Privileged File System Access With ChronoSync Express Connect to ChronoAgent and gain full access to all files in the file system

Privileged File System Access With ChronoSync Express

ChronoSync Express is designed to run within the “application sandbox,” which is a security mechanism enforced by macOS. Being “sandboxed” is a requirement for all applications distributed on the Mac App Store. Sandboxed applications have restricted access to operating system services, including the file system. This poses a significant challenge for ChronoSync Express because it needs to access your file system in order to backup and/or synchronize your data.

When you configure a sync or backup task in ChronoSync Express, the program requests a “security scope” from the operating system so that it can access the files within your source and destination target. This is implicitly granted by the you, the user, when you choose and/or drag-in a target folder. This works pretty well and you can thus use ChronoSync Express to backup and sync a wide variety of data. However, the security scope is finite: ChronoSync Express cannot access system files or files belonging to other user accounts. This imposes a limit on ChronoSync Express’s usefulness.

ChronoSync Express’s older sibling, ChronoSync, does not have these restrictions. It is not a sandboxed application and thus can request full access to your system. This is done by selecting “Mounted Volumes (Admin Access)” as the connection type for your targets. The user must provide administrative credentials, at which point ChronoSync has full access to all the files on your computer. However, there IS a way to grant ChronoSync Express full access to your system. It’s called ChronoAgent.

ChronoAgent is a separate product that is meant to be used in conjunction ChronoSync and ChronoSync Express. You typically install ChronoAgent on a remote Mac and then establish a network connection to it from ChronoSync or ChronoSync Express. ChronoAgent provides much higher performance and better security than built-in file sharing and is generally regarded as the better approach to synchronizing/backing up data between two Macs.

One additional advantage of ChronoAgent, however, is that it provides full, privileged file system access to all files on the computer that it is installed on. This allows you to do things like backup all users & system files on the remote computer. The technique presented in this guide leverages this fact by installing ChronoAgent on the SAME computer as ChronoSync Express. ChronoSync Express can then establish a connection to ChronoAgent as if it were a remote computer and thus gain full access to all files in the file system!

SETUP CHRONOAGENT

Download and install ChronoAgent on the same computer that you have ChronoSync Express installed on. ChronoAgent is configured in System Preferences, so open that up and choose ChronoAgent.

Switch to the General tab (you will have to provide your administrator credentials to do this). Provide a name to your ChronoAgent, typically something that describes the computer it is running on. You should also provide a username and password that will be required for ‘remote’ copies of ChronoSync Express to connect to it.

After supplying this information, be sure to turn ChronoAgent ON.

You are now finished with ChronoAgent configuration and may close the System Preferences window.

CREATE A CONNECTION PROFILE

The next step is to launch ChronoSync Express and create a connection profile. Connection profiles are used to connect to remote ChronoAgents and/or InterConneX sharespaces on your iOS device. To create a connection profile, open ChronoSync Express’s Preferences and switch to the Connections tab.

Click the (+) button and you will begin creating your connection profile.

First, you need to give your connection profile a name. Since we are connecting to a ChronoAgent that is running on the same computer as ChronoSync Express, we’ve given it the name “Myself” in the above example.

You then must choose the ChronoAgent from the “Connect to:” popup menu. This is the name you gave your agent when you configured it in System Preferences. Note that if you have other copies of ChronoAgent installed on your local network, you’ll see them in this popup menu. Be sure to choose the correct one.

Lastly, you must also supply the same login credentials you specified when configuring your ChronoAgent in System Preferences.

Upon supplying all the information, “Test” the connection and then click the “Next” button.

The next panel to appear is “Advanced.” There is nothing to do here – just click “Next” again.

The last panel to appear is “Mappings.” It is VERY IMPORTANT that you change the “Mapping Mode” to “None.” Click “Save” and you are finished with your connection profile configuration.

TARGET SPECIFICATION

The last step is to configure your backup or sync task document to use your new connection profile. This is done by creating a new task document (or modify an existing one that you wish to grant full system access to) and select “Myself” from the “Connect to” popup menu.

If your are backing up to a locally attached hard drive, make sure you make this change for both targets. IMPORTANT: If you are backing up to a file server or NAS device, the destination target should remain “Local Volumes,” since the ChronoAgent connection provides no advantage when communicating with a file server.

At this point you simply click “Choose” and use the ChronoAgent’s target selector to choose your source (and possibly destination) targets just like you normally would. You’ll notice you can navigate anywhere on your system, including other user’s home folders.

privileged file system access

CONSIDERATIONS

Connecting to a local instance of ChronoAgent is an effective way to overcome the limitations imposed on sandboxed applications by the operating system. However, it does require the purchase of a separate piece of software to get the job done. ChronoAgent is currently available for $14.99, so when you add it to the $24.99 price of ChronoSync Express, you’ll end up spending $39.98 for this capability. For $10 more, you can purchase the full version of ChronoSync and gain many other capabilities, too. You may be better off simply upgrading to the full ChronoSync.

However, there are other situations in which you may want to use ChronoAgent. For instance, installing it on the same computer as ChronoSync Express allows another computer on your network to transparently backup your computer. If you’re already using ChronoAgent in this regard (or plan to), you can use the technique presented in this guide for ‘free’ to gain full, privileged file system access!

TECHNICAL SUPPORT

If you have any questions or issues setting up ChronoAgent or ChronoSync Express, contact our technical support team and just ask! We don’t mind — we’re here to help!

Shopping cart0
There are no products in the cart!
Continue shopping
0