Tuesday, February 18, 2020 [Tweets] [Favorites]

Catalina Data Protections Break File Sharing


The new data protections in Catalina make some folders inaccessible by default (for example the ‘Documents’ folder). When an application tries to access one of these folders the OS presents the user with a dialog box to ensure they intended the access.

This seems to have had the effect of breaking home folder network shares. If you enable file sharing in macOS, any registered user is able to access their home folder using their own credentials. This works in Catalina, but the special private folders (Documents, Downloads, Desktop) can’t be interacted with. Attempts to interact with them result in an ‘access denied’ error and no dialog is presented to the user on the server machine that would allow access. On the client machine, in both Finder and Terminal these folders simply appear empty and you get a permissions error if you attempt to create a file.

You log into your Mac with file sharing but can’t access your own folders. The server Mac doesn’t prompt to allow access, and there doesn’t seem to be a way to manually grant it. I found that sometimes toggling file sharing off and then on again helps. But this may not be easy to do while you’re sitting at the client Mac. And the problem eventually comes back.



In the past, I worked around this by adding smbd to the Full Disk Access list on the sharing Mac. Does that not work any more?

@Howard Not sure. I will try that next time it breaks. Thanks!

[…] FIle Sharing Busted in Catalina » […]

Holy cow what an annoying bug. Every day it’s another reason not to upgrade to Catalina.

Another of the ridiculous security *features* delivered to us Catalina users. Most of us ordinary Joes have our home networks hidden behind a router but still have to endure these security features ...

...and which folders am I most likely to want to access when I share files between my own Macs?

Documents, Downloads, Desktop.

Sometimes I wonder if anyone at Apple actually uses Macs for anything other than designing ways to push Apple Music services, Apple TV services, Apple News services, etc.

Just give "/usr/sbin/smbd" Full Disk Access on System Preferences -> Security by adding it to the list. Don't forget to restart the smbd daemon after adding it.

giving full access to /usr/sbin/smbd worked. I dragged it to the unlocked Full Disk Access dialog. Now I can browse my shared folders from my iPad. Ahh, the simple things . . .

Remember when Macs were something where users didn't need to know things like full paths to daemons? Sigh.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment