[Bug Report] Recurring file access prompts on macOS
Describe the bug I have been running into incessant ""Stash" would like to access files in your Downloads folder." and ""Stash" would like to access files on a removable volume." prompts on my Mac (running Sonoma 14.7) to the point of Stash being almost unusable.
To Reproduce Any activity that accesses files, be it a scan or simple browsing and playing of content, leads to multiple prompts.
Expected behavior The prompts to not recur after the access being granted when running Stash for the first time post install.
Screenshots
Stash Version v0.27.2
Desktop
- OS: macOS Sonoma 14.7
- Browser: Firefox
- Version: 131.0.3 (aarch64)
Additional context I have enabled Full Disk Access for Stash.
Copied answer from WP in a now deleted Issue#4796
As far as I know, there's nothing we can do within stash to stop this message from appearing. stash does not explicitly request any permissions; all disk access is done at a low level, and the stash code has no knowledge/access to the macos permission infrastructure. See also: https://forum.makemkv.com/forum/viewtopic.php?t=25455 https://iboysoft.com/howto/allow-access-to-removable-volumes-mac.html
Thanks for looking into this, @stg-annon.
I am only running into this issue with Stash. Interestingly, the *arr apps work just fine after giving specific folder permission/s on the initial prompt and don't require full disk access.
Could this be something to do with how Stash is notarized? 🤔
I also had this problem on an M4 Mac mini running MacOS Sequoia 15.1.1 and Stash.app v0.27.2 I was able to fix it by replacing the signature:
codesign --force --deep -s - /Applications/Stash.app && xattr -rd com.apple.quarantine /Applications/Stash.app
I also had this problem on an M4 Mac mini running MacOS Sequoia 15.1.1 and Stash.app v0.27.2 I was able to fix it by replacing the signature:
codesign --force --deep -s - /Applications/Stash.app && xattr -rd com.apple.quarantine /Applications/Stash.app
Signed up for git just to comment here.
Just got Mac Mini M4 MacOS Sequoia 15.2 to setup as my new server. Was having same issue as OP on (as well as a separate equally annoying MacOS Firewall issue; Stash 0.27.2 could not be accessed from any LAN device other than localhost, while the MacOS FW was active).
The above command fixed both issues for me!
Thank you so much @tvjctr; I've been trying various workarounds for a couple days to no avail.
Considering all this info, would notarizing and signing (not sure these are correct/exact terms) stash.app fix these issues for MacOS users? I'm not well versed in these topics, but it seems Apple considers stash.app as unknown developer, and it may be imparting additional security controls (or bugged security controls) on such an app....
Sadly that did not work for me. This is such an annoying problem.
I also had this problem on an M4 Mac mini running MacOS Sequoia 15.1.1 and Stash.app v0.27.2 I was able to fix it by replacing the signature:
codesign --force --deep -s - /Applications/Stash.app && xattr -rd com.apple.quarantine /Applications/Stash.appSigned up for git just to comment here.
Just got Mac Mini M4 MacOS Sequoia 15.2 to setup as my new server. Was having same issue as OP on (as well as a separate equally annoying MacOS Firewall issue; Stash 0.27.2 could not be accessed from any LAN device other than localhost, while the MacOS FW was active).
The above command fixed both issues for me!
Thank you so much @tvjctr; I've been trying various workarounds for a couple days to no avail.
Considering all this info, would notarizing and signing (not sure these are correct/exact terms) stash.app fix these issues for MacOS users? I'm not well versed in these topics, but it seems Apple considers stash.app as unknown developer, and it may be imparting additional security controls (or bugged security controls) on such an app....
I just signed up to comment on this issue as well.
When attempting the workaround you referenced on macOS Sequoia 15.5, I keep getting the following:
/Applications/Stash.app: replacing existing signature
/Applications/Stash.app: resource fork, Finder information, or similar detritus not allowed
If there's forbidden detritus present, it seems like it's a great time to bring the Stash.app package into compliance with current MacOS security rules.
Considering all this info, would notarizing and signing (not sure these are correct/exact terms) stash.app fix these issues for MacOS users? I'm not well versed in these topics, but it seems Apple considers stash.app as unknown developer, and it may be imparting additional security controls (or bugged security controls) on such an app....
It's very unlikely. It's typical Apple monopolistic behaviour that has nothing to do with security. To notrize an app you need:
- Apple Developer Membership ($99 per year)
- macOS device with XCode
- Cannot be fully automated
- Must be done PER BUILD
- You have to wait for a confirmation email from Apple to say the build was successfully notarized
Just opening developer account requires personal details which nobody here wants to associate with the adult project.
Stash binaries are built using https://github.com/stashapp/stash/blob/develop/Makefile, which you can reproduce yourself.
I just signed up to comment on this issue as well.
When attempting the workaround you referenced on macOS Sequoia 15.5, I keep getting the following:
/Applications/Stash.app: replacing existing signature /Applications/Stash.app: resource fork, Finder information, or similar detritus not allowedIf there's forbidden detritus present, it seems like it's a great time to bring the Stash.app package into compliance with current MacOS security rules.
Unsure why you are getting that result, but even on 15.6 the self-signed signature procedure still functions. Check your permissions?
For others having issues, make sure you are using the .app version of stash, and that it has been moved to your Applications folder firstly.
Am I correct in understanding that this method requires a developer account?
I also had this problem on an M4 Mac mini running MacOS Sequoia 15.1.1 and Stash.app v0.27.2 I was able to fix it by replacing the signature:
codesign --force --deep -s - /Applications/Stash.app && xattr -rd com.apple.quarantine /Applications/Stash.app
If so, does anyone have a solution for those of us who are not developers? Terminal gives me "zsh: no such user or named directory: code sign" as an error.
Additionally quarantine can be used to lift some restrictions (but not all file access notices) https://apple.stackexchange.com/questions/373176/disable-the-use-of-the-com-apple-quarantine-extended-attribute-on-mojave
Like DogmaDragon said, nothing we can realistically do, as it also requires a mac development machine to notarize, on top of all the previous requirements