I have authenticated root user as per this tutorial https://support.apple.com/en-us/HT204012
and edit menu shows Disable Root User option confirming it is enabled.
I am still getting EACCES errors and have to use sudo. Additionally, even with sudo, I am getting an EACCES error about mkdir in an npm package from a terminal script even though I have universal read and write permissions for the whole folder.
Does anybody know what's going on or how I can give myself universal use of the terminal without sudo?
To block malware, resent releases of macOS include System Integrity Protection, which makes the following directories unwritable except as part of an OS upgrade:
/System
/bin
/sbin
/usr (except /usr/local, that's writable)
"many" applications in /Applications
This feature can't be disabled while the system is booted up – it can only be disabled by rebooting off the "recovery" partition using the csrutil command:
Boot your mac holding Command + R before the Apple logo appears
Launch Terminal from the Utilities menu
Run csrutil status to check the status, and csrutil disable or csrutil enable to change it.
Reboot to exit the recovery partition
For more details:
https://developer.apple.com/library/mac/documentation/Security/Conceptual/System_Integrity_Protection_Guide/ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html
Related
While trying to install ClickHouse in a macOS Catalina, doing the following command:
➜ ~ curl -O 'https://builds.clickhouse.tech/master/macos/clickhouse' && chmod a+x ./clickhouse
After trying to execute sudo ./clickhouse install it will complain with the following message:
Copying ClickHouse binary to /usr/bin/clickhouse.new
Code: 76. DB::ErrnoException: Cannot open file /usr/bin/clickhouse.new, errno: 1, strerror: Operation not permitted. (CANNOT_OPEN_FILE) (version 21.10.1.7886 (official build))
Why is it failing even if I sudo the command? Are there any other commands required before trying to install ClickHouse?
/usr/bin is protected by Apple's SIP (System Integrity Protection) mechanism. You can install clickhouse into specific (not protected) directory by passing --binary-path flag. This way you won't have to disable SIP.
For example, on MacOS you can install into /usr/local/bin, which is not protected, by using this command: sudo ./clickhouse install --binary-path /usr/local/bin/.
This is a rootless (SIP) mechanism that Apple has added to the new version of the system. The basic purpose of SIP is to prevent programs from obtaining root privileges and modifying several key system directories. It can indeed play a certain protective role.
The main directories to be protected are:
/System
/usr
/bin
/sbin and preinstalled apps
Close the SIp in the kernel:
Restart the computer and press command+R until the Apple logo appears. At this time, you will enter Recovery Mode.
After selecting a language, enter recovery mode, find Utilities in the above menu, and find Terminal in it;
Open the terminal and enter the following command to close SIP;
You can bypass the problem by installing ClickHouse this way here: https://clickhouse.com/docs/en/quick-start/#1-start-clickhouse.
Try to use docker to install clickhouse server/client.
docker pull yandex/clickhouse-server
docker pull yandex/clickhouse-client
docker run -it --rm --link some-clickhouse-server:clickhouse-server yandex/clickhouse-client --host clickhouse-server
I am using MacOS Catelina and i often have to run my terminal stuff with sudo otherwise they fail. like when i use Visual Studio and IONIC to add stuff to global or when it tries to create dir etc.
Is there a way to change the logged in user to run elevated commands in terminal without sudo ?
You either continue using sudo or switch current user to root (it's not a recommended way)
The user account named ”root” is a superuser with read and write
privileges to more areas of the system, including files in other macOS
user accounts. The root user is disabled by default. If you can log in
to your Mac with an administrator account, you can enable the root
user, then log in as the root user to complete your task.
The root user account is not intended for routine use. Its privileges
allow changes to files that are required by your Mac. To undo such
changes, you might need to reinstall your system software. You should
disable the root user after completing your task.
It's safer to use the sudo command in Terminal instead of enabling the
root user. To learn about sudo, open the Terminal app and enter man
sudo.
Taken from https://support.apple.com/en-us/HT204012
I am trying to copy some files from a path to my libs path (/usr/lib), I am trying with sudo cp {my file}/usr/lib/
bit I got this error.
/usr/lib/{my_file} Read-only file system
I have validated and indeed System Integrity Protection is disabled (SIP) I am using macOs Catalina 10.15.4
I Hope you can help me thanks.
