9tenths

Q: Cannot Delete Key from System Keychain

I am having a bit of a problem deleting keys (any keys) from the System keychain on my iMac. Here's what happens:

 

  1. I go to Keychain Access and select System from the list of keychains.
  2. I unlock the keychain using my admin password (the icon changes from locked to unlocked).
  3. I left-click on the key that I want to delete and select Delete "The Key I want to delete"
  4. I get a box that says "Keychain Access is trying to modify the system keychain, Type your password to allow this." So I do.
  5. I get a box that says "Are you sure you want to delete "The Key I want to delete" from the System keychain?" I click 'Delete'
  6. I get a box that says "An error occurred while deleting "The Key I want to delete" UNIX[Operation not permitted]

 

I am not able to change any of the information in any of the System keys nor am I able to add new keys to the System keychain. My System keychain contains 20 items - all of which are either passwords to WiFis, passwords to Time Machines (which I want to delete), and one application password to the guest account. This being said, I would have no problem "resetting" the System keychain to default (empty) condition.

 

I also have a MacBook, which is not exhibiting this problem. That is to say that I can freely edit, delete and create keys in the System keychain. I followed the instructions here to backup the system keychain from my MacBook and install it on the iMac, but get an error saying "Operation not permitted".

 

Any ideas?

 

Thanks!

iMac (27-inch Mid 2010), OS X El Capitan (10.11.1)

Posted on Nov 29, 2015 8:40 AM

Close

Q: Cannot Delete Key from System Keychain

  • All replies
  • Helpful answers

  • by Linc Davis,

    Linc Davis Linc Davis Nov 29, 2015 11:47 AM in response to 9tenths
    Level 10 (207,990 points)
    Applications
    Nov 29, 2015 11:47 AM in response to 9tenths

    Please post a screenshot that shows which keychain you're trying to modify. Be careful not to include any private information.

    Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

  • by 9tenths,

    9tenths 9tenths Nov 30, 2015 7:35 AM in response to Linc Davis
    Level 1 (1 points)
    Nov 30, 2015 7:35 AM in response to Linc Davis

    Hi Linc. It is the System keychain that is giving me problems. I can create (and manipulate) new keychains with no trouble.

  • by Linc Davis,

    Linc Davis Linc Davis Nov 30, 2015 10:29 AM in response to 9tenths
    Level 10 (207,990 points)
    Applications
    Nov 30, 2015 10:29 AM in response to 9tenths

    This procedure is a diagnostic test. It makes no changes to your data.

    Please triple-click anywhere in the line below on this page to select it:

    ls -@Oaen /L*/Keyc* | pbcopy

    Copy the selected text to the Clipboard by pressing the key combination command-C.

    Launch the built-in Terminal application in any of the following ways:

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

    ☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

    ☞ Open LaunchPad and start typing the name.

    Paste into the Terminal window by pressing the key combination command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting.

    Wait for a new line ending in a dollar sign ($) to appear below what you entered.

    The output of the command will be automatically copied to the Clipboard. If the command produced no output, the Clipboard will be empty. Paste into a reply to this message.

    The Terminal window doesn't show the output. Please don't copy anything from there.

  • by 9tenths,

    9tenths 9tenths Dec 1, 2015 5:55 AM in response to Linc Davis
    Level 1 (1 points)
    Dec 1, 2015 5:55 AM in response to Linc Davis

    Here is the response:

     

     

    total 304

    drwxr-xr-x   7 0  0  -            238 Nov 29 08:26 .

    drwxr-xr-x+ 61 0  0  sunlnk      2074 Oct 25 17:45 ..

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -r--r--r--@  1 0  0  -              0 Oct  2 15:36 .fl043D1EDD

      com.apple.quarantine   29

    -r--r--r--   1 0  0  -              0 Oct  2 15:36 .fl947E1BDB

    -rw-r--r--@  1 0  0  restricted 66640 Sep 13 10:51 System.keychain

      com.apple.metadata:_kTimeMachineNewestSnapshot   50

      com.apple.metadata:_kTimeMachineOldestSnapshot   50

    -rw-r--r--   1 0  0  -          33264 Oct  2 15:37 System.keychain-orig

    -rw-r--r--@  1 0  0  -          46184 Oct 18 16:23 apsd.keychain

      com.apple.quarantine   29

  • by Linc Davis,Solvedanswer

    Linc Davis Linc Davis Dec 1, 2015 7:48 AM in response to 9tenths
    Level 10 (207,990 points)
    Applications
    Dec 1, 2015 7:48 AM in response to 9tenths

    Certain files have a property incorrectly set that will prevent them from being changed or deleted while the system is running. That property can only be removed in Recovery mode. If you don't feel that you can carry out this procedure yourself, please get someone more experienced to help you.

