FQA

T1GUI: Security & Privacy Guide for Sandbox

Core Security Statement

FileShows is a file management utility built on the App Sandbox architecture. We prioritize data sovereignty through technical design:

  • Sandboxed Isolation: The application operates within a secure, isolated environment, adhering to strict system-level access controls. It cannot access core system data without explicit permission.
  • Local-First Processing: Apart from the necessary user login, the application operates entirely offline. All file scanning, classification, and management are performed locally on your device. You may verify this by using the app in an air-gapped (no internet) environment.
  • On-Demand Access: We follow the principle of "No Interaction, No Operation." The app only initiates file processing after a user explicitly selects a source directory. There are no background processes that silently index or scan unauthorized files.
  • Zero Data Exfiltration: The application contains no logic for remote file transmission. We do not collect, cache, or upload your file content or any private metadata.

Permission Troubleshooting (For Non-App Store Versions)

As an independently distributed application, the macOS automatic authorization trigger may occasionally fail. If you encounter file access issues, please follow these steps:

macos-full disk access

This is the most stable way to ensure a file manager functions correctly under the macOS Sandbox and TCC (Transparency, Consent, and Control) framework.

  • Path: System Settings -> Privacy & Security -> Full Disk Access.
  • Action: Click the "+" icon, select FileShows from your Applications folder, and ensure the toggle is ON.
  • Security Assurance: Since the app is fully functional offline, granting this permission is strictly for local file management.

2. Resolving Missing App in Privacy Lists

If the app does not appear under "Files and Folders," it is usually due to a system-level delay in permission requests.

  • Solution: You do not need to wait for the list to update. Directly enabling Full Disk Access (as described above) overrides individual folder restrictions and provides a comprehensive solution.
  • Reset Permissions: To reset all permission records and start fresh, run the following command in Terminal: tccutil reset All com.iche2.fileshows

3. Critical Reminders

  • Restart Required: After modifying permissions in System Settings, you must restart FileShows for the changes to take effect.
  • Explicit Selection: When using the Choose a directory feature, please confirm the selection in the system dialog. This ensures the app receives the specific "Security-Scoped Bookmark" required to access that path.

T2GUI: Resolving SSH/rsync Permission Errors in Sandbox

Q: Why am I getting "Operation not permitted" or "Permission denied" errors?

A: It is due to the Sandbox security mechanism. Sandboxed applications are restricted from accessing sensitive system directories like ~/.ssh directly. Even if your terminal is configured for passwordless login, the app cannot read your private keys or host verification files. To fix this, you must set up an isolated, non-interactive authentication environment.

Solution: 3 Steps to Enable Automated Synchronization

1. Relocate Your Private Key Copy your private key (e.g., id_rsa or id_ed25519) from the protected .ssh folder to a directory accessible by the app (e.g., ~/Documents/ssh_keys/).

2. Correct File Permissions (Critical) SSH protocols require private keys to be strictly private. Run the following command in your Terminal, or the key will be ignored:

chmod 600 ~/Documents/ssh_keys/id_rsa

3. Use Non-Interactive Command Arguments Configure the app to use specific flags that bypass sandbox restrictions and eliminate manual prompts.

Terminal Validation Examples

Test these commands in your Terminal first. Success is defined as: The transfer starts immediately without asking for a password or "yes/no" confirmation.

Using rsync to sync directories:

# Note: Add "-p [port]" after "ssh" if your server uses a non-standard port.
rsync -avz -e "ssh -i /AbsolutePath/id_rsa -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" /local/path/ root@remote_host:/remote/path/

Using scp to transfer a file:

scp -i /Absolute/Path/id_rsa -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null /local/file root@remote_host:/remote/path/

Key Parameter Breakdown

  • -i [AbsolutePath]: Explicitly points to the private key. Always use full paths (e.g., /Users/name/...,/home/name/...) instead of ~/ to ensure compatibility with the sandbox environment.
  • BatchMode=yes: Disables all interactive prompts. If authentication fails, it exits immediately instead of hanging the app UI while waiting for a password.
  • StrictHostKeyChecking=no: Automatically accepts the remote host's fingerprint.
  • UserKnownHostsFile=/dev/null: Redirects host verification to a null device. This avoids permission conflicts caused by the sandbox's inability to write to the system known_hosts file.

Troubleshooting

  • "Identity file ... not accessible": Double-check the path and ensure the app has permission to access that folder.
  • "Permission denied (publickey)": Ensure your public key has been correctly added to the authorized_keys file on the remote server.

Notes for Linux (Snap) Users

If you are using the Snap version, you must manually connect the SSH interface due to Snap's strict confinement:

  1. Enable Access: Run the following command in your terminal: bash sudo snap connect fileshows:ssh-keys
  2. Verify Status: Run snap connections fileshows. Authorization is successful if ssh-keys appears in the Slot column.
  3. Path Requirement: Ensure you use Absolute Paths for your private keys in scripts (as detailed in the "Key Parameter" section).

Linux (Flatpak) Notes

If you are using the Flatpak version, you must prefix your commands with flatpak-spawn --host to execute binaries outside the sandbox.

1. Grant Permissions Run the following command in your terminal to allow the app to communicate with the host system:

flatpak override --talk-name=org.freedesktop.Flatpak com.iche2.fileshows

Note: Restart the application after running this command.

2. Command Usage Add the flatpak-spawn --host prefix to any external script or command.

Examples: * Rsync: flatpak-spawn --host rsync -avz /src/path/ user@host:/dest/path/ * Gzip: flatpak-spawn --host gzip /path/to/file

Key Points * Full Access: Compatible with any CLI tool installed on your host. * Environment: Inherits host SSH keys, configurations, and environment variables. * Pathnames: You must use absolute paths as defined on the host system.

Requirement: Ensure the required tools (e.g., rsync) are already installed on your host system. If a command works in your standard terminal, it will work here with the prefix.