macOS Ventura: Fix the “Operation not permitted” error in Terminal

The “Operation not permitted” error message is caused by one of the typical annoyancesfeatures in macOS, namely the Terminal app lacking “full disk access” by default (and by design).

This conclusion unfortunately isn’t obvious, as when encountering the above error message, one would typically first check the ownerships and permissions of the directory/file/symlink “causing” the error, then perhaps the ACL / extended attributes, then whether the resource might still be locked by another process accessing it, and last but not least, one would remember macOS’s SIP (System Integrity Protection) and even consider booting into recovery mode. But none of that is actually required. The solution is:

  1. In the macOS “System Settings”, go to “Privacy & Security”
  2. Then click on “Full Disk Access” and enable it for “Terminal” (slider turns blue)
  3. Open a new Terminal window/session

Irritatingly, upgrading to macOS Ventura apparently resets the Terminal app’s security privileges.

Example:

I wanted to remove and recreate a symlink, so that “MobileSync” (where macOS stores backups of iOS devices like iPhones, iPads) isn’t just a regular, local directory, but a symlink pointing to a directory on a mounted NAS share. Advantage: Backups of iOS devices don’t use up valuable (and expensive) SSD storage space on your MacBook Air/Pro, but use cheap NAS storage instead (further, you don’t create duplicate backups on each of your Macs). Here’s where the MobileSync symlink is located and where it points to, in my case (you can create it using ‘ln -s /Volumes/backups_ios/MobileSync .‘, my share is named ‘backup_ios‘)

mymac ~/Library/Application Support $ ls -lad ~/Library/Application\ Support/MobileSync
lrwxr-xr-x 1 myuser staff 31 Apr  1 00:47 '/Users/myuser/Library/Application Support/MobileSync' -> /Volumes/backups_ios/MobileSync

Even as root, I first couldn’t remove the symlink I created some time back before the upgrade to Ventura. Which is even the more puzzling considering this all happens in a regular user’s home directory.