Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Cannot Delete Key from System Keychain

I am having a bit of a problem deleting keys (any keys) from the System keychain on my iMac. Here's what happens:


  1. I go to Keychain Access and select System from the list of keychains.
  2. I unlock the keychain using my admin password (the icon changes from locked to unlocked).
  3. I left-click on the key that I want to delete and select Delete "The Key I want to delete"
  4. I get a box that says "Keychain Access is trying to modify the system keychain, Type your password to allow this." So I do.
  5. I get a box that says "Are you sure you want to delete "The Key I want to delete" from the System keychain?" I click 'Delete'
  6. I get a box that says "An error occurred while deleting "The Key I want to delete" UNIX[Operation not permitted]


I am not able to change any of the information in any of the System keys nor am I able to add new keys to the System keychain. My System keychain contains 20 items - all of which are either passwords to WiFis, passwords to Time Machines (which I want to delete), and one application password to the guest account. This being said, I would have no problem "resetting" the System keychain to default (empty) condition.


I also have a MacBook, which is not exhibiting this problem. That is to say that I can freely edit, delete and create keys in the System keychain. I followed the instructions here to backup the system keychain from my MacBook and install it on the iMac, but get an error saying "Operation not permitted".


Any ideas?


Thanks!

iMac (27-inch Mid 2010), OS X El Capitan (10.11.1)

Posted on

Reply
Question marked as Solved
Answer:
Answer:

Certain files have a property incorrectly set that will prevent them from being changed or deleted while the system is running. That property can only be removed in Recovery mode. If you don't feel that you can carry out this procedure yourself, please get someone more experienced to help you.

1. Back up all data. There are ways to back up a computer that isn't fully functional. Ask if you need guidance. Don't skip this step.

2. Disconnect all external storage devices.

3.Start up in Recovery mode. Select a language, if prompted. The OS X Utilities screen will appear.

4. This step is only necessary if you use FileVault 2. If you don't know what FileVault is, you're not using it. Go to the next step. Otherwise, launch Disk Utility, then select the icon of the FileVault volume ("Macintosh HD," unless you gave it a different name.) It will be nested below another drive icon. Click the Unlock button in the toolbar and enter your login password when prompted. Then quit Disk Utility to be returned to the main screen.

5. Select Get Help Online. Safari will launch. While in Recovery, you'll have no access to your bookmarks, but you won't need them. Load this web page.

6. Triple-click anywhere in the line below to select it:

chflags norestricted /V*/*/L*/Keyc*/*

Copy the selected text to the Clipboard by pressing the key combination command-C.

7. Quit Safari. From the menu bar, select

Utilities Terminal

The Terminal application will launch. Paste into the Terminal window by pressing the key combination command-V.

Wait for a new line ending in a dollar sign ($) to appear. Quit Terminal to be returned to the main screen.

8. Select

Restart

from the menu bar.

You should now be able to change or delete the file(s) in question.

Posted on

Page content loaded

Nov 29, 2015 11:47 AM in response to 9tenths In response to 9tenths

Please post a screenshot that shows which keychain you're trying to modify. Be careful not to include any private information.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Nov 29, 2015 11:47 AM

Reply Helpful

Nov 30, 2015 10:29 AM in response to 9tenths In response to 9tenths

This procedure is a diagnostic test. It makes no changes to your data.

Please triple-click anywhere in the line below on this page to select it:

ls -@Oaen /L*/Keyc* | pbcopy

Copy the selected text to the Clipboard by pressing the key combination command-C.

Launch the built-in Terminal application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

Paste into the Terminal window by pressing the key combination command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting.

Wait for a new line ending in a dollar sign ($) to appear below what you entered.

The output of the command will be automatically copied to the Clipboard. If the command produced no output, the Clipboard will be empty. Paste into a reply to this message.

The Terminal window doesn't show the output. Please don't copy anything from there.

Nov 30, 2015 10:29 AM

Reply Helpful (1)

Dec 1, 2015 5:55 AM in response to Linc Davis In response to Linc Davis

Here is the response:



total 304

drwxr-xr-x 7 0 0 - 238 Nov 29 08:26 .

drwxr-xr-x+ 61 0 0 sunlnk 2074 Oct 25 17:45 ..

