macOS Mojave introduced a new access control mechanism that lets you decide which apps have access to certain parts of the disk.
That’s great! (except it breaks some things)
The problem
Those familiar with UNIX-like systems sure know about cron
, a job scheduler that comes installed on all macOS systems.
With the introduction of Mojave’s access control mechanism, cron
can no longer access some directories, which might break your cron jobs.
The solution
macOS lets you add apps and binaries to the Full Disk Access allowlist, so let’s see which binary runs my cron jobs:
$ ps aux | grep [c]ron | awk '{print $NF}'
/usr/sbin/cron
The binary that runs the system’s cron jobs is /usr/sbin/cron
.
Granting Full Disk Access to cron
Go to System Settings > Privacy & Security > Full Disk Access:
Click on the (+) icon to add an item to the list.
Press command
+shift
+G
, type /usr/sbin/cron
and press enter
:
Select the cron
exexcutable and click Open:
That’s it!
Beware, this is not a great idea security-wise, if an attacker can modify cron jobs or their scripts, they would have Full Disk Access too.
Monitor the system’s installed cron jobs manually, or with a tool such as KnockKnock, and proceed with caution.