MacOS Permission – iTerm2 Accessibility and Full Disk Access on Mojave

As documented in this post among some other places, MacOS Mojave implements additional security protocols that even affect root's access to user data.

The solution in the linked question provides the basic method I used to resolve my issue.

For custom-built scripts that will run through launchd, the administrator of the computer on which the script is to be run must add that script to Security & Privacy to give that "app" permission to access user data.

It was not necessary to add launchd or rsync (in my case) to Security & Privacy.

I have not researched if there is a way to do this via Terminal, which it seems would be necessary for those administering a large number of clients.

========

Update: I've also learned that if you add a script, and you later make changes to that script, you need to delete it from the Security & Privacy-->Full Disk Access, then add it again. Perhaps macOS creates a hash that is checked?

========

Update w/ Catalina: I do not recall if I had System Integrity Protection disabled on Mojave, but it appears to be required to be disabled in Catalina. I know SIP doesn't have to be disabled for OS versions prior to these.

Disabling macOS SIP allowed the script in question to start running again. This is not ideal, so I'll be researching other approaches.

Apps with photos access can access all photos in you library whenever the app chooses to in the background without your future confirmation, and can save pictures to the library.

Without photos access, the app can still ask the OS to get the user to choose a picture, at which point iOS can show a system-wide photo chooser and you can choose a single photo. Once you've chosen the photo, just that specific photo is provided by iOS back to the app.