Edit: MacOS Sonoma Version 14.2.1
I am running a python script via crontab, and the script runs, but I get an error when trying to iterate the ~/.Trash directory:
PermissionError: [Errno 1] Operation not permitted: '/Users/me/.Trash'
I have enabled full disk access for: /usr/sbin/cron, /usr/bin/crontab, and terminal.app, but still have the same problem.
If I run the command directly, it works fine, but when cron runs it, I get the error above. I have tried a few different crontab entries, but get the same result from all of them (I've ran each version directly and each works fine when not ran via cron).
*/5 * * * * /Users/me/miniforge3/envs/dev/bin/fclean >> /dev/null 2>&1
*/5 * * * * /Users/me/miniforge3/envs/dev/bin/python /Users/me/miniforge3/envs/dev/bin/fclean >> /dev/null 2>&1
*/5 * * * * /Users/me/miniforge3/envs/dev/bin/python /Users/me/path/to/file.py >> /dev/null 2>&1
if it's helpful the python function that's raising the permission issue is:
def clean_folder(folder: Path, _time: int = days(30)) -> None:
"""
If a file in the specified path hasn't been accessed in the specified days; remove it.
Args:
folder (Path): Path to folder to iterate through
_time (int): optional time parameter to pass as expiration time.
Returns:
None
"""
for file in folder.iterdir():
if expired(file, _time):
try:
rm_files(file)
except PermissionError as permission:
logging.exception(permission)
continue
except Exception as _err:
logging.exception(_err)
continue
I cross posted this issue in the apple developer forums: Here
In one of the responses I was linked a really great thread that helps explain some of what is going on: Here
Here's the snippet that's most applicable to the situation.
Scripting
MAC presents some serious challenges for scripting because scripts are run by interpreters and the system can’t distinguish file system operations done by the interpreter from those done by the script. For example, if you have a script that needs to manipulate files on your desktop, you wouldn’t want to give the interpreter that privilege because then any script could do that.
The easiest solution to this problem is to package your script as a standalone program that MAC can use for its tracking. This may be easy or hard depending on the specific scripting environment. For example, AppleScript makes it easy to export a script as a signed app, but that’s not true for shell scripts.
I was able to provide Full Disk Access to the python interpreter and that allows cron to run the python script and access the ~/.Trash directory.
As @eskimo1 points out in the article - that means any script running in that environment has Full Disk Access. So I will be looking at creating a package for my script in the future.