osx permission issue

raf rsync at raf.org
Mon Mar 30 03:14:55 UTC 2020


I don't think it's about file flags. macOS has SIP
(System Integrity Protection) which, among other
things, restricts the ability of processes to access
certain parts of the file system.

Usually people ask about how to override this locally
which can be done by disabling SIP altogether, or for
file access only, adding the relevant app in:

  System Preferences -> Secutiy & Privacy -> Full Disk Access

But It's not great. I think you can only add "apps" to
the list, not arbitrary executables. I've added
Terminal, iTerm.app and XQuartz.app but it doesn't work
for XQuartz/X11 for some reason, so I need to rsync
some parts from the file system from Terminal/iTerm
instead of from an xterm under XQuartz.

But the OP is asking about the remote end of the
connection. If you are allowed to manipulate the
security settings on the remote end, you could apply
the above ideas there but you'd need to know which app
needs to be added to the list so that rsync can
function. It's not obvious. It's probably the app that
starts sshd. It might be launchd. I can't imagine that
giving that full disk access is a great idea.

It might be possible to get the remote sshd to run the
remote side of rsync via an intermediary app that can
be added to the list of apps with full disk access,
such as Automator.

Maybe you could use (via rsync) ssh's -e / --rsh option
to specify what's needed. See this page for ideas:

  How to Give Full Disk Access to a Binary in MacOS Mojave

I haven't read it, just googled "full disk access launchd"
so not sure it'll help.

good luck,

Perry Hutchison via rsync wrote:

> Roland via rsync <rsync at lists.samba.org> wrote:
> > does somebody know how to circumvent that "extra file access restriction
> > feature" introduced in osx some time ago ?
> It may not be possible.
> Based on experience with FreeBSD, from which much of OSX is derived,
> I suspect you may be running into issues with "file flags"; check the
> OSX documentation for the chflags system call.  In FreeBSD, I've seen
> that same error message when rsync attempts an operation that would
> violate chflags restrictions.
> > i already tried adding rsync binary to programms with "full disk access"
> > privilege ( system-prefs -> security & privacy -> privacy -> full disk
> > access)?? , since running as root is not sufficient - but it does not work.
> "full disk access" likely refers to the ability to read the disk
> directly, bypassing the filesystem.  It's used by maintenance
> programs like fsck and fsdb, and by some full-disk backup programs,
> but it won't help rsync.
> > i want to make sure that every file on osx is getting backup
> >
> > i run rsync on linux to remotely backup osx system (via ssh).
> >
> > regards
> > roland
> >
> > rsync:
> > readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0m0000gn/0/com.apple.routined")
> > failed: Operation not permitted (1)
> > ...
> -- 
> Please use reply-all for most replies to avoid omitting the mailing list.
> To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

More information about the rsync mailing list