User profile for user: nik7d
nik7d Author
User level: Level 1
4 points

csrutil disable isn't working on my Macbook (encrypted file system)

Hi there,


I'm desperately trying to use the EVE-NG software and thus Telnet. The Telnet program has installed itself into /usr/local/bin but EVE-NG doesn't look there when trying to open a Telnet session (only /usr/bin). I've tried the widely recommended addition of a soft link between /usr/local/bin/telnet and /usr/bin but when I run csrutil in the Recovery OS it doesn't work.


I'm working with an encrypted file system - is that why?


When I log back into the Mac after a reload I am not able to try sudo mount -uw / as it fails with error 66.


Any advice would REALLY be appreciated.


Many thanks.



Nikki

Posted on Oct 8, 2021 7:38 AM

Reply
Question marked as Top-ranking reply
User profile for user: Encryptor5000
Encryptor5000
User level: Level 5
7,662 points

Posted on Oct 8, 2021 10:33 AM

Hi Nikki,


FileVault (or using an encrypted file system) is not preventing you from what you're trying to accomplish. Also, as recommended by ku4hx, installing telnet via Homebrew is a better solution that doesn't require any extra tinkering.


There's two factors stopping you from softlinking : System Integrity Protection (csrutil), and the System + Data volume group setup.


In macOS Catalina (10.15) and later, your Mac has two volumes: a read-only system volume (/), and a data volume (/System/Volumes/Data) to hold all of your files and other data. These two volumes are linked together at certain directories (folders) using firmlinks.


A good example of a firmlinked folder is the Applications folder. There is a firmlink between /System/Applications on the system volume and the Applications folder on the data volume, which makes it look like all of the preinstalled apps and your third-party apps reside in the same folder. (In reality, they do not.)


For more info about firmlinks, please see this article from Howard Oakley: https://eclecticlight.co/2021/01/13/big-sur-boot-volume-layout/


In macOS Big Sur (11), Apple "improved" the system volume. Instead of starting up from the live system volume, your Mac starts up from a sealed snapshot of the system volume. Snapshots are read-only in nature and cannot be modified at all (mounting the root (/) as read-write will fail). Mounting the live system volume and modifying that does no good, because your Mac always starts up from the sealed snapshot.


In regards to System Integrity Protection (SIP), it guards some areas on the data volume (such as /usr) and marks them as read-only. Disabling SIP would allow you to write to those areas on the data volume. (The entire system volume remains read-only.) That said, SIP serves to protect your Mac, and shouldn't be disabled unless absolutely necessary.


If you absolutely must do so, you can temporarily disable System Integrity Protection in macOS Recovery by running "csrutil disable". On a Mac with Apple silicon, this will severely downgrade the boot security (to Permissive Security) and require your admin password. Once done, restart your Mac.


Once SIP is disabled, to make the soft link, try adding "/System/Volumes/Data" at the beginning of each path to explicitly specify the writable Data volume. This prevents any possibility of something trying to write to the read-only System volume.


When done, be sure to enable System Integrity Protection in macOS Recovery by running "csrutil enable". On a Mac with Apple silicon, this may permit you to set the boot security back to the safest setting, Full Security.

View in context

Similar questions

2 replies
Question marked as Top-ranking reply
User profile for user: Encryptor5000
Encryptor5000
User level: Level 5
7,662 points

Oct 8, 2021 10:33 AM in response to nik7d

Hi Nikki,


FileVault (or using an encrypted file system) is not preventing you from what you're trying to accomplish. Also, as recommended by ku4hx, installing telnet via Homebrew is a better solution that doesn't require any extra tinkering.


There's two factors stopping you from softlinking : System Integrity Protection (csrutil), and the System + Data volume group setup.


In macOS Catalina (10.15) and later, your Mac has two volumes: a read-only system volume (/), and a data volume (/System/Volumes/Data) to hold all of your files and other data. These two volumes are linked together at certain directories (folders) using firmlinks.


A good example of a firmlinked folder is the Applications folder. There is a firmlink between /System/Applications on the system volume and the Applications folder on the data volume, which makes it look like all of the preinstalled apps and your third-party apps reside in the same folder. (In reality, they do not.)


For more info about firmlinks, please see this article from Howard Oakley: https://eclecticlight.co/2021/01/13/big-sur-boot-volume-layout/


In macOS Big Sur (11), Apple "improved" the system volume. Instead of starting up from the live system volume, your Mac starts up from a sealed snapshot of the system volume. Snapshots are read-only in nature and cannot be modified at all (mounting the root (/) as read-write will fail). Mounting the live system volume and modifying that does no good, because your Mac always starts up from the sealed snapshot.


In regards to System Integrity Protection (SIP), it guards some areas on the data volume (such as /usr) and marks them as read-only. Disabling SIP would allow you to write to those areas on the data volume. (The entire system volume remains read-only.) That said, SIP serves to protect your Mac, and shouldn't be disabled unless absolutely necessary.


If you absolutely must do so, you can temporarily disable System Integrity Protection in macOS Recovery by running "csrutil disable". On a Mac with Apple silicon, this will severely downgrade the boot security (to Permissive Security) and require your admin password. Once done, restart your Mac.


Once SIP is disabled, to make the soft link, try adding "/System/Volumes/Data" at the beginning of each path to explicitly specify the writable Data volume. This prevents any possibility of something trying to write to the read-only System volume.


When done, be sure to enable System Integrity Protection in macOS Recovery by running "csrutil enable". On a Mac with Apple silicon, this may permit you to set the boot security back to the safest setting, Full Security.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

csrutil disable isn't working on my Macbook (encrypted file system)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up