The macOS Privacy Settings Deleted My Backups

  • Mike
  • February 13, 2023

The other day I logged in to my NAS to find that all of my backed up media files were gone. No errors, the drives were fine, the directory was there, but the files were gone. Thankfully it wasn’t a freak out moment as I had my originals and my other backups, but it was a mystery. The answer turned out to be the macOS privacy settings, and while I certainly support the spirit of what they are doing, in practice the way this worked was so confusing that if you told me they were trying to screw with me, I wouldn’t be shocked.

Let’s talk it through.

Here’s how the backup is suppose to run: I have a Mac Mini with a bunch of media files on an external drive, and I want to back those files up on the NAS. This happens via a simple bash script with rsync, and it used to run on a cron, but I moved it to a Keyboard Maestro macro because I’m moving all of my Mac cron jobs there for improved portability and discoverability [Editor’s Note: FORESHADOWING!]

Here’s the bash script. As I said, it’s very simple:


rsync -av --progress --delete --ignore-errors --ignore-existing --dry-run --no-perms --no-owner --no-group  "/Volumes/Media Files/" nas:/volume1/media/

It runs within a macro that runs nightly after checking if the removable drive is mounted and if an arbitrary directory exists in the volume, just to make sure the drive is really mounted. Everything looks fine. The macro and script both run without any errors, but the files are not on my NAS.

So, I ran the script manually in the terminal and the rsync ran without issue and the files ended up on the NAS. Hmm.

Then I ran the script from within Keyboard Maestro and rsync runs fine…and deletes every single file on the NAS. WTF! But the drive is mounted at it sees a directory in the mounted directory? Why is the script saying that there aren’t any files?! In fact, when I update the bash script to just print out the contents of the Media Files directory, it returns:

> total 0

No error. Just an empty directory listing. Remember, this script is running after checks to make sure the drive is mounted and a folder on that mount has been found!

So, as you know, dear reader, it was macOS’ privacy settings. What I needed to do was give Keyboard Maestro full disk access and then the macro and script ran without issue. Ok, fine. I’m not mad about an extra layer of permission, especially one that I can resolve, if I choose to, quickly. What’s annoying is how the blocking worked. No error. No alert saying an app or script asked to do something and it was blocked. It didn’t even return an error code, it just said the directory was empty…so rsync deleted everything. That’s crazy! I still don’t really understand why Keyboard Maestro was able to see the existence of a child directory but not list files. It’s really odd and really frustrating. I mean really frustrating. Like working at Twitter and having an idiot man child ask you why his unfunny joke tweets don’t get the reach he expected, and then getting fired for no reason frustrating.

Ok, maybe not that frustrating, but I sure with Apple would do something to improve this.

Related Posts

Post to Mastodon v2.2 - Bug Fixes and Setup Questions

  • Mike
  • December 26, 2022

Another update regarding my Post to Mastodon Apple Shortcut automation, which is now at version 2.2! Specifically, I’ve learned two things about Apple Shortcuts today: Their logic for input type sucks and is very buggy. You can set setup questions so people don’t have to edit the shortcut after they download it!

Read more

A Decade of Clojure at Studio71

  • Mike
  • March 30, 2023

What is Clojure and why did it fit for Studio71? Clojure is a programming language (a dialect of Lisp) that excels at concurrency and data processing. Clojure runs on top of Java so it’s runs in all of the places Java runs and can use all of the Java libraries already out there (hello, Google and AWS libraries!

Read more

Building a Mastodon Client in to my Cyberpunk SSH App

  • Mike
  • February 3, 2023

Let me quickly get you up to speed: I wanted to build a website for my hacker projects, but instead of a website I ended up building an SSH app (because I’m weird). Basically, instead of visiting it in your web browser you have to open your terminal, run an SSH command, and then you use text commands to play with the application, read about my projects, etc.

Read more