Apple - How do I grant root access to user files in Mojave?

As documented in this post among some other places, MacOS Mojave implements additional security protocols that even affect root's access to user data.

The solution in the linked question provides the basic method I used to resolve my issue.

For custom-built scripts that will run through launchd, the administrator of the computer on which the script is to be run must add that script to Security & Privacy to give that "app" permission to access user data.

It was not necessary to add launchd or rsync (in my case) to Security & Privacy.

I have not researched if there is a way to do this via Terminal, which it seems would be necessary for those administering a large number of clients.

========

Update: I've also learned that if you add a script, and you later make changes to that script, you need to delete it from the Security & Privacy-->Full Disk Access, then add it again. Perhaps macOS creates a hash that is checked?

========

Update w/ Catalina: I do not recall if I had System Integrity Protection disabled on Mojave, but it appears to be required to be disabled in Catalina. I know SIP doesn't have to be disabled for OS versions prior to these.

Disabling macOS SIP allowed the script in question to start running again. This is not ideal, so I'll be researching other approaches.


Not quite an answer to your problem, but it's very similar/related...

When writing a shell script that's run by cron, e.g. using rsync in a script to backup your files on another server.

You will notice that adding "Terminal.app" to the "Full Disk Access" does not work, because cron does not use "Terminal.app".

You could grant "Full Disk Access" access to the rsync program, and that solves some of the permission problems, but this is not enough if you need access to:

~/Pictures/Photos Library.photoslibrary ~/Library/Application Support/AddressBook

Instead, you should add cron to "System Preferences > Security & Privacy > Full Disk Access".

I did this by running open /usr/bin/, which opened a Finder window that allowed me to easily drag/drop the cron program into the "Full Disk Access" list.

Tags:

Rsync

Root

Mojave

Permission

Related

Apple - Is it a good practice to create a desktop shortcut on mac? Apple - There is a tiny icon on macOS dock that is not clickable! Apple - LibreOffice doesn't have an icon Apple - Terminal command to remove custom icon from file (HFS+) Apple - Is there anyway or work around to enjoy the dark mode feature of macOS Mojave without updating to it? Apple - Disk full; Terminal in Recovery mode won’t delete files; boot kernel panics Apple - Cannot log into iCloud after upgrade to macOS Mojave Apple - In Mac Excel, how can I replace with newline? Apple - How to force Xcode(or any other app) to be on dark theme while macOS Mojave's setting is on light mode Apple - Red pixels on Mojave and Catalina Dark Mode Apple - Mojave quicklook stuck at loading Apple - How to run a LaunchAgent that runs a script which causes failures because of System Integrity Protection

Recent Posts