Doesn't seem bulletproof. I made a .sh script that touches a file in each of those dirs and ran it. It didn't ask for permission. Privacy settings don't have full disk access or individual file access granted to iTerm2, in case that matters.

Edit: Nothing has full disk access either. I even see bash listed as explicitly not having access.

That's because the Terminal app has an exemption for Full Disk Access, so as to not break anything.

Edit: OK, iTerm2, not sure what's going on there.

Yeah, maybe something is weird about every Mac setup I've used, but I've barely even noticed these restrictions. Pretty sure CLIs and shell scripts in general have full disk access by default. Almost seems like the restrictions require some cooperation from the apps, idk.

Besides disk access, there are all sorts of other ways I don't trust random native apps on my Mac. At least camera access is locked down now (I think).

They don't. But you almost certainly click through the prompt the first time you cd into Downloads without noticing. Prompt blindness is real.

I just reset all folder access perms to "no" and killed both Terminal and iTerm. Tested in Terminal, and it did protect the downloads, desktop, and photos library folders, but not any of the other ones in the home dir (pictures etc) or the Music lib.

Weirdly, iTerm did ask for permission when I cd'd to ~/Desktop, and I said no, but it was still able to cd and edit/view/delete anything inside; the only thing I can't do is ls. BUT in ~/Downloads, I can only mess with files created within iTerm, not pre-existing ones. At this point I double-checked iTerm still doesn't have access to either (or full disk access) in my sysprefs, restarted iTerm, and reproduced this.

So yes it still feels like Terminal is willingly complying while iTerm is not totally, or something is just broken. And even if both were actually enforced fully, the permissions carry over to anything you run in there, and they don't protect very many things to begin with. Like, it can delete my entire Music lib without permissions either way.

Ventura 13.5.2, 2019 Intel MBP

macOS does a lot of automatic tracking of things to try and reduce the impact of the security system. There's a system called "bookmarks" which lets apps have access to things they created even in sandbox-isolated locations, it might be related to that.

I think terminal users aren't really in-scope for macOS security.

So maybe because in the past I granted iTerm access to Desktop, it still has access to everything inside even after I've disabled it. I tried making a new file outside of iTerm just now, and iTerm can still read it, so it seems directory-level.

iTerm is third-party software like anything else. Wonder if it got an exemption. Also, TextEdit evidently has access to everything without asking, so it's not just a terminal thing. Idk what's happening exactly, but I don't trust this sandboxing.

Quite the opposite, TextEdit is sandboxed. The act of using the file open dialog grants it a capability to open the file you selected.

Terminal doesn't come with full disk access; you'll get prompts if you look inside eg app containers. But people tend to approve it the first time that happens.

There are also data vaults, which you cannot get around without turning off SIP.