This isn’t new news but it was new to me. “Modern” macs have a security feature called “Full Disk Access” which sits on top of your computer’s normal security systems and prevents programs from accessing certain files/resources.
This is good — but apparently something about the protections of Full Disk Access prevent
cron from working on your Mac out of the box.
There are solutions — but neither one is great. Option 1 is to add the
/usr/sbni/cron binary to the Full Disk Access allowlist — i.e. to opt it out of the protections offered by Full Disk Access. This works — but at the cost of some security and leaving you with a nagging hope/worry that Apple engineers are considering this use case when making decisions related to overall system security.
The other solution might be just dropping your use of cron entirely and using Apple’s launchd system instead. Launchd has been around for a long time and is probably better than cron, but it’s also more complicated and the time you spend learning launchd won’t really apply to other areas of your computing life. While it’s open source I’ve never seen it used outside of Apple’s own computers.
Speaking of cron — I recently embraced certbot and Let’s Encrypt for my SSL/HTTPS needs and noticed that after setup certbot wasn’t using cron to check for and update its certificates. Instead it was using systemd-timers. Again, a system that’s probably better than cron, but also more complicated.