MacOS – get “Operation Not Permitted” when I try (as root) to delete a file that does not have the `restricted` flag set

macossip

I know about SIP, so when I could not delete a file as root from a Mac running El Capitan, I checked for a restricted flag using ls -lOd and saw that the file had no flags. So why is it that I still cannot delete it? The ls command also ruled out the uchg and schg flags and I'm doing this as root so I don't need to worry about chown.

Best Answer

Turns out that in addition to the restricted flag, SIP protection can be invoked on a file by giving it the com.apple.rootless attribute. Attributes are not shown by ls -lOd, you need ls -l@d to see them. (Strictly speaking, the d option is not necessary, it is there so that when you do ls on a directory, you only get information about the directory itself without also getting info on everything in the directory.)

Much more information on this is available here.

Best Answer

Related Solutions

MacOS – Why can’t I change a restricted System file after doing csrutil disable

MacOS – OS X El Capitan – “package is not compatible” error

Related Question