0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

-r--r--r--@ 1 0 0 - 0 Oct 2 15:36 .fl043D1EDD

com.apple.quarantine 29

-r--r--r-- 1 0 0 - 0 Oct 2 15:36 .fl947E1BDB

-rw-r--r--@ 1 0 0 restricted 66640 Sep 13 10:51 System.keychain

com.apple.metadata:_kTimeMachineNewestSnapshot 50

com.apple.metadata:_kTimeMachineOldestSnapshot 50

-rw-r--r-- 1 0 0 - 33264 Oct 2 15:37 System.keychain-orig

-rw-r--r--@ 1 0 0 - 46184 Oct 18 16:23 apsd.keychain

com.apple.quarantine 29

Dec 1, 2015 5:55 AM

Reply Helpful
Question marked as Solved

Dec 1, 2015 7:48 AM in response to 9tenths In response to 9tenths

Certain files have a property incorrectly set that will prevent them from being changed or deleted while the system is running. That property can only be removed in Recovery mode. If you don't feel that you can carry out this procedure yourself, please get someone more experienced to help you.

1. Back up all data. There are ways to back up a computer that isn't fully functional. Ask if you need guidance. Don't skip this step.

2. Disconnect all external storage devices.

3.Start up in Recovery mode. Select a language, if prompted. The OS X Utilities screen will appear.

4. This step is only necessary if you use FileVault 2. If you don't know what FileVault is, you're not using it. Go to the next step. Otherwise, launch Disk Utility, then select the icon of the FileVault volume ("Macintosh HD," unless you gave it a different name.) It will be nested below another drive icon. Click the Unlock button in the toolbar and enter your login password when prompted. Then quit Disk Utility to be returned to the main screen.

5. Select Get Help Online. Safari will launch. While in Recovery, you'll have no access to your bookmarks, but you won't need them. Load this web page.

6. Triple-click anywhere in the line below to select it:

chflags norestricted /V*/*/L*/Keyc*/*

Copy the selected text to the Clipboard by pressing the key combination command-C.

7. Quit Safari. From the menu bar, select

Utilities Terminal

The Terminal application will launch. Paste into the Terminal window by pressing the key combination command-V.

Wait for a new line ending in a dollar sign ($) to appear. Quit Terminal to be returned to the main screen.

8. Select

Restart

from the menu bar.

You should now be able to change or delete the file(s) in question.

Dec 1, 2015 7:48 AM

Reply Helpful (5)

Dec 2, 2015 6:54 AM in response to Linc Davis In response to Linc Davis

This worked. Thank you Linc! A couple of questions for you:

  1. What may have caused the properties to be set incorrectly? Is there anything that should be done to prevent this from happening?
  2. What did the two commands accomplish?


Thanks again for your help - you saved me from a fresh install!

Dec 2, 2015 6:54 AM

Reply Helpful

Dec 2, 2015 7:29 AM in response to 9tenths In response to 9tenths

1. I don't know, but at some point you may have restored files from Time Machine by dragging them in the Finder rather than through the time-travel interface. I'm not sure whether there's a connection.


2. Identifying and removing the restrictive property.

Dec 2, 2015 7:29 AM

Reply Helpful (1)

Aug 7, 2016 11:39 AM in response to Linc Davis In response to Linc Davis

Hi Linc,


Would you be able to help me with the similar issue? The keys for my WiFi Keychain access won't delete. I get the UNIX[Operation not permitted] popup.


I've gotten this from your Terminal commands. Do I need different commands when in recovery mode?


total 24440

drwxr-xr-x 10 0 0 - 340 7 Aug 19:25 .

drwxr-xr-x+ 67 0 0 sunlnk 2278 23 Dec 2015 ..

