Mac Full Disk Access Errors — Permission Denied for Apps and Terminal
About Mac Full Disk Access Errors
Fix macOS Full Disk Access permission errors preventing apps and Terminal from accessing protected folders like Desktop, Documents, and system files. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: macOS requires explicit Full Disk Access permission for apps to read protected user folders. Protected locations include: Desktop, Documents, Downloads, iCloud Drive, Time Machine backups, and mail. Terminal and command-line tools need Full Disk Access to operate on protected directories. Apps without Full Disk Access receive 'Operation not permitted' errors even when running as root. This is part of Apple's Transparency, Consent, and Control (TCC) framework. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: App not granted Full Disk Access in System Settings > Privacy & Security. Terminal.app or iTerm2 not added to Full Disk Access list. macOS upgrade resetting previously granted permissions. Automation tools (cron, launchd) running without inherited disk access. Backup software unable to read all files without Full Disk Access. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: Grant Full Disk Access: System Settings > Privacy & Security > Full Disk Access > toggle on for the app. For Terminal: add Terminal.app (or iTerm) to the Full Disk Access list and restart Terminal. For CLI tools: the parent Terminal app must have Full Disk Access, not each individual command. Reset TCC database if corrupted: tccutil reset All (caution: resets all privacy permissions). For automation: add the scheduling app (cron/launchd/Automator) to Full Disk Access. Quit and reopen the app after granting access — permission changes require app restart. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our Mac Error Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
Why does sudo not bypass Full Disk Access?
Full Disk Access is enforced by the TCC framework at the app level, not the user level. Even root cannot bypass it. The app itself must be granted access in System Settings.
Overview
Fix macOS Full Disk Access permission errors preventing apps and Terminal from accessing protected folders like Desktop, Documents, and system files.
Key Details
- macOS requires explicit Full Disk Access permission for apps to read protected user folders
- Protected locations include: Desktop, Documents, Downloads, iCloud Drive, Time Machine backups, and mail
- Terminal and command-line tools need Full Disk Access to operate on protected directories
- Apps without Full Disk Access receive 'Operation not permitted' errors even when running as root
- This is part of Apple's Transparency, Consent, and Control (TCC) framework
Common Causes
- App not granted Full Disk Access in System Settings > Privacy & Security
- Terminal.app or iTerm2 not added to Full Disk Access list
- macOS upgrade resetting previously granted permissions
- Automation tools (cron, launchd) running without inherited disk access
- Backup software unable to read all files without Full Disk Access
Steps
- 1Grant Full Disk Access: System Settings > Privacy & Security > Full Disk Access > toggle on for the app
- 2For Terminal: add Terminal.app (or iTerm) to the Full Disk Access list and restart Terminal
- 3For CLI tools: the parent Terminal app must have Full Disk Access, not each individual command
- 4Reset TCC database if corrupted: tccutil reset All (caution: resets all privacy permissions)
- 5For automation: add the scheduling app (cron/launchd/Automator) to Full Disk Access
- 6Quit and reopen the app after granting access — permission changes require app restart