You just should try with
sudo mount -uw /
it should work
I just recently joined stack overflow so I am not able to up-vote the above answer. Using sudo mount -uw / definitely works. In my case I needed to add a small script to /sbin to overcome an issue with VMware Tools. Starting with macOS Catalina, disabling SIP and then executing this command as root was the answer.
I'm also new to stack exchange, but want to add that
"sudo mount -uw /" worked. Thank you #Juanse
In my case, was suffering from the problem of Kernel_Task using more than 500% of CPU on my Mid-2012 15 MacBookPro aka (MacBookPro9,1 ) with quad-code Intel Core i7.
After multiple solutions did not work, I went on to try a solution posted at: https://discussions.apple.com/thread/8461404?answerId=33657338022#33657338022
Which instructed me to:
Reboot into recovery mode.
Select Utilities/Terminal, csrutil disable , reboot.
cd:
/System/Library/Extensions/IOPlatformPluginFamily.kext/Contents/PlugIns/X86PlatformPlugin.kext/Contents/Resources
move or delete a file based on my version of Mac as listed in the thread. For my MacBookPro9,1 the file 4B7AC7E43945597E.plist
Reboot into recovery mode
Select Utilities/Terminal, csrutil enable , reboot.
The problem with the solution, is that when I tried to "mv 4B7AC7E43945597E.plist ~", or even "sudo mv 4B7AC7E43945597E.plist ~", I got a read-only file system message. Running "sudo mount -uw /" made the file system writeable. Note that the steps of booting into recovery mode and disabling / enabling csrutil turned off, and then back on the apple System Integrity Protection (SIP), which is necessary if you wish to change certain key system or configuration files.
I wanted to try Moodle (LMS) on my computer. It requires intl extension.
I used sudo port install php71-intl and successfully installed php71-intl. But it also installed php71 and other dependencies on /opt/local/.
I am using Mac built-in php. Its directories are
/usr/lib/php/extensions/no-debug-non-zts-20160303
/usr/bin/php
I intended to copy the /opt/local/lib/php71/extensions/no-debug-non-zts-20160303/intl.so to /usr/lib/php/extensions/no-debug-non-zts-20160303. But terminal said Operation not permitted.
I tried sudo pecl install intl but failed with make error.
This method sudo port install php71-intl can install the intl.so successfully but in its own direcotry.
So how I can copy the intl.so? Thank you!
You have to disable SIP to do that. First, restart your Mac and before OS starts up, hold down Command-R and keep it held down until you see an Apple icon and a progress bar. Release. This boots you into Recovery. From the Utilities menu, select Terminal and at the prompt type exactly the following and then press Return: csrutil disable
Terminal should display a message that SIP was disabled. From the menu, select Restart. You can re-enable SIP by following the above steps, but using csrutil enable instead.
Find this file "environment.xml" and comment all lines that have "intl" and reload the page. Continue button appears and installation completes without any error. My instance started working like charm, I use it to test out and create courses with SCORM packages, no errors yet.
environment.xml file is located in "admin" folder of moodle directory
I'm new to using OSX (using El Capitan 10.11.3) and while trying to change permissions on a file using sudo, I accidentally corrupted it. Now whenever, I try to use sudo to install anything globally, I'm getting the following error message.
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
Is there any way to solve it?
I'm also unable to even view the /etc folder
bash: cd: /etc: Permission denied
When I checked permissions on /etc folder, they are as follows
lrwxr-xr-x# 1 root wheel etc -> private/etc
I had the same issue and in my case the permissions of the root folder got corrupted. What people overlook is that / is in fact also a real, normal directory and just like every directory it has ownership and permissions. Ownership should be root:wheel and permission should be 755 (that's rwxr-xr-x).
The easiest way to restore both was starting Script Editor and then typing and running that script:
do shell script "/usr/sbin/chown root:wheel /" with administrator privileges
do shell script "/bin/chmod 755 /" with administrator privileges
You are prompted for amdin password and then chown and chmod come to the rescue. After that sudo was working again.
Disable System Integrity Protection (rootless)
Reboot the Mac and hold down Command + R keys simultaneously after you hear the startup chime, this will boot OS X into Recovery Mode
When the “OS X Utilities” screen appears, pull down the ‘Utilities’ menu at the top of the screen instead, and choose “Terminal”
Type the following command into the terminal then hit return:
csrutil disable; reboot
You’ll see a message saying that System Integrity Protection has been disabled and the Mac needs to restart for changes to take effect, and the Mac will then reboot itself automatically, just let it boot up as normal