search

borgbackup / borg

Deduplicating archiver with compression and authenticated encryption.
https://www.borgbackup.org/
Other
10.84k stars 734 forks source link

macOS Sonoma: “python3.11” would like to access data from other apps #7869

Closed sebastianhaberey closed 9 months ago

sebastianhaberey commented 9 months ago

Is this a BUG / ISSUE report or a QUESTION?

Not entirely sure.

Your borg version (borg -V).

1.2.6

Operating system (distribution) and version.

macOS Sonora 14.0

Description

I am running borg on macOS using a combination of cron and borgmatic. This has worked fine for months, but since the macOS update to Sonoma a couple days ago this keeps popping up:

Screenshot 2023-10-11 at 18 14 05

When I click it, it just appears again (and again and again). It won't go away.

I am sure this is some kind of security problem that is macOS-related rather than a bug in borg, but I'd really appreciate some hints on how to solve this, if anybody has come across it.

ThomasWaldmann commented 9 months ago

Guess you could give "full disk" permissions to the terminal you start borg from.

System Settings -> Privacy and Security -> Full Disk Access

[x] Terminal
[x] Vorta (if you use Vorta as borg gui)
sebastianhaberey commented 9 months ago

I've been able to work around this by going to System Settings -> Privacy & Security and giving "Full Disk Access" to "python3".

This doesn't seem right though, I'd like to give full disk access to borg, but not to the python binary in general.

Guess you could give "full disk" permissions to the terminal you start borg from.

In my case borg is started by cron:

-+= 00001 root /sbin/launchd
 \-+= 00540 root /usr/sbin/cron
   \-+- 04508 root /usr/sbin/cron
     \-+= 04509 user /bin/sh -c /Users/user/Projects/borgbackup/borgbackup.sh >> /Users/user/Projects/borgbackup/logs/borgbackup.log 2>&1
       \-+- 04510 user bash /Users/user/Projects/borgbackup/borgbackup.sh
        \-+- 08594 user /opt/homebrew/Cellar/python@3.11/3.11.6/Frameworks/Python.framework/Versions/3.11/Resources/Python.app/Contents/MacOS/Python /opt/homebrew/bin/borgmatic [...]

My cron already had full disk access, but apparently that's not enough.

sebastianhaberey commented 9 months ago

Closing this since I have a workaround and it's a macOS issue. If somebody has a more precise solution than mine ("Full Disk Access" for python3) maybe they can still post it here.