Re: osx permission issue
Henri Shustak via rsync wrote: > If you are talking about SIP, then at present SSH will have full disk access > (as much as it can) by default. > > Take a look at this LBackup page which discusses this in more detail : > http://www.lbackup.org/developer/dealing_with_sip > > Hope that helps. I think that that only applies to the sshd binary that comes with macOS. If you install a more recent version of openssh via macports or similar, it doesn't apply to that. It certainly doesn't apply to a macports-installed ssh client. In that case, you need to grant full disk access to Terminal.app or similar, and invoke the ssh client from there. It's not possible to grant full disk access to an arbitrary binary executable via System Preferences. You can only do that for "applications". I'm not sure what aplication you would need to grant full disk access to in order to give a macports-installed sshd daemon full disk access. cheers, raf -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: osx permission issue
If you are talking about SIP, then at present SSH will have full disk access (as much as it can) by default. Take a look at this LBackup page which discusses this in more detail : http://www.lbackup.org/developer/dealing_with_sip Hope that helps. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: osx permission issue
Hi,
I don't think it's about file flags. macOS has SIP
(System Integrity Protection) which, among other
things, restricts the ability of processes to access
certain parts of the file system.
Usually people ask about how to override this locally
which can be done by disabling SIP altogether, or for
file access only, adding the relevant app in:
System Preferences -> Secutiy & Privacy -> Full Disk Access
But It's not great. I think you can only add "apps" to
the list, not arbitrary executables. I've added
Terminal, iTerm.app and XQuartz.app but it doesn't work
for XQuartz/X11 for some reason, so I need to rsync
some parts from the file system from Terminal/iTerm
instead of from an xterm under XQuartz.
But the OP is asking about the remote end of the
connection. If you are allowed to manipulate the
security settings on the remote end, you could apply
the above ideas there but you'd need to know which app
needs to be added to the list so that rsync can
function. It's not obvious. It's probably the app that
starts sshd. It might be launchd. I can't imagine that
giving that full disk access is a great idea.
It might be possible to get the remote sshd to run the
remote side of rsync via an intermediary app that can
be added to the list of apps with full disk access,
such as Automator.
Maybe you could use (via rsync) ssh's -e / --rsh option
to specify what's needed. See this page for ideas:
How to Give Full Disk Access to a Binary in MacOS Mojave
https://n8henrie.com/2018/11/how-to-give-full-disk-access-to-a-binary-in-macos-mojave/
I haven't read it, just googled "full disk access launchd"
so not sure it'll help.
good luck,
raf
Perry Hutchison via rsync wrote:
> Roland via rsync wrote:
> > does somebody know how to circumvent that "extra file access restriction
> > feature" introduced in osx some time ago ?
>
> It may not be possible.
>
> Based on experience with FreeBSD, from which much of OSX is derived,
> I suspect you may be running into issues with "file flags"; check the
> OSX documentation for the chflags system call. In FreeBSD, I've seen
> that same error message when rsync attempts an operation that would
> violate chflags restrictions.
>
> > i already tried adding rsync binary to programms with "full disk access"
> > privilege ( system-prefs -> security & privacy -> privacy -> full disk
> > access)?? , since running as root is not sufficient - but it does not work.
>
> "full disk access" likely refers to the ability to read the disk
> directly, bypassing the filesystem. It's used by maintenance
> programs like fsck and fsdb, and by some full-disk backup programs,
> but it won't help rsync.
>
> > i want to make sure that every file on osx is getting backup
> >
> > i run rsync on linux to remotely backup osx system (via ssh).
> >
> > regards
> > roland
> >
> > rsync:
> > readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/0/com.apple.routined")
> > failed: Operation not permitted (1)
> > ...
>
> --
> Please use reply-all for most replies to avoid omitting the mailing list.
> To unsubscribe or change options:
> https://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: osx permission issue
Roland via rsync wrote:
> does somebody know how to circumvent that "extra file access restriction
> feature" introduced in osx some time ago ?
It may not be possible.
Based on experience with FreeBSD, from which much of OSX is derived,
I suspect you may be running into issues with "file flags"; check the
OSX documentation for the chflags system call. In FreeBSD, I've seen
that same error message when rsync attempts an operation that would
violate chflags restrictions.
> i already tried adding rsync binary to programms with "full disk access"
> privilege ( system-prefs -> security & privacy -> privacy -> full disk
> access)?? , since running as root is not sufficient - but it does not work.
"full disk access" likely refers to the ability to read the disk
directly, bypassing the filesystem. It's used by maintenance
programs like fsck and fsdb, and by some full-disk backup programs,
but it won't help rsync.
