Operation Not Permitted when on root - El Capitan (rootless disabled)

MacosOsx Elcapitan

Macos Problem Overview

I am trying to move something to /usr/bin on OS X El Capitan. I have disabled rootless using the following commands: sudo nvram boot-args="rootless=0"; sudo reboot, but I keep getting the same error:

MacBook-Air:~ Mark$ sudo cp class-dump /usr/bin
Password:
cp: /usr/bin/class-dump: Operation not permitted
MacBook-Air:~ Mark$ sudo mv class-dump /usr/bin
mv: rename class-dump to /usr/bin/class-dump: Operation not permitted

Macos Solutions

Solution 1 - Macos

Nvm. For anyone else having this problem you need to reboot your mac and press ⌘+R when booting up. Then go into Utilities > Terminal and type the following commands:

csrutil disable
reboot

This is a result of System Integrity Protection. More info here.

EDIT

If you know what you are doing and are used to running Linux, you should use the above solution as many of the SIP restrictions are a complete pain in the ass.

However, if you are a tinkerer/noob/"poweruser" and don't know what you are doing, this can be very dangerous and you are better off using the answer below.

Solution 2 - Macos

Correct solution is to copy or install to /usr/local/bin not /usr/bin.This is due to System Integrity Protection (SIP). SIP makes /usr/bin read-only but leaves /usr/local as read-write.

SIP should not be disabled as stated in the answer above because it adds another layer of protection against malware gaining root access. Here is a complete explanation of what SIP does and why it is useful.

As suggested in this answer one should not disable SIP (rootless mode) "It is not recommended to disable rootless mode! The best practice is to install custom stuff to "/usr/local" only."

Solution 3 - Macos

If you want to take control of /usr/bin/

You will need to reboot your system:

Right after the boot sound, Hold down Command-R to boot into the Recovery System

Click the Utilities menu and select Terminal

Type csrutil disable and press return

Click the  menu and select Restart

Once you have committed your changes, make sure to re-enable SIP! It does a lot to protect your system. (Same steps as above except type: csrutil enable)

Solution 4 - Macos

Most probable reason is the system integrity protection (SIP) - csrutil is the command line utility. You need to disable it to view the directory.

  • To view your status you need to:

csrutil status

  • To disable it (which is usually a bad idea):

csrutil disable

(then you will probably need to reboot).

To enable it (which should be turned back on when you are done):

csrutil enable

Solution 5 - Macos

If after calling "csrutil disabled" still your command does not work, try with "sudo" in terminal, for example:

sudo mv geckodriver /usr/local/bin

And it should work.

Categories
Recommended Macos Solutions
Recommended Osx Elcapitan Solutions

Previous Solution:

Setting active profile and config location from command line in spring boot

JavaSpringGradleSpring BootYaml

Next Solution:

Redux - multiple stores, why not?

JavascriptRedux

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionMark BourkeView Question on Stackoverflow
Solution 1 - MacosMark BourkeView Answer on Stackoverflow
Solution 2 - MacoshariszamanView Answer on Stackoverflow
Solution 3 - MacosElliot YapView Answer on Stackoverflow
Solution 4 - MacosCoderTrackView Answer on Stackoverflow
Solution 5 - MacosNicolasView Answer on Stackoverflow