Delete file from system location with app-scoped security bookmark

Question

I've got an OS X App where I request app-scoped security bookmarks from the user using an NSOpenPanel - this works great.

Now I want to delete the file as well - this works for ALL files except for those stored in system locations, e.g. /private/var/log. Even though the user granted me a (not stale) security bookmark.

Is there any entitlement that allows me to delete user-selected files from those locations?

Just for reference, the following entitlements are set:

<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key> <array> <string>/.Trash</string> </array> <key>com.apple.security.files.user-selected.read-write</key> <true/> <key>com.apple.security.files.bookmarks.app-scope</key> <true/> <key>com.apple.security.app-sandbox</key> <true/>

Cheers!

I don't have a solution from the top of my head but I just wanted to hint that I have been in a "never ending" discussion with the Review Team about temporary-exception — they basically don't want people to use them anymore. Furthermore, thanks for reminding me the security bookmarks. I must look into that again asap. I'll ask around if someone has a solution for you... — StuFF mc

mahal tertin mahal tertin · Accepted Answer · 2015-04-17T08:05:11

Most of the files in system locations belong to user root and no one else has write permission. In order to delete such files, they need to have the appropriate permissions set. You can check this using terminal:

cd /private/var/log
ls -la

Just because your app has permission by sandbox doesn't mean it has permission by filesystem to write and remove. Sorry to say.

Delete file from system location with app-scoped security bookmark

2 Answers