0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

-r--r--r--@ 1 0 0 - 0 3 May 2015 .fl043D1EDD

com.apple.quarantine 29

-r--r--r-- 1 0 0 - 0 21 Dec 2015 .fl947E1BDB

-r--r--r-- 1 0 0 - 0 3 Jan 2013 .fl9F4D481B

-rw-r--r-- 1 0 80 restricted 86420 21 Dec 2015 System.keychain

-rw-r--r-- 1 0 0 - 20460 22 Dec 2012 System.keychain-orig

-rw-r--r-- 1 0 0 - 4941576 24 May 2013 applepushserviced.keychain

-rw-r--r--@ 1 0 0 - 54216 24 Dec 2015 apsd.keychain

com.apple.quarantine 29

-rw-r--r--@ 1 0 0 - 7399728 1 Sep 2015 apsd.keychain.sb-a810298f-g0OdUf

com.apple.quarantine 29


Any help would be greatly received!

Aug 7, 2016 11:39 AM

Reply Helpful

Sep 21, 2016 9:35 PM in response to JenGresham In response to JenGresham

After running into this issue for Time Machine, I was able to remove the system key by disabling System Integrity Protection.

Step 1: Backup your Mac then Boot in Recovery Mode

Step 2: From Terminal enter 'csrutil disable'

Step 3: Reboot normally and try deleting the Time Machine system key

Step 4: Boot in Recovery Mode and an enable csrutil by entering 'csrutil enable' in Terminal

Step 5: Reboot normally and try accessing your Time Machine (which should create new system key)

Sep 21, 2016 9:35 PM

Reply Helpful (1)

Oct 7, 2016 8:35 AM in response to Linc Davis In response to Linc Davis

I have a problem that I think may be similar. I am getting the error message:

Keychain error -25299 occurred while creating a System Keychain entry for the username “Nancy”

and URL “afp://Nancy@2%20Tb%20Time%20Capsule._afpovertcp._tcp.local./Data”.

You can try using the Keychain Access utility to edit the System Keychain.


I describe the background more fully at https://discussions.apple.com/thread/7683381?start=0&tstart=0


When I executed the command

ls -@Oaen /L*/Keyc* | pbcopy

the output was

total 384

drwxr-xr-x 9 0 0 - 306 Oct 7 10:53 .

drwxr-xr-x+ 65 0 0 sunlnk 2210 Sep 24 13:08 ..

0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

-r--r--r--@ 1 0 0 - 0 Mar 6 2015 .fl043D1EDD

com.apple.quarantine 29

-r--r--r-- 1 0 0 - 0 Oct 29 2014 .fl947E1BDB

-r--r--r-- 1 0 0 - 0 Sep 21 2012 .fl9F4D481B

-rw-r--r-- 1 0 0 - 56760 Sep 25 15:21 System.keychain

-rw-r--r-- 1 0 0 - 44220 Mar 6 2009 System.keychain-orig

-rw-r--r-- 1 0 0 - 29388 Sep 21 2012 applepushserviced.keychain

-rw-r--r--@ 1 0 0 - 57560 Oct 6 13:09 apsd.keychain

com.apple.quarantine 29

What do you suggest?

Oct 7, 2016 8:35 AM

Reply Helpful

Nov 15, 2016 4:38 PM in response to Linc Davis In response to Linc Davis

I tried the chflags norestricted /V*/*/L*/Keyc*/* from the recovery partition, and despite everything seemingly going smoothly, I am still presented with "UNIX[Operation not permitted]" when I attempt to delete a veriSign certificate controlling access to one of my email accounts


a few hours ago, the Mail app suddenly declared that particular certificate untrustworthy, all attempts to remove the offending certificate have been futile.

Nov 15, 2016 4:38 PM

Reply Helpful

Mar 29, 2017 10:29 AM in response to 9tenths In response to 9tenths

Stumbled across this thread because I was unable to read or save any VPN credentials or delete existing ones. I highly suspect the root cause was migrating data from an older Mac's time machine backup.


The recommended solution did not work for me (on 10.12.3 or 10.12.4). Instead, disabling system integrity protection (SIP) temporarily allowed me to once again modify the system keychain.


To disable SIP, restart in recovery mode and use Terminal to run:

csrutil disable


Restart into your regular boot drive and make the keychain changes.


To re-enable SIP, restart in recovery mode and use Terminal to run:

csrutil enable


After restarting back to my main partition, I was still able to modify the keychain and the issue was completely gone.

Mar 29, 2017 10:29 AM

Reply Helpful (3)
User profile for user: 9tenths

Question: Cannot Delete Key from System Keychain