As I understand it full disk access means the app can read the disk outside of the usual (strict) app sandbox or explicit user actions like file modals.
This is completely separate from the unix user permissions.
> This is completely separate from the unix user permissions.
It's supposed to be separate, but, with the Time Machine hole, it actually overrides them. So, if an admin enables FDA for Terminal (so that they can actually use it), then a Guest account on the system can use Terminal to create a TM snapshot, mount it, and read any file on the system, from any user, regardless of Unix file permissions.
It's supposed to be separate, but, with the Time Machine hole, it actually overrides them. So, if an admin enables FDA for Terminal (so that they can actually use it), then a Guest account on the system can use Terminal to create a TM snapshot, mount it, and read any file on the system, from any user, regardless of Unix file permissions.