    1. Back up all data. There are ways to back up a computer that isn't fully functional. Ask if you need guidance. Don't skip this step.

    2. Disconnect all external storage devices.

    3.Start up in Recovery mode. Select a language, if prompted. The OS X Utilities screen will appear.

    4. This step is only necessary if you use FileVault 2. If you don't know what FileVault is, you're not using it. Go to the next step. Otherwise, launch Disk Utility, then select the icon of the FileVault volume ("Macintosh HD," unless you gave it a different name.) It will be nested below another drive icon. Click the Unlock button in the toolbar and enter your login password when prompted. Then quit Disk Utility to be returned to the main screen.

    5. Select Get Help Online. Safari will launch. While in Recovery, you'll have no access to your bookmarks, but you won't need them. Load this web page.

    6. Triple-click anywhere in the line below to select it:

    chflags norestricted /V*/*/L*/Keyc*/*

    Copy the selected text to the Clipboard by pressing the key combination command-C.

    7. Quit Safari. From the menu bar, select

              Utilities Terminal

    The Terminal application will launch. Paste into the Terminal window by pressing the key combination command-V.

    Wait for a new line ending in a dollar sign ($) to appear. Quit Terminal to be returned to the main screen.

    8. Select

               Restart

    from the menu bar.

    You should now be able to change or delete the file(s) in question.

  • by 9tenths,

    9tenths 9tenths Dec 2, 2015 6:54 AM in response to Linc Davis
    Level 1 (1 points)
    Dec 2, 2015 6:54 AM in response to Linc Davis

    This worked. Thank you Linc! A couple of questions for you:

    1. What may have caused the properties to be set incorrectly? Is there anything that should be done to prevent this from happening?
    2. What did the two commands accomplish?

     

    Thanks again for your help - you saved me from a fresh install!

  • by Linc Davis,

    Linc Davis Linc Davis Dec 2, 2015 7:29 AM in response to 9tenths
    Level 10 (207,990 points)
    Applications
    Dec 2, 2015 7:29 AM in response to 9tenths

    1. I don't know, but at some point you may have restored files from Time Machine by dragging them in the Finder rather than through the time-travel interface. I'm not sure whether there's a connection.

     

    2. Identifying and removing the restrictive property.

  • by JenGresham,

    JenGresham JenGresham Aug 7, 2016 11:39 AM in response to Linc Davis
    Level 1 (4 points)
    Aug 7, 2016 11:39 AM in response to Linc Davis

    Hi Linc,

     

    Would you be able to help me with the similar issue? The keys for my WiFi Keychain access won't delete. I get the UNIX[Operation not permitted] popup.

     

    I've gotten this from your Terminal commands. Do I need different commands when in recovery mode?

     

    total 24440

    drwxr-xr-x  10 0  0   -              340  7 Aug 19:25 .

    drwxr-xr-x+ 67 0  0   sunlnk        2278 23 Dec  2015 ..

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -r--r--r--@  1 0  0   -                0  3 May  2015 .fl043D1EDD

      com.apple.quarantine     29

    -r--r--r--   1 0  0   -                0 21 Dec  2015 .fl947E1BDB

    -r--r--r--   1 0  0   -                0  3 Jan  2013 .fl9F4D481B

    -rw-r--r--   1 0  80  restricted   86420 21 Dec  2015 System.keychain

    -rw-r--r--   1 0  0   -            20460 22 Dec  2012 System.keychain-orig

    -rw-r--r--   1 0  0   -          4941576 24 May  2013 applepushserviced.keychain

    -rw-r--r--@  1 0  0   -            54216 24 Dec  2015 apsd.keychain

      com.apple.quarantine     29

    -rw-r--r--@  1 0  0   -          7399728  1 Sep  2015 apsd.keychain.sb-a810298f-g0OdUf

      com.apple.quarantine     29

     

    Any help would be greatly received!

  • by patrickbnyc,

    patrickbnyc patrickbnyc Sep 21, 2016 9:35 PM in response to JenGresham
    Level 1 (4 points)
    Desktops
    Sep 21, 2016 9:35 PM in response to JenGresham

    After running into this issue for Time Machine, I was able to remove the system key by disabling System Integrity Protection.

    Step 1: Backup your Mac then Boot in Recovery Mode

    Step 2: From Terminal enter 'csrutil disable'

    Step 3: Reboot normally and try deleting the Time Machine system key

    Step 4: Boot in Recovery Mode and an enable csrutil by entering 'csrutil enable' in Terminal

    Step 5: Reboot normally and try accessing your Time Machine (which should create new system key)