Controlling Multiple launchagents and launchdaemons concurrently

Most of my examples for launchctl have been per-user, per-agent, per-daemon. But you can also control multiple launchctl targets concurrently. One example would be that you can unload everything in the user domain by not specifying a path but providing the userid. In the following example, we’ll just use $userid as a variable, but it’s worth noting that that would be, as an example, 501 for the :

sudo launchctl bootout gui/$userid

There’s another option that can be used to do the opposite from within single user mode, called bootshell. Bootshell is called similarly from single user mode:

sudo launchctl bootshell

LoginHook Bonjour

Want users to be able to use Bonjour at home without having their systems registering with Bonjour when they’re on your network? Many environments have taken to wholesale disabling Bonjour. This can be done by augmenting the LaunchDaemon that invokes Bonjour, that is located at /System/Library/LaunchDaemons. You add a -NoMulticastAdvertisements to the ProgramArguments array. This can be done with the defaults command as so:
defaults write /System/Library/LaunchDaemons/ ProgramArguments -array-add “-NoMulticastAdvertisements”
This can then be undone by writing the contents you want back into the array without the -NoMulticastAdvertisements:
defaults write /System/Library/LaunchDaemons/ ProgramArguments -array /usr/sbin/mDNSResponder -launchd
This is somewhat well documented, initially appearing as an Apple kbase article. However, we should keep in mind that computers, especially laptops, have a tendency to go home with people. Therefore, you may very well want to fire Bonjour back up in the event that your users are not in your environment. Prior to Mac OS X 10.6 (aka 10.5 and below) you could edit the /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/Kicker.xml file to add a shell script and upon network change it would fire off an event to run some script that you craft. In this case, the script you might run would be a simple look for some variable you decide to key off of and run one of the two above commands based on an if/then keyed off against whether the name has a valid hostname (we’re assuming it does in your network and it does not when not in your network):
if [ $(host | grep -ic “not found:”) > 0 ]; then defaults write /System/Library/LaunchDaemons/ ProgramArguments -array /usr/sbin/mDNSResponder -launchd else defaults write /System/Library/LaunchDaemons/ ProgramArguments -array-add “-NoMulticastAdvertisements” fi
You can also use this as a login hook or the if/then swapped out with one another as a logout hook; customize to your hearts content. You could even run it at boot time or on a scheduled interval, instead of as a login hook. Now, the simple fact is that since this is easy, it’s tempting. But luckily some really smart guys thought of a better way to do this kind of thing (not relying on a login or logout hook). They though that the old 10.5 Kicker was a much better solution and came up with the next best thing, crankd, which allows you to fire off a shell script (maybe one similar to the one here) when the network status changes. Thanks to all involved with this project.