User profile for user: Nicholascronan
Nicholascronan Author
User level: Level 1
19 points

Is disabling SIP and then sudo mount -uw / tested/safe?

Now before I get into this, listen. I know what I'm doing! So don't just post "disabling SIP might result in unintentional modofication of important files" or anything like that!


I am on MacOS Catalina and am trying to modify system files. Apple has made this very difficult because simply disabling SIP through csrutil disable in Recovery Mode isn't enough-the system volume is read-only. I've found a fix mentioned on at least 2 different sites, but one says "Warning: I have not tested this much, and make no promises at all about what the consequences will be (including both immediate consequences, and what happens the next time an OS update changes things). Do you have any important files on this Mac? Do you have a good backup? Do you feel lucky?" and I don't have a backup nor feel lucky. But I've ALWAYS wanted to modify system files, and now seeing a fix-I'm in a tight spot.


Here is what it says to do: To make changes to the normally-read-only volume, you need to both disable SIP's filesystem protection and also re-mount the volume with read access:

  1. Restart in Recovery mode (Command-R at startup), open Terminal (from the Utilities menu), and disable SIP filesystem protection with:
csrutil enable --without fs
  1. Restart normally, open Terminal, and remount the root volume for read access:
sudo mount -uw /

At this point, you should be able to make changes everywhere (subject to normal filesystem protections) up until the next restart. Disabling SIP's filesystem protection survives restarts, but remounting with write access does not. If you want everything to be writable after restarting, you'll have to repeat the sudo mount command after each restart. What I'd recommend, though, is locking everything back down as soon as you've made the necessary changes. To do this, restart in Recovery mode, run csrutil enable, then restart again normally."


Is this safe?

Note: Will csrutil enable ---without fs be enough or will I need full-blown csrutil disable?

MacBook Air

Posted on Jan 22, 2021 9:39 AM

Reply

Similar questions

7 replies
User profile for user: HWTech
HWTech
Community+ 2026
User level: Level 9
72,926 points

Jan 25, 2021 9:56 PM in response to Nicholascronan

I agree with @Barney-15E, but would like to add that Apple does place certain system configuration files onto a writeable volume. This is how Apple, third party developers and users can modify configurations without needing to disable system security. I don't have any more specific details since I just noticed this a while ago as I was looking at the various mounted macOS volumes. This is rarely mentioned online although you will find some information if you search.


Almost everything I know has come from me searching online in order to resolve an issue which many times leads me to more information I'm interested in. To a lesser extent I have examined the system and read the macOS documentation included with the command line tools & utilities. This can be difficult for macOS since there isn't a whole lot of easy to find quality information available.


It is easiest to learn about the low level stuff when you have a specific task you are trying to achieve since you need to know what to search for. If you are trying to learn and understand *nix (Unix, Linux, and BSDs) in general, then I would instead recommend installing Linux into a Virtual Machine since there is a lot more information online for Linux and you minimize the risk to macOS. Linux and FreeBSD have a lot of similarities at an extremely low level including directory layout & structure and they use a lot of the same low level tools & utilities as macOS (although generally much newer and more advanced). Of course there are a lot of differences as well, but the basics are a good way to get started since there is more information easily available. Once you have a good understanding of the core basics of *nix, then it will help you better understand macOS as you identify the differences. Personally I don't know if I would ever have understood some low level macOS items if I did not already understand Linux.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Is disabling SIP and then sudo mount -uw / tested/safe?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up