April, 2025 – Graham Miln

Launching a graphical application as another user on macOS

A question was asked about how to launch a graphical application as another user on macOS.

What you want to achieve is possible but difficult. You need to launch the application within the appropriate user session. For security reasons, crossing the user session divide is difficult.

You need a process already running in the other user’s session to listen to your request and launch the application on your behalf.

launchd’s bsexec

Thankfully, recent versions of launchd have this ability; although Apple engineers have not recommended its general use. Use the bsexec option in launchctl to target the appropriate user session:

 bslist [PID | ..] [-j]
          This prints out Mach bootstrap services and their respective states. While the namespace
          appears flat, it is in fact hierarchical, thus allowing for certain services to be only avail-
          able to a subset of processes. The three states a service can be in are active ("A"), inactive
          ("I") and on-demand ("D").

          If [PID] is specified, print the Mach bootstrap services available to that PID. If [..] is
          specified, print the Mach bootstrap services available in the parent of the current bootstrap.
          Note that in Mac OS X v10.6, the per-user Mach bootstrap namespace is flat, so you will only
          see a different set of services in a per-user bootstrap if you are in an explicitly-created
          bootstrap subset.

          If [-j] is specified, each service name will be followed by the name of the job which regis-
          tered it.

 bsexec PID command [args]
          This executes the given command in the same Mach bootstrap namespace hierachy as the given
          PID.

 bstree [-j]
          This prints a hierarchical view of the entire Mach bootstrap tree. If [-j] is specified, each
          service name will be followed by the name of the job which registered it.  Requires root priv-
          ileges.

The recommended approach is to write a launchd job ticket and restart the Mac - or ask the user to log-out and back in again.

Cause of the Problems

The problems stem from the application being connected to the wrong WindowServer process. Each user session has a separate WindowServer; this process handles the user interface. Your earlier methods place the ownership of the process with the right user but connected to your own WindowServer process.

This problem is mentioned in the Daemons and Agents technical note from Apple.

Experience

I know this from personal experience. For Power Manager, I wrote pmuser to exist within each user session. pmuser listens to our daemon and handles the per-user launches and commands. Despite our daemon having root authority, we still needed a per-user process to work reliably within user sessions.

I originally published this answer on Ask Different.