Chris Dzombak

sharing preview • dzombak.com

macOS Scripting: How to tell if the Terminal app has Full Disk Access

macOS Scripting: How to tell if the Terminal app has Full Disk Access

My macOS system configuration script requires Full Disk Access, so I wanted to add a warning if the user’s terminal app doesn’t have the required permissions. This check should be performed right at the beginning of the script, because if the process fails halfway through, the entire terminal app has to be restarted, and the configuration process will have to start again from scratch.1

There’s no API to do this, of course; Apple’s recommendation is to “try the thing your app needs to do, and check whether it failed.” 🙄

A solution is to try something inconsequential up front that requires Full Disk Access, and check whether it failed. One such act is reading /Library/Preferences/com.apple.TimeMachine.plist. In a bash script, such a test might look like this:

if ! plutil -lint /Library/Preferences/com.apple.TimeMachine.plist >/dev/null ; then
  echo "This script requires your terminal app to have Full Disk Access."
  echo "Add this terminal to the Full Disk Access list in System Preferences > Security & Privacy, quit the app, and re-run this script."
  exit 1
fi

You can see this addition to my system configuration script in cdzombak/dotfiles commit 361df194.

  1. This isn’t a terrible problem, since the script is written to be idempotent, but it is annoying.