问题
I am trying to move something to /usr/bin on OS X El Capitan. I have disabled rootless using the following commands: sudo nvram boot-args="rootless=0"; sudo reboot, but I keep getting the same error:
MacBook-Air:~ Mark$ sudo cp class-dump /usr/bin
Password:
cp: /usr/bin/class-dump: Operation not permitted
MacBook-Air:~ Mark$ sudo mv class-dump /usr/bin
mv: rename class-dump to /usr/bin/class-dump: Operation not permitted
回答1:
Nvm. For anyone else having this problem you need to reboot your mac and press ⌘+R when booting up. Then go into Utilities > Terminal and type the following commands:
csrutil disable
reboot
This is a result of System Integrity Protection. More info here.
EDIT
If you know what you are doing and are used to running Linux, you should use the above solution as many of the SIP restrictions are a complete pain in the ass.
However, if you are a tinkerer/noob/"poweruser" and don't know what you are doing, this can be very dangerous and you are better off using the answer below.
回答2:
Correct solution is to copy or install to /usr/local/bin not /usr/bin.This is due to System Integrity Protection (SIP). SIP makes /usr/bin read-only but leaves /usr/local as read-write.
SIP should not be disabled as stated in the answer above because it adds another layer of protection against malware gaining root access. Here is a complete explanation of what SIP does and why it is useful.
As suggested in this answer one should not disable SIP (rootless mode) "It is not recommended to disable rootless mode! The best practice is to install custom stuff to "/usr/local" only."
回答3:
If you want to take control of /usr/bin/
You will need to reboot your system:
Right after the boot sound, Hold down Command-R to boot into the Recovery System
Click the Utilities menu and select Terminal
Type csrutil disable and press return
Click the menu and select Restart
Once you have committed your changes, make sure to re-enable SIP! It does a lot to protect your system. (Same steps as above except type: csrutil enable)
回答4:
If after calling "csrutil disabled" still your command does not work, try with "sudo" in terminal, for example:
sudo mv geckodriver /usr/local/bin
And it should work.
来源:https://stackoverflow.com/questions/32659348/operation-not-permitted-when-on-root-el-capitan-rootless-disabled