I have been working on putting together a simple bash script to backup my client’s macOS users files to a local NAS in their office. I put this script in a cron job in my macOS Big Sur, but kept getting Operation not permitted” error in my macOS Big Sur machine. WTF!
Crazy thing was that the script worked when I ran it directly on my terminal, but it gave me the above error when I placed it in my crontab. I decided to brew my coffee at home before troubleshooting this issue with this operation not permitted error in macOS.
It turns out the issue is with macOS Big Sur permissions for cron daemon.
Grant cron Full Disk permissions to fix operation not permitted error in macOS

You need to go to your Security & Privacy settings in your macOS and unlock it by clicking on the ‘lock’ bottom left corner. Then do this:

- Go to the Privacy tab and select Full Disk Access.
- Under the list of apps on the right panel click on ‘+’.
- Use keyboard shortcut: Command+Shift+G to open “Go to Folder”.
- Navigate or enter path: /usr/sbin/cron and select Go.
- Make sure ‘cron’ now appears in the list of apps with Full Disk Access.
- You may also need to add ‘smbd’ and ‘Terminal’ to the list. Use the same process indicated above.
Now, try again and test your cron job and let me know if it works. You can contact me if you have any questions. Also, check out some of my coffee mugs and T-Shirt designs inspired by technology:
I have only now upgraded from Mojave to Ventura after finding a solution for my last 32-bit applications, and I bumped into this problem too. One would think that this could be solved by adding specific ACLs, but this fails because it seems that SIP imposes extra restrictions based on what process is trying to access Documents, and the user under which the process runs is irrelevant, even if it has all the required access rights. For this reason I also had to give apache2 (httpd) Full Disk Access to allow testing a website from within my Documents folder, and this feels awkward. It would be much better to use the ‘Files and Folders’ permission, but I see no way to add something like cron or httpd to that list.
The safer solution is probably to move everything that must be accessed by cron or http outside of the Documents folder, such that they don’t need to be given FDA.
Thank you for your feedback!