[csande17]

> At least, that’s how it’s supposed to work, but if Alice is an admin user and gives Terminal Full Disk Access (FDA), then Alice can quite happily navigate to Bob’s Desktop and Downloads folders (and everyone else’s) regardless of what TCC settings Bob (or those other users) set.

How does this interact with regular Unix file permissions? Is the assumption that Alice is using sudo, or do modern macOS versions mark all user files world-readable?

[adib]

Alice finds a recent Time Machine local snapshot and mount that elsewhere with owners disabled. Then Alice can browse everyone else's (recent) files – without needing sudo access.

[crazygringo]

Yes it's essentially sudo.

By default, a user can't see another user's files.