I have a script that copies a file from our server to the local machine. Here is the script and output
+ date
Thu Jun 11 09:16:00 ACST 2020
+ id -un
root
+ pwd
/Volumes/Macintosh HD/backups
+ mkdir /Volumes/Server_auto
+ /sbin/mount_smbfs smb://User:password@Server/General /Volumes/Server_auto
+ ls /Volumes
Macintosh HD
Server_auto
+ ls /Volumes/Server_auto
ls: Server_auto: Operation not permitted
Ultimately I want to
cp -f /Volumes/Server_auto/Backups/Web/db_6_1500.zip ./db.zip
but I think if I can at least get a directory listing, the copy will probably work.
I can sudo this script from the terminal and it runs without a hitch. It has been running for several years from cron without a hitch, it's only after updating to Catalina that the problems have started.
I have tried
- adding
cron,lsandmount_smbfsto the Full Disk Access list - moving the job to a plist file in the LaunchDaemons folder
Everything works just fine except for the copy operation. Behaviour is identical under cron or plist/launchd.
This is clearly a SIP issue. Before I added cron to the Privacy 'Full Disk Access' list, I was getting the same error message when the cron job started.
Now, it's entirely blocking the external SMB share, but I don't know why or what permission to grant to make it work.
The exact same sequence of operations, when run manually as root, succeed every time.
Any ideas?
Best Answer
I had the same problem and it was fixed by granting »Full disk access« to Terminal in System preferences -> Security & Privacy -> Privacy and restarting Terminal.
Click the lock at the bottom left of the window in case the options are greyed out.