Working with your Mac’s Terminal Utility but getting the error message “Operation not permitted?” Are Terminal commands that used to work in macOS High Sierra and Sierra not working?
If so you are not alone, quite a few of our advanced Mac readers tell us that their work is stymied by this “operation not permitted” error message. They see this error on advanced commands like super-user sudo and change ownership chown commands but also on simple commands like the list directory command ls and others. What a mess!
Many users are confronted with this irritating error message since updating to macOS Catalina-Mojave.
It occurs when running third-party applications or after inputting command lines in Terminal—no matter how simple the request is!
The “Operation not permitted” error message even appears when trying to read certain directories in the local user!
macOS is reliable and well-protected, but sometimes those protections go over the top. Find out what causes the “Operation not permitted” error message and learn how to fix it.
Contents
- It Starts With Apple’s System Integrity Protection
- How-To Fix App or Terminal Error Operation Not Permitted by Granting Terminal or An App Full Disk Access
- Getting Error Message Operation Not Permitted in macOS High Sierra, Sierra, or El Capitan?
- Want Another Way? Be Cautious!
- Unable to Read User Library Files in macOS? Do you see Operation Not Permitted Message?
- Reader tips
So what exactly is causing this frustration and how can you remedy it?
The good news is that it’s pretty darn easy to fix–we just need to update some of your Mac’s security and protection settings!
Related Posts:
- 3 Tips Using Terminal Command to Speed Up Your Mac
- How to Fix macOS Mojave Battery Draining Issue
- Your Mac Was Unable to Communicate With Your Apple Watched Error Message, How-to Fix
It Starts With Apple’s System Integrity Protection
Starting with macOS Mojave, Apple’s added some additional security measures via SIP (System Integrity Protection) to keep your operating system running smoothly. In fact, many of these new “features” closely resemble how iOS works with app permissions on your iPhones and iPads!
System Integrity Protection (SIP) is Apple’s way of protecting your Mac from malicious software. The way SIP works is to lock down sensitive areas of the OS so only Apple can access them.
This process is typically done by official updates or Apple installers. The result is that users and third-party apps occasionally can’t read-or-write in the places that they need to work.
This restriction causes most “Operation not permitted” error messages
While SIP was present since El Capitan, Apple expanded its protection in Mojave and above. As a result, many people are getting errors where they weren’t before. SIP still allows access to some directories, like ~/Applications, but totally locks down others like ~/System or ~/usr.
SIP’s (System Integrity Protection) job is to keep ALL TYPLE OF USERS, including admin users from changing what Apple considers critical operating files.
And that’s good and bad.
Good for folks who mess around with their systems without really knowing what they are doing And bad for folks that actually do know what they’re doing.
But like most things in the Apple World and in life, there’s a workaround.
You can read what Apple has to say about SIP on their website. But to find out what you can do about it, just read on below.
So let’s get to it!
How-To Fix App or Terminal Error Operation Not Permitted by Granting Terminal or An App Full Disk Access
There are two possible solutions if you encounter the “Operation not permitted” error message. However, be warned that each solution weakens the security of your machine to some extent.
It’s recommended that you keep a recent backup and only continue if you’re confident with computers.
Also, check around for other alternatives before trying our solutions. You may find another way around what you’re trying to do that’s easier and safer. You could even contact Apple directly to see if they can help.
The first, and definitely preferred, solution is to permit Full Disk Access to the application that you’re trying to use.
Most commonly, users encounter the error message when running command lines in Terminal.
But you may have come across it while using a third-party app. Either way, the first thing to try is to give the relevant app or utility Full Disk Access.
This is akin to putting is on a White List for Apple’s SIP and allows read-or-write access to all directories.
How-To Grant An App or Terminal Full Disk Access
Granting Full Disk Access to any apps or utilities (including Apple’s native ones like Terminal) is potentially problematic, especially if you are not familiar with macOS.
