Any workarounds for write access to / other than csrutil disable? That doesn't seem to work any more with the latest catalina update.
MacBook Pro 16″, macOS 10.15
No legitimate third party software should be installed in the root directory of a macOS startup disk.
I have a very simple use case. I deploy on a commercial infrastructure that by default hangs logs off / - probably a reasonable idea at the time because all systems - *nix and Windows - have a root. If you really need to lock off something that's fine but why the one directory that is universal between all systems.
Problem is that the root directory is shared, it's not just a 'startup' root. I don't disagree that any software shoul allow you to configure locations but just Google to see what a painful decision this has been for many people. At the end of the day this is my computer - if I need to access the root directory there has to be some mechanism provided to do so. Pop the startup over into it's own partition or mount and don't remove a previously accessible directory.
. At the end of the day this is my computer - if I need to access the root directory there has to be some mechanism provided to do so. Pop the startup over into it's own partition or mount and don't remove a previously accessible directory.
You should just run one of the Linux distros or Unix. You can have all the control you want.
Well this forces you to get a more secure use case, which you should have anyway.
ROFL that is the best answer. Still - severe impact on folks that actually need to access the root directory. There should be a vendor supported solution.
Problem is that the root directory is shared, ..
You're right. That's a problem. Protecting a startup disk's root directory solves that problem. You and anyone else sharing that Mac has access to anything that is not a startup volume, as well as /Users/Shared. That's where shared things go on Macs.
At the end of the day this is my computer -
Right again. It's not anyone else's either. They can use Shared. So can you. So can software designed to run on Macs.
At the end of the day Apple takes the blame for all the stupid things people do to "their" Macs, and their demographic is only growing stupider. That's the reason macOS had to become as secure as it is. Do you think I like that fact any more than you do?
The vendor in this case is the developer. It's up to them to make their products work on the target system, not the other way around. It's not even difficult to do it the right way. Apple gave us plenty of advance notice about those changes, and their developer website provides copious documentation.
Product security lies at the heart of everything Apple does. It's indelibly etched in their DNA. Asking them to reconsider that practice is a waste of time. Normally, I'd suggest submitting Feedback, but even the thought of it isn't worth the effort of posting the link to it. Devote your energy into doing things "the Apple way."
Nothing should ever be installed or stored on the root of a system drive. Blame the app developer for not adhering to standards.
*nix systems (Linux, macOS, BSDs, etc.) have a file system hierarchy already planned out for this. The apps should be utilizing this system:
https://unix.stackexchange.com/a/114480
Linux file system hierarchy (macOS is basically the same):
https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/usr.html
Even Windows has rules & guidelines for proper app installation where nothing should be on the root of the system drive.
Just because it can technically be done (installing or storing to the root of a system drive) doesn't mean it should be done.
Besides it is the user's responsibility to make sure all their third party apps are compatible with a new version of macOS before upgrading macOS.
Observation: if Catalina needs to be read only just put it somewhere other than root! There are any number of software packages that expect to hang off the root directory and you've disabled them all with one careless choice.
