Here's a fun little exercise on El Capitan:
[email protected]:~$ su - apl Password: iMac:~ apl$ iMac:~ apl$ sudo su - Password: iMac:~ root# echo ls > /usr/bin/foobydoo -sh: /usr/bin/foobydoo: Operation not permitted iMac:~ root#
What's going on? It's SIP (System Integrity Protection, also known as "Rootless") in the latest OS X. It protects /usr, /bin, /System, and /sbin from writing, even by root. It also won't allow you to debug certain protected system processes and you cannot use unsigned kernel extensions at all.
Of course this is good for system security, but it has also killed some apps outright and caused major changes in others.
In some cases, you can still use the app by disabling SIP, installing the app and then renabling SIP. You do that by booting into the Recovery partition and using the csrutil tool.
$ csrutil usage: csrutil
Modify the System Integrity Protection configuration. All configuration changes apply to the entire machine. Available commands: disable Disable the protection on the machine. Requires a reboot. enable Enable the protection on the machine. Requires a reboot. status Display the current configuration.
Most of us won't need to be concerned about any of this.
If you found something useful today, please consider a small donation.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2015-10-21 Anthony Lawrence