2

I have trouble writing files with sudo to /Library under OSX v10.11.3. It seems the folder is affected by SIP. Which folders fall under SIP?

Bruno
  • 127

1 Answers1

4

See Apple's About System Integrity Protection on your Mac:

Paths and applications protected by System Integrity Protection include:

  • /System
  • /usr
  • /bin
  • /sbin
  • Apps that are pre-installed with OS X

Paths and applications that third-party apps and installers can write to include:

  • /Applications
  • /Library
  • /usr/local

System Integrity Protection is designed to allow modifications of these protected parts only by processes that are signed by Apple and have special entitlements to write to system files, like Apple software updates and Apple installers.

Community
  • 1
Arjan
  • 31,163
  • So SIP still blocks access to /Library if the process is not signed by Apple. This is what I was confused about. Thanks! – Bruno Mar 10 '16 at 23:18
  • 5
    @Bruno: No, /Library is not on the protected list, it's on the list of areas that can be modified by normally. I'm not sure what's preventing you from writing into /Library, but it shouldn't be SIP. BTW, you can check for SIP restrictions with the command ls -lO -- items protected by SIP will show the "restricted" flag. – Gordon Davisson Mar 13 '16 at 20:38
  • That is odd, as with SIP off the problem of writing to that folder disappears. – Bruno Mar 14 '16 at 23:33
  • @Bruno, I can indeed write to /Applications with SIP active, at least using Terminal and Sublime Text (not installed through the app store), with and without using sudo. Are you trying to write to a subfolder of an Apple-signed program? – Arjan Mar 15 '16 at 06:41