CLI on Sequoia via ssh - settings.json: operation not permitted
Since upgrading macOS to Sequoia, when executing op
via a logged in ssh session, op
fails to access my 1password settings:
10:45PM | DEBUG | Skipped loading desktop app settings file. The desktop app might not be installed: read file: open /Users/USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/settings/settings.json: operation not permitted
Previously on macOS Sonoma 14.7.4 executing op
while logged in over ssh works as expected:
op --version 2.30.3 op account list URL EMAIL USER ID my.1password.com email@exmaple.com USERIDXXXX ssh localhost Last login: Mon Nov 25 22:21:11 2024 from ::1 op account list URL EMAIL USER ID my.1password.com email@exmaple.com USERIDXXXX
Now on macOS Sequoia 15.1.1:
op --version 2.30.3 op account list URL EMAIL USER ID my.1password.com email@exmaple.com USERIDXXXX ssh localhost Last login: Mon Nov 25 22:30:32 2024 op account list op account list --debug 10:45PM | DEBUG | Skipped loading desktop app settings file. The desktop app might not be installed: read file: open /Users/USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/settings/settings.json: operation not permitted
Any ideas what's going on? Could this be related to permissions changes in Sequoia?
This breaks all kinds of workflows I use daily and is a major problem since I routinely execute op
over ssh back to my desktop while logged into remote systems for development and troubleshooting.
Appreciate any insights or suggestions.
Cheers,
Michael
1Password Version: 8.10.52
Extension Version: Not Provided
OS Version: 15.1.1
Browser: Not Provided
Comments
-
This appears to be some security feature of Sequoia and not directly related to 1Password. I'm unable to access the files under
~/Library/Group\ Containers/2BUA8C4S2C.com.1password/
when logged in via ssh. 😞Example:
head -2 ~/Library/Group\ Containers/2BUA8C4S2C.com.1password/Library/Application\ Support/1Password/Data/settings/settings.json { "version": 1, ❯ ssh localhost Last login: Mon Nov 25 23:02:46 2024 from ::1 ❯ head -2 ~/Library/Group\ Containers/2BUA8C4S2C.com.1password/Library/Application\ Support/1Password/Data/settings/settings.json head: /Users/USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/settings/settings.json: Operation not permitted
Ugh. Anyone have a way to work around this?
0 -
Solved. Apparently "Allow full disk access for remote users" somehow became unchecked. Once setting this under System Settings > General > Sharing > Remote Login, everything is back to working again.
😊
0 -
I'm having a related problem with local terminals. I have
op completion zsh
in my profile, so every time I launch a terminal I get a "whatever.app would like to access data from other apps" message, and I assume the same would happen if I removed theop completion zsh
line and then tried to use some otherop
command.This can be worked around by granting full disk access to every terminal app (iTerm, Terminal, Visual Studio Code, etc), but it would be great not to need to disable the group container file sandbox.
0