I am trying to move something to /usr/bin on OS X El Capitan. I have disabled rootless using the following commands: sudo nvram boot-args="rootless=0"; sudo reboot, but I keep getting the same error:
MacBook-Air:~ Mark$ sudo cp class-dump /usr/bin
Password:
cp: /usr/bin/class-dump: Operation not permitted
MacBook-Air:~ Mark$ sudo mv class-dump /usr/bin
mv: rename class-dump to /usr/bin/class-dump: Operation not permitted
Nvm. For anyone else having this problem you need to reboot your mac and press ⌘+R when booting up. Then go into Utilities > Terminal and type the following commands:
csrutil disable
reboot
This is a result of System Integrity Protection. More info here.
EDIT
If you know what you are doing and are used to running Linux, you should use the above solution as many of the SIP restrictions are a complete pain in the ass.
However, if you are a tinkerer/noob/"poweruser" and don't know what you are doing, this can be very dangerous and you are better off using the answer below.
csrutil enable; reboot. The command does not work in the normal mode unfortunately.
Commented
Jan 27, 2016 at 20:47
csrutil: failed to modify system integrity configuration. This tool needs to be executed from the Recovery OS.
Correct solution is to copy or install to /usr/local/bin not /usr/bin.This is due to System Integrity Protection (SIP). SIP makes /usr/bin read-only but leaves /usr/local as read-write.
SIP should not be disabled as stated in the answer above because it adds another layer of protection against malware gaining root access. Here is a complete explanation of what SIP does and why it is useful.
As suggested in this answer one should not disable SIP (rootless mode) "It is not recommended to disable rootless mode! The best practice is to install custom stuff to "/usr/local" only."
java to /usr/local/bin/java in my bashrc aliases, after I made the appropriate link in that folder as this answer suggests.
Commented
Feb 15, 2017 at 21:59
rm anything in /usr/bin/? I understand SIP has its purpose, but want to remove one specific executable.
Commented
Feb 16, 2018 at 1:11
/usr/local/bin in my path and openssl 1.0.2n is correctly symlinked to /usr/local/bin/openssl but every time I do which openssl it still shows the /usr/bin/openssl which is the older OpenSSL 0.9.8zh 14 Jan 2016 version. How do I get my system to prefer the /usr/local/bin/openssl one over the other one?
Commented
Mar 8, 2018 at 4:45
If you want to take control of /usr/bin/
You will need to reboot your system:
Right after the boot sound, Hold down Command-R to boot into the Recovery System
Click the Utilities menu and select Terminal
Type csrutil disable and press return
Click the menu and select Restart
Once you have committed your changes, make sure to re-enable SIP! It does a lot to protect your system. (Same steps as above except type: csrutil enable)
Most probable reason is the system integrity protection (SIP) - csrutil is the command line utility. You need to disable it to view the directory.
csrutil status
csrutil disable
(then you will probably need to reboot).
To enable it (which should be turned back on when you are done):
csrutil enable
You just need to allow Terminal app to perform such modifications.
I've tried the following and it worked like a charm 😇: Pull down the Apple menu and choose ‘System Preferences’
Choose “Security & Privacy” control panel
Now select the “Privacy” tab, then from the left-side menu select “Full Disk Access”
Click the lock icon in the lower left corner of the preference panel and authenticate with an admin level login
Now click the [+] plus button to add Terminal application with full disk access,(App to fetch from Application folder).
.Trash", for others (like /usr/bin, the actual directory) you need to disable System Integrity Protection. So please, before you answer, read along the fine print.
Commented
Mar 9 at 0:51