How do I grant access to a command-line tool?

You cannot add individual CLI tools. Instead, add Terminal.app (or your terminal emulator) to Full Disk Access. All commands run in that terminal inherit the access.

Can I disable TCC entirely?

Not without disabling System Integrity Protection (csrutil disable in Recovery Mode), which is strongly discouraged as it removes critical security protections.

Mac Full Disk Access Errors — Permission Denied for Apps and Terminal

Warningpermissions

Overview

Fix macOS Full Disk Access permission errors preventing apps and Terminal from accessing protected folders like Desktop, Documents, and system files.

Key Details

macOS requires explicit Full Disk Access permission for apps to read protected user folders
Protected locations include: Desktop, Documents, Downloads, iCloud Drive, Time Machine backups, and mail
Terminal and command-line tools need Full Disk Access to operate on protected directories
Apps without Full Disk Access receive 'Operation not permitted' errors even when running as root
This is part of Apple's Transparency, Consent, and Control (TCC) framework

Common Causes

App not granted Full Disk Access in System Settings > Privacy & Security
Terminal.app or iTerm2 not added to Full Disk Access list
macOS upgrade resetting previously granted permissions
Automation tools (cron, launchd) running without inherited disk access
Backup software unable to read all files without Full Disk Access

Steps

1Grant Full Disk Access: System Settings > Privacy & Security > Full Disk Access > toggle on for the app
2For Terminal: add Terminal.app (or iTerm) to the Full Disk Access list and restart Terminal
3For CLI tools: the parent Terminal app must have Full Disk Access, not each individual command
4Reset TCC database if corrupted: tccutil reset All (caution: resets all privacy permissions)
5For automation: add the scheduling app (cron/launchd/Automator) to Full Disk Access
6Quit and reopen the app after granting access — permission changes require app restart

More in Permissions

mac-error-4302-screencaptureMac Error 4302 — Screen Recording & Capture Permission Error

Warning

linux-permission-denied-chmod-chownLinux Permission Denied — chmod, chown & ACL Troubleshooting Guide

Warning

browser-permission-api-errorsBrowser Permission API Errors — Notification, Geolocation & Camera Denied

Informational

browser-notification-permission-errorsWeb Notification Errors — Permission Denied and Push Notification Failures

Informational

browser-geolocation-errorsBrowser Geolocation Errors — Permission Denied and Position Unavailable

Warning

browser-camera-microphone-errorsCamera and Microphone Permission Errors — getUserMedia Failures in Browsers

Error

Frequently Asked Questions

Full Disk Access is enforced by the TCC framework at the app level, not the user level. Even root cannot bypass it. The app itself must be granted access in System Settings.

Mac Full Disk Access Errors — Permission Denied for Apps and Terminal

Overview

Key Details

Common Causes

Steps

Tags

Related Items

More in Permissions

Frequently Asked Questions