Rsync and operation not permitted

We use rsync to backup a user's documents to a network share and I seem to have run into an issue having it run at login.


I can run the script below, at the terminal prompt, without root access, and the rync command will run without error and I will get a successful backup on the network share:


rsync -rltgoD --progress --no-p --delete --cvs-exclude ~/Documents /Volumes/dfs/"$adOU"/"$loggedInUser"/"$computerName"


When I add that command to be run by Enterprise Connect after a successful login, it fails with the following error message:


building file list ...

0 files...

rsync: opendir "/Users/<USERNAME>/Documents" failed: Operation not permitted (1)

1 file to consider

IO error encountered -- skipping file deletion


Currently running 10.15.1



Thank you for any advice.

Update to this thread. This script runs fine under High Sierra, as a script that runs after a successful Enterprise Connect login to the server. It appears this is only happening under Catalina.

This is a consequence of new user privacy protections in macOS 10.15. See WWDC 2019 Session 701 Advances in macOS Security for all the details. As a user, you can grant access to the tool by adding it to the list in System Preferences > Security & Privacy > Privacy > Files and Folders.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Any solution on this? Having a similar problem. Starting a shellcript with a rsync routine by a daily job with plist. Before Catalina everything was fine. Now:

rsync: opendir "/Users/Username/Documents" failed: Operation not permitted


Manually calling the shell script executes rsync.


Adding rsync to full access list in system preferences had no effect.

Hi,


I have a similar issue running 10.14.6.


Thanks in advance.

Hi,

I also am having an issue starting a shellscript that runs the command cp -R. This copies folders from a NAS (SMB) Mounted Volume to itself. However I get the Operation not permitted error as well. I have added sh, Terminal, smbd and more to the Full Disk Accesses system preferences.

Thank you,
Same issue. I wrote a backup script (/usr/local/bin/backup) that uses rsync to copy /Users/Myname to a mounted network drive. It works perfectly when I run the script by hand, but when I run it in my personal crontab, I get these errors:

Code Block
rsync: opendir "/Users/Myname/.Trash" failed: Operation not permitted (1)
rsync: opendir "/Users/Myname/Documents" failed: Operation not permitted (1)
rsync: opendir "/Users/Myname/Downloads" failed: Operation not permitted (1)
...


I granted Full Disk Access to both /usr/bin/rsync and my script, and it didn't make any difference.

This is in Catalina 10.15.3.

Any suggestions?

I am tempted to grant Full Disk Access to bash, but that would seem to defeat the purpose of access control....

UPDATE: I found an article on Stack Exchange (apple.stackexchange.com/questions/375383/rsync-in-cron-on-catalina-no-longer-working) that says for cron scripts to work in Catalina, you have to grant Full Disk Access to /usr/sbin/cron. I'll try that next.
Following up my note: yes, granting Full Disk Access to /usr/sbin/cron solved the issue.

So, it looks like you need to grant Full Disk Access to whatever program is launching rsync.

Check "Allow full disk access for remote users":

https://support.apple.com/en-ca/guide/mac-help/mchlp1066/mac

In my case I got the error when trying to copy files from another mac using rsync over SSH.

The solution was to go to the remote machine's Settings -> Security & Privacy -> Privacy -> Full Disk Access -> sshd-keygen-wrapper and enable it.

After reading these replies going back 2 years, none of it works :-)

I've got a straightforward rsync to a NAS. It works perfectly when I run it on the command line, so I know the code is sound.

I've given all of these full disk access: rsync, sh, ssh, ssh-keygen-wrapper,bash, zsh, osascript, launchd, and the backup script itself.

I can only think there's another program running that doesn't have access. I've noticed that it fails at command "rsync opendir /localfolder... operation not permitted"

So I've been looking for a command called opendir; I can't find one - I guess it's a function built in to the rsync command.

Is it possible that Apple security is causing a problem I can't solve, by locking down "opendir", a command I can't find?

Does anyone have any other ideas? I'm currently running the 12.5.1 version of Monterrey.

Thanks!

I'm in the same predicament but slightly different parameters. My sources are Microsoft OneDrive directories buried in ~/Library/CloudStorage/ and my destination is a mounted disk image. My bash script runs fine in Terminal but I get the Operation not permitted errors when run from launchd. I'm running macOS 12.6 (Monterey) on an M1 based MacBook Pro.

I tried all of the following without success:

  • installed rsync 3.2.6 via homebrew and forced my script to use it via export PATH=/opt/homebrew/bin:$PATH
  • tried numerous variations of rsync options based off "-av" - e.g. rlptgoDv and deleted options one-by-one
  • created a test version of my script that used source and destination directories on my desktop rather than in my Library or on an external volume

Based on the number of postings I've seen on the Internet about this issue, I'm surprised there are no solutions!

Craig

I was having this same problem on macOS 11.7 Big Sur and the tip to "add the app that is calling rsync" to System Preferences -> Security & Privacy -> Full Disk Access seemed like a tip worth trying. I use iTerm2 for my terminal so I added that to the list and my rsync immediately started working without the "Operation not permitted" error.

Somewhat confusingly, iTerm2 shows as "iTerm" in the System Preferences list, but it works. I've attached a screenshot of the setting.

Looks like I can't edit posts or add a direct response to my previous one. Just to provide more details of what happened before I applied the "Full Disk Access" fix:

I was running rsync as root via a bash script.

The terminal returned this:

IO error encountered -- skipping file deletion
{list of directories being read}

When I checked the rsync logs I saw this:

rsync: opendir "/Volumes/backup/{some file}" failed: Operation Not Permitted (1)

Since root should be able to read/write to anything I wasn't sure what to do so I searched for, and found this thread.

I also had the issue that rsync (and also rclone) were unable to sync /Users/me/Documents to the remote location. The reason was that Documents was synced to iCloud. Since I am not using iCloud, I could switch it off. Now rsync (and rclone) are working also Documents.

Rsync and operation not permitted
 
 
Q