Do Shell Script From Apple Script Requires Terminal To Have Full Disk Access - But It Already Has Full Disk Access

Question

I am making an Apple Script app that will change my Time Machine backup configuration. The Apple script command is simply:

set ThePath to quoted form of "/Users/AndrewDesktop/Documents/AppleScripts/Time Machine Control Scripts/Do Not Backup iTunes Library.sh"`
--do shell script "bash " & ThePath with administrator privileges

Right now I have all of my shell commands commented. Even so when I run the apple script I am prompted for my password and then I get an error:

error "bash: /Users/AndrewDesktop/Documents/AppleScripts/Time Machine Control Scripts/Do Not Backup iTunes Library.sh: Operation not permitted" number 126

As all of the shell commands are commented I don't necessarily need the admin privileges. When I run the same Apple script command without admin privileges:

set ThePath to quoted form of "/Users/AndrewDesktop/Documents/AppleScripts/Time Machine Control Scripts/Do Not Backup iTunes Library.sh"
do shell script "bash " & ThePath

I do not get an error.

I decided to avoid having a separate shell file and tried to enter each exclusion as its own do shell script command in apple script like so:

do shell script "sudo tmutil addexclusion -v /Volumes/iTunes Library" with administrator privileges

But even this brute force method fails as I am given the maddening error:

error "tmutil: addexclusion requires Full Disk Access privileges.
To allow this operation, select Full Disk Access in the Privacy
tab of the Security & Privacy preference pane, and add Terminal
to the list of applications which are allowed Full Disk Access." number 80

Terminal already has full disk access and so does Script Editor! Even so I disabled and reenabled full disk access for both and no dice.

Any idea how to get root to work?

Ls -l from terminal of the .sh yields only:

-rwx------@ 1

Edit: Red dance there is a tech note about with administrator privileges and sudo here: TN2065. The note there seems to say that sudo is unnecessary when using apple script with adminstrator privileges. But changing my shell script to remove the sudo didn't work.

I just need to be able to run tmutil add/removeexclusion from apple script which requires sudo permissions. How do I do this?

Answer 1

It seems that the documents folder where both the apple script and the shell script are saved is protected. when I moved both scripts to user/Andrew the errors went away. I don't know how to get it to work when housed in the documents folder but moving out to somewhere else did work.