Steps to fix “operation not permitted” by giving full disk access
- Close the app you need to grant full disk access to first
- It’s also a good idea to close all other apps and restart your Mac (*not required but recommended)
- Open System Preferences > Security & Privacy > Privacy Tab
- Select Full Disk Access from the left sidebar
- If you can’t make changes, unlock your disk by pressing the padlock icon in the lower-left corner and enter your Administrator Password
- Tap the + symbol
- Add the App or Terminal to your approved apps with Full Access. If you didn’t close the app previously, close the app now if it’s already running and then add it to the list for full disk access
- Restart the App or Terminal and see if it now accepts your commands
- For apps, upon reopening, grant it access to make changes to your computer if needed
- You should only need to do this ONCE for each app or Terminal
- Don’t See Full Disk Access in Security & Privacy Settings?
If you don’t see Full Disk Access in the Privacy tab in Security & Privacy System Preferences, first check that your Mac runs macOS 10.14 or above. This option is not available on earlier macOS versions.
If you confirm your Mac runs macOS Mojave and above, try restarting using another user account and see if the option appears.
Getting Error Message Operation Not Permitted in macOS High Sierra, Sierra, or El Capitan?
If you use earlier versions of macOS or Mac OS X El Capitan and you get this message, then your best recourse is to follow the second solution listed below of temporarily disabling your Mac’s System Integrity Protection, known commonly as SIP.
Want Another Way? Be Cautious!
This second, and more drastic, solution is to turn off Apple’s System Integrity Protection (SIP) entirely.
Doing so potentially opens up your machine to a whole world of vulnerabilities and should be done with extreme caution. Only consider this option if you’ve exhausted all the alternatives and are comfortable running command lines in Terminal.
Again, this extreme solution is not recommended for most users.
Temporarily Turn Off Your Mac’s System Integrity Protection (Recommended For Advanced Users Only!)
- Restart in Recovery Mode (press and hold Command + R at startup)
- Open the Terminal Utility
- Type the command csrutil disable
- This gives you full, unrestricted access to your Mac’s entire operating system and every file–so again, advanced users only
- For Terminal Users;
- Restart your Mac and open Terminal again
- Use Terminal with the commands that resulted in operation not permitted errors
- When done, follow steps 1-2 and turn SIP back on using the command csrutil enable
- Restart your Mac and SIP should be back in business
Don’t let the simplicity of these commands fool you, choosing to turn off SIP should not be taken lightly.
However, once it has been switched off, you’ll be totally unrestricted throughout the directories. No more will that pesky “Operation not permitted” error message bother you.
Turn SIP back on once you complete your tasks that require this type of access.
How to turn on SIP
- Restart your Mac and hold Command + ‘R’ as it turns back on
- Click Utilities and open Terminal
- Type the following command and hit Enter: csrutil enable
Check The Status of Your macOS’s SIP (System Integrity Protection)
If you’re unsure whether your Mac has SIP enabled or disabled, use a simple Terminal Command to check!
- Open Terminal from Applications > Utilities
- Type in this command exactly: csrutil status
- Look for one of these messages:
- System Integrity Protection status: enabled
- System Integrity Protection status: disabled
Change the status following the instructions above. Remember to restart after making ANY change to your Mac’s SIP. If that doesn’t work, reboot your Mac in Recovery Mode (Command + R) and enter Terminal via Recovery. Then type in your SIP command.
Unable to Read User Library Files in macOS? Do you see Operation Not Permitted Message?
Some readers let us know that by adding Terminal and other apps to the list of programs allowing Full Disk Access, they could also access and read directories and files in their user library.
Apple expanded macOS’ SIP (System Integrity Protection) in macOS 10.14+ to include certain system and library folders and files in the user’s home directory. Where you previously could open and access these user files and directories in earlier macOS High Sierra/Sierra, in macOS Mojave, Catalina, and above (i.e. 10.14+), these files, etc. are no longer readable without disabling SIP or granted Full Disk Access.
As a reminder, to grant access to an app go to System Preferences > Security & Privacy > Full Disk Access and add the app you want to give access to.
