How to grant permissions on macOS Mojave to run background tasks

Fluidkeys uses cron to schedule an hourly task that runs in the background. The task is called fk sync and attempts to do two things:

  1. It checks if your key is overdue for extension. If it is, Fluidkeys extends both your sub key and primary key.
  2. It checks whether there are any changes to the team roster. If there are, it then fetches any new public keys.

Whenever you manually run fk it automatically attempts to schedule this task in cron, therefore it will have attempted to do this when you first install Fluidkeys, too.

Test that `fk sync` isn't already scheduled

Run fk status, you should see a warning that starts like this:

fk status

 🔥 Failed to schedule automatic key maintenance and rotation

If you don’t see that error, but see a message like this…

fk status
    Added Fluidkeys to crontab.  Edit /Users/jayne/.config/fluidkeys/config.toml to remove.

… then success, you don’t need to do anything else! 🙌

For the rest of you seeing that error above, read on…

Try to schedule `fk sync` in `cron` manually

The warning provides you with instructions on how to manually scheulde the task. Do this next.

Run crontab -e and add the following lines:

# Fluidkeys added the following line to keep you and your team's keys updated
# automatically with `fk sync`
# To configure this, edit your config file (see `ffk --help` for the location)
@hourly perl -e 'sleep int(rand(3600))' && /usr/local/bin/fk sync --cron-output

You may hit another error when attempted to save the file, again due to permissions. It would look like this:

crontab -e
crontab: installing new crontab
crontab: tmp/tmp.64365: Operation not permitted
crontab: edits left in /tmp/crontab.vd6aCcGkgl

If this happens, the next step is to grant full disk access to Terminal or iTerm.

Grant full-disk access to iTerm/Terminal

  1. Open System Preferences, then Security & Privacy > Privacy and select Full Disk Access A screenshot of the macOS Systems Preferences menu, with Security and Privacy highlighted

  2. Click the (+) icon to add an item to the list. You may have to unlock the panel to access this.

  3. In the search bar in the top right, type iTerm (or Terminal if you're using that instead). You should see it listed in the Finder window, like this: A screenshot of the macOS Systems Preferences menu, with Security and Privacy highlighted Select it, and click Open.

    (If you need to manually locate the files, iTerm is typically found in `Macintosh HD > Applications`, and Terminal is found in `Macintosh HD > Applications > Utilities`)

  4. You may be prompted that iTerm (or Terminal) will not have full disk access until it is quit. Click Quit now, and close all the windows.

Test that Fluidkeys can now be scheduled

Reopen iTerm or Terminal and run fk status. You should now see the following:

fk status
    Added Fluidkeys to crontab.  Edit /Users/jayne/.config/fluidkeys/config.toml to remove.

Success! 😅

Still having problems? Email help@fluidkeys.com and we’ll do our best to get you up and running.