Disabled SIP, but still can't make changes? [duplicate]
Catalina introduced a new feature that overlaps and reinforces the filesystem protections that SIP provides. What it does is split the files between two volumes: a system volume containing Apple-provided system files, and a "data" volume containing all non-Apple and modifiable files. The system volume is mounted read-only as / (the root filesystem), and the data volume is mounted with read-write access as /System/Volumes/Data. There are also "firmlinks" that merge the content from the data volume in where it "belongs" (e.g. /System/Volumes/Data/Users shows up in /Users). If you change something in a firmlinked directory, the changes are stored on the data volume. If you try to change something in a non-firmlinked directory, it'll fail because it's on a read-only volume (even if SIP is completely disabled).
For more details, see the Ars Technica review of Catalina, the WWDC2019 sesson "What's New in Apple File Systems", and a filesystem map from the Eclectic Light Company.
If you really need to make changes in the content on the read-only system volume, it is possible, but I'd recommend against it if there's an alternative. Most of the things you normally want to change/add/etc can be done from modifiable parts of the filesystem (e.g. using /usr/local
instead of /usr
). So the rest of this comes with a warning.
Warning: I have not tested this much, and make no promises at all about what the consequences will be (including both immediate consequences, and what happens the next time an OS update changes things). Do you have any important files on this Mac? Do you have a good backup? Do you feel lucky?
[Update: In Big Sur, the system volume is not just read-only, but also signed, so changing it is even more difficult. See "Mount root as writable in Big Sur" for more info.]
To make changes to the normally-read-only volume, you need to both disable SIP's filesystem protection and also re-mount the volume with read access:
-
Restart in Recovery mode (Command-R at startup), open Terminal (from the Utilities menu), and disable SIP filesystem protection with:
csrutil enable --without fs
-
Restart normally, open Terminal, and remount the root volume for read access:
sudo mount -uw /
At this point, you should be able to make changes everywhere (subject to normal filesystem protections) up until the next restart. Disabling SIP's filesystem protection survives restarts, but remounting with write access does not. If you want everything to be writable after restarting, you'll have to repeat the sudo mount
command after each restart. What I'd recommend, though, is locking everything back down as soon as you've made the necessary changes. To do this, restart in Recovery mode, run csrutil enable
, then restart again normally.
Try on normal desktop with sudo mount -uw /
it works until restart.