General Topics






Tips and How-To


IntegrityChecker java (icj): security permissions, especially on macOS Catalina

For icj to run, the java executable must have permissions for the folders and files it processes.


Updating entire volumes

Doing on update on a volume may require using 'sudo' in order to allow the hash file data to be written at the volume level. Assuming a volume named Photos, invoke with sudo this way:

sudo icj update Photos

Alternatively change the owner of the volume to your login name so that sudo is not needed. Assuming your login username is "steve" and the volume Photos, use:

sudo chown steve /Volumes/Photos

Security restrictions

In macOS Catalina, rigorous security restrictions are in effect. Unless otherwise allowed, icj will have limited access to files and folders. See these pages for how to add permsissions for java and other applications

How to Add File/Folder Access Permissions for Java in macOS Catalina

How to Add File/Folder Access Permissions in macOS Catalina

Full Disk Access is recommended for 'java' in order to allow icj to run everywhere needed without spewing thousands of permissions warnings. However, it is also possible to restrict access to specific files and folders using the Files and Folders tab shown below.

The location of 'java' can vary, but if installed with OpenJDK with the provided script, it will be found in a place like:


See the next screen shot below.

Security permissions showing full disk access for 'java'

Below, navigating to 'java':

Locating 'java' in /Library/Java/JavaVirtualMachines/...
Previous page: Usage Tips
Next page: icj verify