User profile for user: Nicholascronan
Nicholascronan Author
User level: Level 1
18 points

Is mounting the system drive as read-only tested and safe?

Now before I get into this, listen. I know what I'm doing! So don't just post "disabling SIP might result in unintentional modofication of important files" or anything like that!


I am on MacOS Catalina and am trying to modify system files. Apple has made this very difficult because simply disabling SIP through csrutil disable in Recovery Mode isn't enough-the system volume is read-only. I've found a fix mentioned on at least 2 different sites, but one says "Warning: I have not tested this much, and make no promises at all about what the consequences will be (including both immediate consequences, and what happens the next time an OS update changes things). Do you have any important files on this Mac? Do you have a good backup? Do you feel lucky?" and I don't have a backup nor feel lucky. But I've ALWAYS wanted to modify system files, and now seeing a fix-I'm in a tight spot.


Here is what it says to do: To make changes to the normally-read-only volume, you need to both disable SIP's filesystem protection and also re-mount the volume with read access:

  1. Restart in Recovery mode (Command-R at startup), open Terminal (from the Utilities menu), and disable SIP filesystem protection with:
csrutil enable --without fs
  1. Restart normally, open Terminal, and remount the root volume for read access:
sudo mount -uw /

At this point, you should be able to make changes everywhere (subject to normal filesystem protections) up until the next restart. Disabling SIP's filesystem protection survives restarts, but remounting with write access does not. If you want everything to be writable after restarting, you'll have to repeat the sudo mount command after each restart. What I'd recommend, though, is locking everything back down as soon as you've made the necessary changes. To do this, restart in Recovery mode, run csrutil enable, then restart again normally."


Is this safe?

Note: Will csrutil enable ---without fs be enough or will I need full-blown csrutil disable?

MacBook

Posted on Jan 23, 2021 5:15 AM

Reply

Similar questions

3 replies
User profile for user: leroydouglas
leroydouglas
User level: Level 10
200,980 points

Jan 23, 2021 5:40 AM in response to Nicholascronan

Nicholascronan wrote:

Now before I get into this, listen. I know what I'm doing! So don't just post "disabling SIP might result in unintentional modofication of important files" or anything like that!

I am on MacOS Catalina and am trying to modify system files.


You can read more here—

About the read-only system volume in macOS Catalina - Apple ...



Any discussion about disabling SIP seem to get deleted by the moderators here...

Reply
User profile for user: HWTech
HWTech
Community+ 2026
User level: Level 9
71,510 points

Jan 23, 2021 6:19 PM in response to Nicholascronan

Please do not create multiple threads for the exact same topic! It is very rude as it wastes the time of forum contributors who are just regular users such as yourself who are volunteering their time to assist other users. It causes a lot of confusion and it can split the contributors' focus and assistance where information is often duplicated by other contributors.


Here is the duplicate thread:

https://discussions.apple.com/thread/252349506


It is fine to learn about how macOS works. If that is your intent, then just experiment as you see fit until you understand how macOS operates. I can tell you that very few people really understand how macOS operates at a deeper level especially with more recent versions of macOS where Apple has made significant changes revolving around system security. Apple likes their secrets and most users will have no clue about the lower level aspects of system security. If you do a search online you will most likely find only a few forum posts or blogs about very basic aspects of macOS system security. I know since I have searched online to try to understand & resolve various macOS issues. I end up either experimenting to get a better understanding or I just give up as it is not important enough to waste my time on it since tomorrow Apple may make an undocumented change which makes everything I learned and thought I knew obsolete. If you are not willing to experiment on your own or if you have to ask "Is this Safe", then you should not be doing what you are doing. Period.


Doing anything without a backup is foolish unless there is no important data on the drive. Just make sure to prepare for how you will perform a clean install of macOS if you end up with a system that won't boot. It may be more difficult than you realize.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Is mounting the system drive as read-only tested and safe?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up