An old bash script I have tested to see if a user was root
by seeing if /etc/passwd
was writeable. In MacOS High Sierra it returned true for root
, and false for anyone else. But in macOS Mojave the test returns false even for root
.
If I run that test [ -w File ]
on other files with the same permissions and ownership, such as /etc/hosts
, it correctly returns true for root
and false for anyone else in both Mojave and High Sierra. I see no special file flags or extended attributes on /etc/passwd
.
The script is no problem to fix, but I'd like to know how/why this test is different on that file vs other files and why this is in Mojave only. If this has to do with SIP, then I'd like to know how one can test to see if a file or directory is somehow protected by SIP.
Update: I found that disabling SIP made things work as expected, that is, for a root user the bash test "-w /etc/passwd" would be true. Enabled SIP again and all is working as expected. I don't know if I should delete this question, or leave it just in case someone runs into a similar problem. Doing an "ls -O /etc/passwd" does not show the file as restricted.
[[ -w /etc/passwd ]] && echo "yes"
returnyes
for the root user under both High Sierra and Mojave.yes
for me on Mojave, with running previouslysudo -i
orsudo bash
whoami; [[ -w /etc/passwd ]] && echo "yes"
leads toroot yes