This article explains how to enable Full Disk Access for the Terminal application on macOS
(So You Can Safely Work with All Files Even Hidden or Protected Ones)
Why would you do this?
macOS protects certain files and folders (like Mail, Safari, external drives, and some hidden system folders) by default. If you run a command in Terminal and it doesnt seem to work or skips some files it might be because Terminal doesn’t have Full Disk Access.
Giving Terminal Full Disk Access lets it do what you tell it to
Step-by-Step: How to Enable Full Disk Access for Terminal
- Open System Settings
Click the Apple menu in the top-left corner.
Choose System Settings (or System Preferences on older macOS versions). - Go to Privacy & Security
In the left-hand sidebar, scroll down and click Privacy & Security.
On the right side, scroll down until you see Full Disk Access and click it. - Add Terminal to the list
Click the + (plus) button at the bottom of the list.
A file picker will appear. Press Command + Shift + G (or navigate manually).
In the “Go to the folder” box, type:
/System/Applications/Utilities/
Press Return, then select Terminal.app, and click Open.
You’ll now see Terminal in the list, with the toggle turned on (or you’ll need to turn it on yourself). - Restart Terminal (just to be safe)
Activate the Terminal app, the quit the Terminal app completely (press Command + Q while its focused).
Then reopen it as normal.
Important Notes:
You only need to do this once.
This does not give Terminal uncontrolled access to your Mac it just lets you, the user, tell Terminal to access protected folders if needed.
Of course, still be very careful with commands when Full Disk Access is enabled Terminal can now read/write more files than before, especially commands you copy from pages on the internet!
Special security note example:
Copy-pasting curl commands from the internet can be extremely risky because they can download and run unknown code on your system sometimes with full permissions. For example, a popular and benign command to install Pi-hole looks like this:
curl -sSL https://install.pi-hole.net | bash
While this works and is safe if you trust the source (in this case the developers of pihole), you’re essentially letting a remote server run code on your computer without seeing what it is first. A malicious site could do the same but install malware, steal data, or damage your system.
Note: The | symbol (this is not the uppercase letter I as in Ian or the lower case “l” as in letter) is called a pipe, it takes the output of one command (in this case, the download from curl which is a script that handles the full installation of the pi-hole service!) and feeds it directly into another command (bash), which runs it. This is powerful but highly dangerous if misused.