchd Group Operation	Permissions Required	Method
Add a new launchd group as a child of launchd group F	LAUNCHDGROUP_ADD_CHILD F	You can add a new launchd group as a child of launchd group F... ... from the Launchd Group page for F, in the Create New Launchd Group section. ... if F is the root launchd group: from the Analysis Cloud page, in the Create New Launchd Group section.
Delete launchd group G	LAUNCHDGROUP_DELETE G LAUNCHDGROUP_DELETE H for all launchd groups H in the subtree under G LAUNCHD_DELETE L for all launch daemons L in the subtree under G	Suppose G is a launchd group whose parent launchd group is F. Then you can delete G ... ... from the Launchd Group page for G, in the Details section. ... from the Launchd Group page for F, using the Remove Multiple button. ... if F is the root launchd group, or you do not have LAUNCHDGROUP_READ F: from the the Analysis Cloud page, using the Remove Multiple button. The root launchd group cannot be deleted.
Change the parent launchd group of group G from F to E	LAUNCHDGROUP_WRITE G LAUNCHDGROUP_ADD_CHILD E	Suppose G is a launchd group whose parent launchd group is F. Then you can change the parent launchd group for T... ... from the Launchd Group page for G, in the Details section. ... from the Launchd Group page for F, using the Move Multiple button. ... if F is the root launchd group, or you do not have LAUNCHDGROUP_READ F: from the Analysis Cloud page, using the Move Multiple button. The root launchd group has no parent launchd group and cannot be moved.
Change the LDGroup Name or LDGroup Description for launchd group G	LAUNCHDGROUP_WRITE G	You can change the name and description for G from the Launchd Group page for G, in the Details section. The root launchd group name and description cannot be modified.

Launchd Group Operation

Permissions Required

Method

Add a new launchd group
as a child of launchd group F

LAUNCHDGROUP_ADD_CHILD F

You can add a new launchd group as a child of launchd group F...

... from the Launchd Group page for F, in the Create New Launchd Group section.
... if F is the root launchd group: from the Analysis Cloud page, in the Create New Launchd Group section.

Delete launchd group G

LAUNCHDGROUP_DELETE G
LAUNCHDGROUP_DELETE H for all launchd groups H in the subtree under G
LAUNCHD_DELETE L for all launch daemons L in the subtree under G

Suppose G is a launchd group whose parent launchd group is F. Then you can delete G ...

... from the Launchd Group page for G, in the Details section.
... from the Launchd Group page for F, using the Remove Multiple button.
... if F is the root launchd group, or you do not have LAUNCHDGROUP_READ F: from the the Analysis Cloud page, using the Remove Multiple button.

The root launchd group cannot be deleted.

Change the parent launchd group of group G from F to E

LAUNCHDGROUP_WRITE G
LAUNCHDGROUP_ADD_CHILD E

Suppose G is a launchd group whose parent launchd group is F. Then you can change the parent launchd group for T...

... from the Launchd Group page for G, in the Details section.
... from the Launchd Group page for F, using the Move Multiple button.
... if F is the root launchd group, or you do not have LAUNCHDGROUP_READ F: from the Analysis Cloud page, using the Move Multiple button.

The root launchd group has no parent launchd group and cannot be moved.

Change the LDGroup Name or LDGroup Description for launchd group G

LAUNCHDGROUP_WRITE G

You can change the name and description for G from the Launchd Group page for G, in the Details section.

The root launchd group name and description cannot be modified.

Launchd Group	Full information about a single launchd group and its children (launch daemons and launchd groups).
Launchd Group Role-Permissions	View and modify role-permissions for a single launchd group.
Analysis Cloud	Full information about the root launchd group and its children (launch daemons and launchd groups).

Launchd Group

Full information about a single launchd group and its children (launch daemons and launchd groups).

Launchd Group Role-Permissions

View and modify role-permissions for a single launchd group.

Analysis Cloud

Full information about the root launchd group and its children (launch daemons and launchd groups).

Launchd Group

Properties

Creating and Deleting Launchd Groups

Accessing Launchd Group Information

Links