I started using a well-known program for self-control on MacOS called Cold Turkey. This program is very powerful, but it's not enough since I can open a Terminal as a non-admin user and execute the command:
launchctl unload ~/Library/LaunchAgents/launchkeep.name-of-the-program.plist
The question is simple: how can I prevent a non-admin user from doing this? I've searched a lot online, but there seem to be only partial solutions. Can I "move" the .plist file to the LaunchDaemons folder and make some adjustments? I tried doing this, but it doesn't seem to work.
I inquired with Felix, the developer of Cold Turkey, about whether it's possible to prevent a non-administrator user on a Mac from executing this command without requiring administrator privileges:
launchctl unload ~/Library/LaunchAgents/launchkeep.cold-turkey.plist
Felix responded that it's not feasible to prevent this due to the way macOS is designed and the necessary permissions required for the Safari extension to function properly.
Is there any hope left? I don't want to stop using the software; it's really good. Do you have any ideas?
/Library/LaunchAgents/
directory (note the lack of a tilde in that path). LaunchAgents run on a per-user basis when users are logged in. LaunchDaemons are systemwide background processes that don't run as real users and run even when no one is logged in. That's why putting it in/Library/LaunchDaemons/
didn't work: when run that way, it wouldn't have had access to your user account context, which it probably needs if it's going to block you from goofing off or whatever./Library/
, not/System/Library/
su adminaccount
(since I think i need admin permissions to do this) and thensudo mv ~/Library/LaunchAgents/launchkeep.cold-turkey.plist /Library/LaunchAgents/