> i want to make sure that every file on osx is getting backup
>
> i run rsync on linux to remotely backup osx system (via ssh).
>
> regards
> roland
>
> rsync:
> readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/0/com.apple.routined")
> failed: Operation not permitted (1)
> ...
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: osx permission issue
what makes you believe that ssh is accessing the files ?
ok, rsync on remote mac is being spawned by sshd, so i gave full disk
access to the sshd binary , too (as it may inherit restrictions to sub
processes) and restarted ssh service ,
but unfortunately it makes no difference.
did you mean that or something different ?
roland
Am 28.03.20 um 16:20 schrieb Ben Bass:
Hi Roland.
You might have to give ssh full disk access on the remote Mac, as that
is what is accessing the files according to the Mac.
On Sat, Mar 28, 2020 at 9:12 AM Roland via rsync
mailto:rsync@lists.samba.org>> wrote:
hello,
does somebody know how to circumvent that "extra file access
restriction
feature" introduced in osx some time ago ?
i already tried adding rsync binary to programms with "full disk
access"
privilege ( system-prefs -> security & privacy -> privacy -> full disk
access) , since running as root is not sufficient - but it does
not work.
i want to make sure that every file on osx is getting backup
i run rsync on linux to remotely backup osx system (via ssh).
regards
roland
rsync:
readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/0/com.apple.routined")
failed: Operation not permitted (1)
rsync:
readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/0/com.apple.Safari/SafariFamily")
failed: Operation not permitted (1)
rsync:
readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/C/com.apple.WebKit.WebContent.Sandbox")
failed: Operation not permitted (1)
rsync:
readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/C/com.apple.QuickLook.thumbnailcache")
failed: Operation not permitted (1)
rsync:
readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/C/com.apple.WebKit.Networking.Sandbox")
failed: Operation not permitted (1)
rsync: opendir
"/private/var/folders/zz/zyxvpxvq6csfxvn_n0sm6d/0" failed:
Operation not permitted (1)
rsync: opendir
"/private/var/folders/zz/zyxvpxvq6csfxvn_n0sm6d/C" failed:
Operation not permitted (1)
# ls -l@ /private/var/folders/zz/zyxvpxvq6csfxvn_n0sm6d/
total 0
drwxr-xr-x@ 2 _locationd _locationd 64 3 Nov 2017 0
com.apple.rootless -1
drwx--@ 17 _locationd _locationd 544 19 Jan 23:03 C
com.apple.rootless -1
drwx--@ 2 _locationd _locationd 64 3 Nov 2017 T
com.apple.rootless 7
--
Please use reply-all for most replies to avoid omitting the
mailing list.
To unsubscribe or change options:
https://lists.samba.org/mailman/listinfo/rsync
Before posting, read:
http://www.catb.org/~esr/faqs/smart-questions.html
--
-Ben
(917) 536-0998
b...@benbass.com
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
osx permission issue
hello,
does somebody know how to circumvent that "extra file access restriction
feature" introduced in osx some time ago ?
i already tried adding rsync binary to programms with "full disk access"
privilege ( system-prefs -> security & privacy -> privacy -> full disk
access) , since running as root is not sufficient - but it does not work.
i want to make sure that every file on osx is getting backup
i run rsync on linux to remotely backup osx system (via ssh).
regards
roland
rsync:
readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/0/com.apple.routined")
failed: Operation not permitted (1)
rsync:
readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/0/com.apple.Safari/SafariFamily")
failed: Operation not permitted (1)
rsync:
readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/C/com.apple.WebKit.WebContent.Sandbox")
failed: Operation not permitted (1)
rsync:
readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/C/com.apple.QuickLook.thumbnailcache")
failed: Operation not permitted (1)
rsync:
readlink_stat("/private/var/folders/_p/ky_w_lyj6ps7jcnkjkl5ss0mgn/C/com.apple.WebKit.Networking.Sandbox")
failed: Operation not permitted (1)
rsync: opendir
"/private/var/folders/zz/zyxvpxvq6csfxvn_n0sm6d/0" failed:
Operation not permitted (1)
rsync: opendir
"/private/var/folders/zz/zyxvpxvq6csfxvn_n0sm6d/C" failed:
Operation not permitted (1)
# ls -l@ /private/var/folders/zz/zyxvpxvq6csfxvn_n0sm6d/
total 0
drwxr-xr-x@ 2 _locationd _locationd 64 3 Nov 2017 0
com.apple.rootless -1
drwx--@ 17 _locationd _locationd 544 19 Jan 23:03 C
com.apple.rootless -1
drwx--@ 2 _locationd _locationd 64 3 Nov 2017 T
com.apple.rootless 7
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
