How to Add Gatekeeper Exceptions from Command Line in Mac OS X

Jul 15, 2015 - 11 Comments

Gatekeeper app approval and removal with command line in OS X

Typically if you want to have an application launch approved by the GateKeeper feature on a Mac, you right-click on the unidentified developers application and choose “Open”, or go through System Preferences to bypass Gatekeeper that way. Another option is to manually add application approvals and exceptions to Gatekeeper by turning to the command line in Mac OS X.

This is great for advanced users who want to script or automate application approvals, but it can also be helpful for remote administration and in other situations as well.

We’ll turn to the spctl command to achieve the desired effect here, which, as we’ve discussed before, users can also interact with to enable and disable Gatekeeper from Terminal.

Add an Application to Gatekeeper Approval from the Command Line in Mac OS X

To add an application to Gatekeepers exceptions and approved application launch list, use the –add flag with spctl to approve an application launch. The following syntax style is appropriate:

spctl --add /Path/To/

For example, to add approval for the imaginary application called “GooseRoute” that resides in the users downloads folder, the syntax string would look like the following:

spctl --add ~/Downloads/

You’ll need to enter an administrator password to approve the application with Gatekeeper, otherwise you can prefix the command with sudo if you’re performing this from SSH or want to automate the process.

Remove an Applications Gatekeeper Exception with spctl in Mac OS X

Removing an application from the Gatekeeper approval list is just as easy, simply switch out the –add flag with –remove, the syntax is otherwise the same:

spctl --remove /Path/To/

Again, you can prefix the command with sudo if desired, otherwise the familiar admin authentication pop-up will appear in Mac OS X to complete the removal of the application from Gatekeepers authorization list.

Remember, if you’re adding or removing applications that are buried in the file system with long complex paths, you can always drag and drop it into the Terminal window to print out the full path.


Related articles:

Posted by: Paul Horowitz in Command Line, Mac OS, Tips & Tricks


» Comments RSS Feed

  1. Frederique Lesne says:

    Please update to Big Sur

  2. Andrew says:

    This might be a very helpful tip for me, if only I can work out how I can use it to add a PrefPane, rather than an application, to this command.


    • sg says:

      I did this using
      “spctl –add ~/Library/PreferencePanes/MultiBrowser.prefPane/Contents/MacOS/MultiBrowser”


      “spctl –add ~/Library/PreferencePanes/MultiBrowser.prefPane”

      You should probably be able to do similar.

    • sg says:

      I was able to do this without any problems:

      spctl –add ~/Library/PreferencePanes/MultiBrowser.prefPane
      spctl –add ~/Library/PreferencePanes/MultiBrowser.prefPane/Contents/MacOS/MultiBrowser

      I think the trick here is making sure you catch the binaries inside of the PrefPane bundle.


  3. After you right-click and select Open, Gatekeeper doesn’t prevent the app from launching anymore. Therefore, adding an exception in Terminal really isn’t needed unless maybe you want to push an unsigned app out to a large group of Mac users who are too lazy or too dumb to right-click.

  4. Kyrodes says:

    There’s a fastest way: don’t double click. Right click the app and click in Open.

    The OS will ask if you really want to open it.

  5. Rex Rollman says:

    That sounds like the result of the upcoming security improvement to OS X, Rootless, which protects system files.

  6. I use Flavors app to modify the OS to improve the look and feel and “flavor”… The developers say they CANNOT make a compatible app for El Capitan – is this method a possible workaround?

  7. Avenged110 says:

    Not that it’s really that important, but I like how whoever edited the picture up top decided they should use the current Terminal icon, but not the current Security/Gatekeeper icon. Was that a conscious decision or rather, why is it that at this point, all article icons aren’t just the Yosemite versions? Again, this doesn’t really matter, but I just feel like pointing it out because I see this all over the place and it’s usually the Security icon that is outdated which I find almost a bit ironic.

  8. Wharf Xanadu says:

    Great stuff thanks

Leave a Reply


Shop on and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks


iPhone / iPad



Shop on Amazon to help support this site