Working around macOS privacy controls

Posted January 14, 2022


You need to run a program (like icalBuddy) which requires access to protected macOS resources like your Calendar, Reminders, or Contacts. When you run it from the terminal, you are prompted as usual and grant access. Later, you try to run that program via some other process and nothing happens or you get some obtuse error.

In my case, I was trying to run icalBuddy to pull my calendar appointments into Obsidian, following Ben’s example. Worked great from the command line but not so much from within Obsidian. The problem, as it turns out, is that the privacy grant applies to the “top most app” which launches the process, in this case, and there’s no way to manually grant access directly to icalBuddy or Obsidian.


After struggling to find a working solution via lots and lots of github reports of similar problems, I finally found a working solution in this comment. I’m writing up here my full solution here as I’m sure I won’t be the last to run into this.

In simple terms, we create an Automator application which simply runs the program we need with whatever arguments we like. We can even pass extra arguments on the command line. The program is saved as a .app and when executed, the privacy prompts are opened and the grants assigned to our new .app.

1. Open /System/Applications/ and create a new Application:

automator - new application

2. Search for ‘Run Shell Script’ and drag it into the workflow area:

add new shell script

3. Change the pass input setting and add script:

change input and edit script

Here’s the script for easier copying:

rm -f /tmp/getCalEvents.out
/usr/local/bin/icalBuddy -npn -nc -ps "/: /" -iep "datetime,title" \
    -po "datetime, title" -b "\n\n### " \
    -tf "%H%M" -ic "$1" \
    eventsToday 2>&1 >>/tmp/getCalEvents.out

4. Save the application somewhere, e.g., ~/bin/ and run it once. You should get the privacy prompts as usual which results in the following access grant:

5. Finally, to integrate it into our application, we create another small wrapper which opens the app and returns the output from the tmp file:

rm -f /tmp/getCalEvents.out
open --wait-apps $HOME/bin/ --args Calendar
cat /tmp/getCalEvents.out

Save that script to, e.g., ~/bin/getCalEvents and call it from your application.

The New Foursquare

Posted August 06, 2014

Yeah, but do you have them all in a spreadsheet on google docs?

A hard core of Foursquare users love to checkin. I am one of them. I want to database my life, the places I go, and what I see and do there. I have checked in a total of 6,342 times since I started using Foursquare.

via The New Foursquare – AVC.


Goodnight. Sleep Clean. –

Posted January 12, 2014

We’ve known for some time that sleep is essential for forming and consolidating memories and that it plays a central role in the formation of new neuronal connections and the pruning of old ones. But that hardly seems enough to risk death-by-leopard-in-the-night.

via Goodnight. Sleep Clean. –

DevOps: It’s the culture, stupid!

Posted October 26, 2013

Last week saw the return of DevOpsDays to New York and like many who attended, I went into day one without a solid definition for, or real understanding of, what “DevOps” actually means. Does it mean wearing both dev and ops hats? Is it a new team outside of the existing dev and ops teams? Is it a tool?

Continue reading…

Getting to the Bottom of’s Flop

Posted October 25, 2013

according to the research firm the Standish Group, 94 percent of large federal information technology projects over the past 10 years were unsuccessful — more than half were delayed, over budget, or didn’t meet user expectations, and 41.4 percent failed completely.

via Getting to the Bottom of’s Flop –

S3 enabled disks?

Posted October 25, 2013

Sounds interesting, but no mention of OpenStack..

Yesterday Seagate introduced its Kinetic Open Storage Platform, and I’m simply blown away by it. It’s a truly elegant design, “as simple as possible, but no simpler”. The physical interconnect to the disk drive is now Ethernet. The interface is a simple key-value object oriented access scheme, implemented using Google Protocol Buffers. It supports key-based CRUD (create, read, update and delete); it also implements third-party transfers (“transfer the objects with keys X, Y and Z to the drive with IP address”). Configuration is based on DHCP, and everything can be authenticated and encrypted. The system supports a variety of key schemas to make it easy for various storage services to shard the data across multiple drives.

via Reinventing storage – Ethernet über alles! | Speaking of Clouds

A few feet from failure: why Verizon FiOS in New York is a sad joke

Posted October 10, 2013

This is insane.

When asked whether Verizon had met its contract obligations, the mayor’s office first asked The Verge what Verizon had said, then referred us to DOITT, which actually has the contract. DOITT referred us to the mayor’s office. When told that the mayor wasn’t commenting, DOITT suggested we speak with Verizon. When pressed, a spokesperson said, "We just don’t have anything to add here."

via A few feet from failure: why Verizon FiOS in New York is a sad joke | The Verge.

Terrorists win

Posted September 10, 2013

Game over.

The US government has betrayed the internet. We need to take it back

Posted September 05, 2013

We’ve had enough of lawyers and politicians not fully understanding technology; we need technologists at the table when we build tech policy.

via The US government has betrayed the internet. We need to take it back – Bruce Schneier.

N.S.A. Foils Much Internet Encryption

Posted September 05, 2013

Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”

via N.S.A. Foils Much Internet Encryption –