- Mac os x shell script remove applications launchagent update#
- Mac os x shell script remove applications launchagent full#
If your backup script needs root access (e.g.
So if you didn't do this, remove your app from FDA, save and close Script Editor, then add back to FDA.įor your LaunchAgent, use something like: /usr/bin/open
Mac os x shell script remove applications launchagent full#
NB: If you didn't save and close Script Editor prior to adding to FDA as instructed, it seems that some kind of invisible process (automated background saves?) will change something (some kind of timestamp or hash?) that is required for Full Disk Access, which can some intermittent errors that were a major headache to figure out. MyApp.app/Contents/Resources/)įor Step 1, you can easily package your script as an app by using tools built into MacOS such as Automator.app or Script Editor, or Platypus also works.Įxample contents of such an app might be a simple AppleScript (in Script Editor) such as: on runĭo shell script "/usr/local/bin/bash /path/to/myscript.sh"įrom Script Editor, use the dropdown in the save menu to save as an application, then CLOSE SCRIPT EDITOR.Īdd this app to Full Disk Access through System Preferences -> Security & Privacy. app (either by double clicking via GUI, or open /path/to/MyApp.app but not by directly using the executable stored in e.g. Package a standard MacOS application that runs a script (a bash script in my case, which in turn sets up an environment and runs a separate binary that requires FDA).The original binaries I created with this method continue to work without errors for some strange reason, but I can't give access to new binaries directly using this method.
Mac os x shell script remove applications launchagent update#
Update 20190226: As detailed in the Restic issue linked below, this seems to have stopped working. Update: Slightly less hacky workaround below. My solution is a totally hacky workaround, but doesn't require whitelisting bash entirely. I agree that the currently accepted answer is not really a solution - it's not much better than just disabling SIP altogether. I've spent a few weeks trying to sort this out.