tzeejay icon




tmutil and macOS Mojave Application Data Protections

macOS’ Time Machine is a great backup tool for the average user in my opinion. It safely creates a backup of all your data and provides a simple graphical interface to setup the backup and another one to restore a backup later if needed. As great as it’s very simple graphical user interface is for the average user, it’s not helpful at all when things go wrong and you wish for a million dials and nobs. Alongside the graphical interface Apple ships a great little tool called tmutil to do exactly that. It allows a power user to look under the hood of Time Machine and move things around manually if needed. That is until you try to alter anything about the backups manually under Mojave. I was provided a bunch of very weird and inexplicable error messages until I ran tmutil latestbackup out of frustration, which showed the following error

tmutil error

$ tmutil latestbackup The operation could not be completed because tmutil could not access private application data on the backup disk. Use the Privacy tab in the Security and Privacy preference pan to add Terminal to the list of application which can access Application Data.

The fix for this, as stated in the error message, is annoying, but very simple. You open System, navigate to the Security icon, click the Privacy tab, select Application Data from the list and finally select the button labeled + underneath. Done and done. Trying to be a bit of a smartass, I entered which tmutil into my Terminal session to find the path to tmutil. I was hoping to trick the system into only allowing ’tmutil’ access to all the Application Data on the system but not grant outright access. Doing that sadly does not work, since the parent process needs to be granted access, which forced me to add to the list after all.

Ignoring entirely whether I’m of the opinon that this is a regression or not, it is nice to see that Apple’s engineers hit the exact same issues every other third party developer hits and does not grant itself specialized permission to get around it. The absence of training wheels in desktop OS’ is what makes them so clunky and insecure to use for many, but at the same time that insecurity is what allows a certain group of users who know the pitfalls well do incredible things. Steve Jobs Trucks vs. Cars analogy fits perfectly here. I think these issues will be worked out over the next couple of major releases and it will become an absolute non-issue. For now I’m happy to see that Apple’s own engineers have to find work arounds, or rather not so elegant solutions like the error message above. This way a couple of really smart people will sit down in a conference room somewhere in Cupertino and come up with a solution to all of this, simply based on necessity for Apple’s own software.

If you’re interested in reading more about this and related topics I can highly recommend this post by Felix Schwarz.