发表新帖
发表新帖

“restricted” folder/files in OS X El Capitan

后端 未结
关注
7 1199
刺人心
刺人心 2020-11-28 21:00

After upgrading from OS X Yosemite to OS X El Capitan Developer Preview, I tried to edit /System/Library/LaunchDaemons/ssh.plist to change the default SSH

相关标签:
7条回答
  • 广开言路
    2020-11-28 21:22

    I use carbon copy cloner to make clonable backups... and have several in rotation.

    According to mike at bombich "SIP only applies to the volume you're currently booted from, so [one can] boot from the backup volume to delete [files]".

    I did use johannes' answer (recovery drive, csrutil enable/disable), but that requires reboot —> recovery drive —> turn sip off —> reboot —> delete crap —> reboot —> recovery drive —> turn sip back on —> reboot ... four reboots.

    But booting from a clone and seeing the original drive as a secondary drive would allow you to delete problematic files in two reboots... yes?

    0 讨论(0)
  • 借酒劲吻你
    2020-11-28 21:25

    I would suggest you try adding whatever arguments you need to a plist in /Library/Preferences/. For example, in my case I needed to make a slight alteration to mDNSResponder to add the AlwaysAppendSearchDomains flag. As suggested by "bwells" on the Apple developer forums, I just had to do

    sudo launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo defaults write /Library/Preferences/com.apple.mDNSResponder.plist AlwaysAppendSearchDomains -bool YES
sudo launchctl load /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

    This is a much cleaner approach and persists across reboots and should also survive an upgrade (at least during the betas my manual changes after disabling SIP were overwritten). Note, as far as I know this is new to El Capitan.

    0 讨论(0)
  • 醉酒成梦
    2020-11-28 21:37

    You can "by pass" the SIP protection by modifying permissions on file via Finder app for the system group.

    modifying permissions

    It worked fine for me even after reboot, i'm running

    ProductName: Mac OS X ProductVersion: 10.11 BuildVersion: 15A284

    0 讨论(0)
  • 栀梦
    2020-11-28 21:39

    You can also temporarily disable SIP the following way

    1. reboot
    2. as soon as you hear the "Mac sound" on the grey screen, press Cmd+R to enter Recovery mode
    3. Open Utilities->Terminal
    4. Run the command csrutil disable
    5. Reboot, you'll land in the normal OS with SIP disabled
    6. do all the changes you'd like to do
    7. Reboot again
    8. as soon as you hear the "Mac sound" on the grey screen, press Cmd+R to enter Recovery mode
    9. Enable SIP with csrutil enable
    10. Reboot again
    11. done
    0 讨论(0)
  • 再見小時候
    2020-11-28 21:40

    Until 10.11 unprotects certain files in /System/Library or allows you to do it yourself, the only way without disabling SIP would be to make a different service by coping the file somewhere else, like:

    sudo cp /System/Library/LaunchDaemons/ssh.plist /Library/LaunchDaemons/ssh.plist

    And then instead of using the Sharing panel in System Preferences, you would manage the service yourself:

    sudo launchctl unload /Library/LaunchDaemons/ssh.plist
sudo launchctl load -w /Library/LaunchDaemons/ssh.plist
    0 讨论(0)
  • 抹茶落季
    2020-11-28 21:46

    You can also leave SIP enabled while disabling the filesystem management. Reboot in recovery mode and run:

    csrutil enable --without fs

    This will allow you to change permissions as needed.

    0 讨论(0)
 看不清?
提交回复
热议问题