Configuring Gatekeeper through terminal

By | July 13, 2019

Gatekeeper is a great thing that protects not advanced user from installation and launching unwanted and potentially dangerous applications which are not from Apple Store or not signed with a certificate issued by Apple. Previously it was easier than now to avoid this restriction disabling gatekeeper using GUI System Preferences interface, however latest Mac OSX version does not show “Anywhere” option in “Allow apps downloaded from” settings (System Preferences -> Security & Privacy). Currently “Anywhere” option is not visible, and GUI interface does not help, so you need to use spctl terminal command to select it.
This command maintains and evaluates rules that determine whether the system allows the installation, execution, and other operations on files on the system. Let us check status of the gatekeeper with spctl:

# spctl --status -v
assessments enabled
developer id enabled

This status means that it is possible to install applications downloaded from Apple Store plus also install trusted (signed) application with Apple certificate. The GUI “Security & Privacy” equivalent is “App Store and identified developers”.

If you see spctl output looks like this

# spctl --status -v
assessments enabled
developer id disabled

it means that The GUI settings of “Security & Privacy” is set to “App Store” and allow you to install application from Apple Store only.

To disable gatekeeper completely use the this command:

# spctl --master-disable
# spctl --status -v
assessments disabled

Now “Anywhere” option in “Allow apps downloaded from” becomes visible in GUI System Preferences -> Security & Privacy settings even for recent Mac OSX versions such as High Sierra and Mojave:

To enable gatekeeper use the following command:

# spctl --master-enable

Leave a Reply

Your email address will not be published. Required fields are marked *