Here's a fun little exercise on El Capitan:
tony@iMac:~$ su - apl
iMac:~ apl$ sudo su -
iMac:~ root# echo ls > /usr/bin/foobydoo
-sh: /usr/bin/foobydoo: Operation not permitted
What's going on? It's SIP (System Integrity Protection, also known as "Rootless") in the latest OS X. It protects /usr, /bin, /System, and /sbin from writing, even by root. It also won't allow you to debug certain protected system processes and you cannot use unsigned kernel extensions at all.
Of course this is good for system security, but it has also killed some apps outright and caused major changes in others.
In some cases, you can still use the app by disabling SIP, installing the app and then renabling SIP.
You do that by booting into the Recovery partition and using the csrutil tool.
Modify the System Integrity Protection configuration. All configuration changes apply to the entire machine.
Disable the protection on the machine. Requires a reboot.
Enable the protection on the machine. Requires a reboot.
Display the current configuration.
Most of us won't need to be concerned about any of this.
Use and Abuse of /usr/local/bin
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Anthony Lawrence
Find me on Google+
© 2015-10-21 Anthony Lawrence