How to Add Gatekeeper Exceptions from Command Line in Mac OS X
Typically if you want to have an application launch approved by the GateKeeper feature on a Mac, you right-click on the unidentified developers application and choose “Open”, or go through System Preferences to bypass Gatekeeper that way. Another option is to manually add application approvals and exceptions to Gatekeeper by turning to the command line in Mac OS X.
This is great for advanced users who want to script or automate application approvals, but it can also be helpful for remote administration and in other situations as well.
We’ll turn to the spctl command to achieve the desired effect here, which, as we’ve discussed before, users can also interact with to enable and disable Gatekeeper from Terminal.
Add an Application to Gatekeeper Approval from the Command Line in Mac OS X
To add an application to Gatekeepers exceptions and approved application launch list, use the –add flag with spctl to approve an application launch. The following syntax style is appropriate:
spctl --add /Path/To/Application.app
For example, to add approval for the imaginary application called “GooseRoute” that resides in the users downloads folder, the syntax string would look like the following:
spctl --add ~/Downloads/GooseRoute.app
You’ll need to enter an administrator password to approve the application with Gatekeeper, otherwise you can prefix the command with sudo if you’re performing this from SSH or want to automate the process.
Remove an Applications Gatekeeper Exception with spctl in Mac OS X
Removing an application from the Gatekeeper approval list is just as easy, simply switch out the –add flag with –remove, the syntax is otherwise the same:
spctl --remove /Path/To/Application.app
Again, you can prefix the command with sudo if desired, otherwise the familiar admin authentication pop-up will appear in Mac OS X to complete the removal of the application from Gatekeepers authorization list.
Remember, if you’re adding or removing applications that are buried in the file system with long complex paths, you can always drag and drop it into the Terminal window to print out the full path.
Please update to Big Sur
This might be a very helpful tip for me, if only I can work out how I can use it to add a PrefPane, rather than an application, to this command.
I did this using
“spctl –add ~/Library/PreferencePanes/MultiBrowser.prefPane/Contents/MacOS/MultiBrowser”
“spctl –add ~/Library/PreferencePanes/MultiBrowser.prefPane”
You should probably be able to do similar.
I was able to do this without any problems:
spctl –add ~/Library/PreferencePanes/MultiBrowser.prefPane
spctl –add ~/Library/PreferencePanes/MultiBrowser.prefPane/Contents/MacOS/MultiBrowser
I think the trick here is making sure you catch the binaries inside of the PrefPane bundle.
After you right-click and select Open, Gatekeeper doesn’t prevent the app from launching anymore. Therefore, adding an exception in Terminal really isn’t needed unless maybe you want to push an unsigned app out to a large group of Mac users who are too lazy or too dumb to right-click.
There’s a fastest way: don’t double click. Right click the app and click in Open.
The OS will ask if you really want to open it.
That sounds like the result of the upcoming security improvement to OS X, Rootless, which protects system files.
I use Flavors app to modify the OS to improve the look and feel and “flavor”… The developers say they CANNOT make a compatible app for El Capitan – is this method a possible workaround?
If that app works on 10.10, I would assume it’s more related to rootless than Gatekeeper.
Not that it’s really that important, but I like how whoever edited the picture up top decided they should use the current Terminal icon, but not the current Security/Gatekeeper icon. Was that a conscious decision or rather, why is it that at this point, all article icons aren’t just the Yosemite versions? Again, this doesn’t really matter, but I just feel like pointing it out because I see this all over the place and it’s usually the Security icon that is outdated which I find almost a bit ironic.
Great stuff thanks