I'm trying to copy under root file into /System folder. It works well on all previous OS X version but not on El Capitan 10.11
Here how I copy file under root in terminal:
MACMINI:~ myusername$ sudo su -
MACMINI:~ root# cp /Users/myusername/Desktop/myfile.plist /System/Library/LaunchDaemons/
As result I receive an error:
cp: /System/Library/LaunchDaemons/myfile.plist: Operation not permitted
anywhere on the Desktop, enter Command+Shift+G, then type / and hit return. This will take you to root (Macintosh HD)
If you can't move or copy a file or folder, you might need to change its permissions settings. You might also need to change permissions settings for the disk, server, or folder where you want to move the item. On your Mac, select the item, then choose File > Get Info, or press Command-I.
In Mac, the root directory can also be referred as Macintosh HD as this will show you the root directory files and folders. By default you won't find it in Finder and desktop as most of the users do not need to access the system files and folders.
El Capitan now protects certain system directories in "rootless" mode (a.k.a. System Integrity Protection). If you run the command ls -lO /System/Library/LaunchDaemons
you'll see that the directories and files under there are now marked as "restricted."
You can disable rootless mode like this:
csrutil disable
When you're done, it is highly recommended that you re-enable SIP by following the same steps, but using csrutil enable
in step 3.
I ran into a problem with the same root cause while trying to get pear/pecl modules and macports/homebrew apps installed. Those typically need to install files into /usr/include and /usr/lib, which are also now restricted.
Note: Previous answers around the Internet about this problem give you instructions for modifying NVRAM settings, but Apple stated that the NVRAM method would stop working with El Capitan's public release. The GM release has already disabled the NVRAM workaround, so this answer should get you what you need moving forward.
UPDATE: This same method is applicable to macOS Sierra, and probably new macOS versions for the foreseeable future.
ANOTHER UPDATE! It looks like Catalina's trying to do us in. They moved all the files I had previously forced to go where the Linux stuff had to go:
And they left this funny notice: I'm kind of wondering whose computer I'm using now.
At any rate, I think most of the tools like brew and PEAR that used to need this workaround have adapted. I don't really know because making macOS behave 100% like Linux has become silly, so I use VMs when I need command line Linux things.
This workaround may still do the trick with Catalina. I haven't tried. I'm not going to do so for the sake of research, but I'll report back if I have a need to give it a shot.
Considering that certain system directories are protected from being written at all (even with root) under OS X 10.11 (El Capitan) unless security measurements are disabled (see answer by Chris Ostmo) it's obviously a good idea to not modify those directories at all with custom system hacks.
Own LaunchDaemons should be installed to:
/Library/LaunchDaemons/
(not /System/Library/LaunchDaemons/)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With