To add on to what Valkhes says above, it's also recommend in the very document you linked under Daemon Security Considerations: Try to avoid running your daemon with elevated privileges (for example, running it as root). If your daemon must run with elevated privileges, do not trust data received from non-privileged processes. Doing so might allow a local user to escalate their privileges. The feedback assistant ticket number is 16838140 I see reference to a SessionCreate key in there for controlling the security context, is that useful in this situation? Thanks!

I have not found a way to get this to work at all. I think its pretty clear at this point this is a bug and this whole local network permission speedbump didn't account for all cases where it would be required I have a ticket open with Apple in Feedback assistant. Hopefully i get more info from them because its gone cold here.

Any thoughts about this scenario? Thanks

It is a real user

I am doing the first option of putting the launchd property list in /Library/LaunchDaemons and then configure the user via the UserName property in that property list. This plist calls a shell script which starts up the java process with proper arguments.

Sorry to revive this thread, but what about the situation where you are running a launchd daemon under a user other than root?