- open -a Emacs ~/Desktop
open -a Emacs ~/Library
open -a Emacs ~/Downloads
open -a Emacs /Volumes/Time\ Machine/
and so on. After doing that once, I could access them again in the future. I have no idea where this is recorded, or what other directories I will find on the exclusion list in the future.
The latest one that I cannot figure out is that "crontab -" works from Terminal, but from inside an Emacs shell buffer it says,
- crontab: tmp/tmp.16124: Operation not permitted
Why can Terminal do things that Emacs can't and how do I fix that?
I tried doing that "open" trick with /tmp, /var/tmp, /private/tmp, /private/var/tmp, /private/var/at/tmp, ~/tmp... it's not one of those. You might think, "run crontab under dtruss to figure out what directory you need to authorize! You sweet summer child, dtruss hasn't been functional on macOS for roughly a thousand years.
Update: The fix is to give /usr/bin/ruby full disk access! You get full disk access, and you, and you, and you! Turns out that the Emacs startup sequence begins with a Ruby script that decides what executable to launch, so the topmost process is the one that counts.