macOS 10.15 Catalina Adds Additional Filesystem Restrictions
macOS 10.15 (Catalina) has added additional Privacy restrictions that require user intervention before applications can access the certain portions of the filesystem. Not only that, but taking screenshots for this post required permissions to be explicitly granted to Skitch. The fact that macOS 10.15 introduces new security and privacy safeguards is unsurprising as we got introduced to stricter automation controls in Catalina’s predecessor.
Let’s look at what happens when we try to
cd ~/Documents in the macOS 10.15
We’re greeted by a dialog box presented by Finder requesting specific permission for
Terminal to access files in the
"Terminal" would like to access files in your Documents folder. Once this permission is granted,
Terminal can access the contents of
~/Documents. If the permission isn’t granted, trying to
ls ~/Documents results in something along the lines of:
# ls ~/Documents ls: Documents: Operation not permitted
Updating which filesystem access permissions have been granted for a given application can be accomplished in the
Security & Privacy preference panel. In this example
Terminal has been granted access to the
Documents folder whereas
iTerm has not been granted any access.
It was an added bonus while writing this post that even trying to take a screenshot with
Skitch on Catalina prompted a dialog requesting explicit access. The final result was that I’ve now authorized
Skitch to capture my screen:
There has been much speculation regarding Apple’s WWDC 2019 announcement of Sign in with Apple as to its real intent. What is clear (to me, at least) is that Apple is positioning itself as the guardian of security and privacy (compared to Facebook and Google who are clearly not in the interest of safeguarding either), whether it is
Sign in with Apple or tighter controls around what applications can access your data on your own Mac.