← Back to docs
💾
Features

Why FocusDragon needs Full Disk Access

Last verified: May 2026

The technical reason

FocusDragon's daemon enforces website blocking at the DNS level by writing entries to /etc/hosts — the system file that maps domain names to IP addresses. macOS protects /etc/hosts behind Full Disk Access. Without FDA, the daemon literally cannot write to that file and DNS-level blocking silently fails.

Why DNS blocking matters more than extensions

  • Browser extensions only run inside the browser they're installed in. Safari, Chrome, and Firefox are covered; Orion and any browser where you haven't installed the extension bypass extension-only blocking.
  • DNS-level blocking via /etc/hosts is browser-agnostic — every app on the Mac that resolves a domain hits the same blocklist.
  • Without FDA, a user with Arc or Brave thinks FocusDragon is broken when actually the daemon's DNS layer is just inert.

What FocusDragon does NOT read with FDA

FDA grants access to a wide range of personal files, but FocusDragon only writes to /etc/hosts and reads its own daemon config under /Library/Application Support/FocusDragon/. We do not read your Documents, Desktop, Downloads, Photos, Mail, Messages, or any other personal directory. The permission is broad because Apple's permission model doesn't offer narrower scoping for /etc/hosts.

Granting Full Disk Access

  • Open System Settings → Privacy & Security → Full Disk Access.
  • Toggle FocusDragon on. (You may need to authenticate with Touch ID or your password.)
  • Toggle the FocusDragon daemon on as well if it appears separately.
  • Restart FocusDragon for the change to take effect on all enforcement paths.

What happens if you decline

  • App-blocking still works — that uses different permissions.
  • Safari and Chrome website blocking still works via the extensions.
  • Orion and any other browser where you haven't installed the extension do not have their domains blocked.
  • The block looks active in the UI but bypasses are silent and easy.
If you've granted FDA and blocking still isn't working on a specific browser, install the Safari or Chrome extension for additional in-tab redirect coverage.
Still stuck? Contact support