Why do I get "Operation Not Permitted" when I try (as root) to delete a file that does not have the `restricted` flag set

macos sip

I know about SIP, so when I could not delete a file as root from a Mac running El Capitan, I checked for a restricted flag using ls -lOd and saw that the file had no flags. So why is it that I still cannot delete it? The ls command also ruled out the uchg and schg flags and I'm doing this as root so I don't need to worry about chown.


Solution 1:

Turns out that in addition to the restricted flag, SIP protection can be invoked on a file by giving it the com.apple.rootless attribute. Attributes are not shown by ls -lOd, you need ls -l@d to see them. (Strictly speaking, the d option is not necessary, it is there so that when you do ls on a directory, you only get information about the directory itself without also getting info on everything in the directory.)

Much more information on this is available here.

Related

How to restore messages when Messages in iCloud is enabled?
How can I remove cmd+shift+left/right shortcut in Finder?
Does an iPhone battery drain faster in cold?
Need to get legacy version of an iOS app
Moving SSD harddrive to another Mac
How do I get readable system information at the command line?
How to update shell programs
Typing on my iPhone: how to change input method when typing from an external Bluetooth keyboard
How to type ə (the schwa character) on macOS?
Does this mean my fusion drive has split?
A lot of mysterious executable files inside /Users/Shared
How do I decode the contents of Apple System Logs in /var/log/DiagnosticMessages (using the command line)