#!/usr/bin/env bash # @file Ensure Terminal Permissions # @brief Ensures the macOS terminal used for the provisioning process has full disk access permissions # @description # This script ensures the terminal running the provisioning process has full disk access permissions. It also # prints information regarding the process of how to enable the permission as well as information related to # the specific reasons that the terminal needs full disk access. More specifically, the scripts need full # disk access to modify various system files and permissions. # # ## Sources # # * [Detecting Full Disk Access permission on macOS](https://www.dzombak.com/blog/2021/11/macOS-Scripting-How-to-tell-if-the-Terminal-app-has-Full-Disk-Access.html) {{ includeTemplate "universal/profile-before" }} {{ includeTemplate "universal/logg-before" }} # @description Prints information describing why full disk access is required for the script to run on macOS. printFullDiskAccessNotice() { if [ -d /Applications ] && [ -d /System ]; then logg md "${XDG_DATA_HOME:-$HOME/.local/share}/chezmoi/docs/terminal/full-disk-access.md" fi } # @description Ensures the terminal running the provisioning process script has full disk access on macOS. It does this # by attempting to read a file that requires full disk access. If it does not, the program opens the preferences # pane where the user can grant access so that the script can continue. ensureFullDiskAccess() { if [ -d /Applications ] && [ -d /System ]; then if ! plutil -lint /Library/Preferences/com.apple.TimeMachine.plist > /dev/null ; then logg star 'Opening Full Disk Access preference pane.. Grant full-disk access for the terminal you would like to run the provisioning process with.' && open "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles" logg prompt 'Press ENTER to check for Full Disk Access again' && read -r ensureFullDiskAccess else logg success 'Current terminal has full disk access' fi fi } printFullDiskAccessNotice ensureFullDiskAccess