Let us know in the comments about your experiences with the “Operation not permitted” error message. Did our troubleshooting steps help you out, or did you need to find another way?
Reader tips
- My solution was to instead give Full Disk Access to /bin/bash. To do so,
- Go to System Preferences > Security & Privacy > Privacy > Full Disk Access
- Click the lock and enter an admin password to allow changes
- Open a NEW finder window
- Go to your Mac’s operating hard drive (usually named Macintosh HD by default) and then click these three keys at the same time: Command + Shift + . (period symbol). This allows you to see your Mac’s hidden files–select /bin. Make sure you are at to root directory of your Mac and not your user directory!
- You can also use Finder’s Go > Go to folder… and enter /bin/bash
- Drag /bin/bash to the Full Disk Acces list
- Press the lock icon to prevent any further changes
Dan writes tutorials and troubleshooting guides to help people make the most of their technology. Before becoming a writer, he earned a BSc in Sound Technology, supervised repairs at an Apple Store, and even taught English in China.
Hb3 says
Very helpful thanks!
Wolfenhawke says
Thank you. Providing Disk Utility disk access was the trick to creating password protected folders on an attached drive. Kept getting “Operation not permitted” error.
brennen says
Terminal was already granted full disk access but I still got the same error. After disable SIP i got a read only error. Then after giving bin/bash full disk access nothing changed.
Yann says
I got the exact same sequence here.
Derek Chow says
perfectly solved, thank you
Laurent Daudelin says
Doesn’t work for me. Terminal already has full disk access. I disabled SIP, still operation not permitted on a damn “in_progress” directory on my Time Machine backup disk. I’m afraid I will have to reinitialize the disk and lose all my previous backups 🙁
tony says
Thanks!
Adding Full Disk Access fixed it!
Jürgen says
Hi Dan,
using mojave – I added both terminal and bash to the full disk access, terminal will still give the same error message. restarted mac, double checked the access – still no effect. Are there any other options? sip, I am hesitant about that…
Dusko Skoko says
Hi Dan,
I haven’t tried yet giving the Terminal Full Disk Access BUT I disable SIP. When I tried to remove sleep image I’m still getting “Operation not permitted”. Usually I don’t mess around with Terminal very often but for some reason I like to remove Sleep image and I never had problems before, just since I upgrade to Catalina. Any solution?
Thanks
Elizabeth Jones says
HI Dusko,
Yes, Apple built in more protection measures into macOS with Mojave and Catalina.
Let’s try this and see if it works:
Open a new Finder window and choose the Go > Go to folder
Type in this /private/var/vm/sleepimage
Right-click and choose Move to trash
Choose Delete (as it notes, this action is not recoverable!)
See if it allows you, if not you will need to use Terminal to remove it and first allow it full disk access as this article outlines
Liz
Sophia says
Okay – – – – – the problem (on my computer at least) since I upgraded to Catalina was not EITHER of the two problems that you mentioned.
The problem is that when I edit some files with BBEdit, it sets these things called “Extended Attributes” on files – – – – – and for some reason Catalina (either in response to _specific_ attributes or in response to the _presence_ of attributes) does not permit the operation of the command.
I had to use the ‘xattr” utility to clear the extended attributes from the file. Once this was done, the problem was solved.
Mick says
Awesome thank you 🙂
Sophia says
I haven’t tried the second workaround (and am hesitant to do so) – – – but I tried the first workaround and it had NO EFFECT AT ALL. After the terminal app quit and was restarted the SAME ERROR MESSAGE PERSISTED without any change. This problem only occurred when I made the mistake of upgrading to Catalina. Wish I hadn’t done that.
Elizabeth Jones says
Hi Sophia,
What were you trying to do when you got the error “operation not permitted?” Make sure you grant whatever app you were using when you got this error Full Disk Access–the example shows Terminal, where this error frequently occurs, but if you were using a different app when you saw this error–that’s the app you need to grant access to.
Also, close the app in question (the one that needs full disk access) before you grant these permissions it in your settings.
Fernando says
Is it possible to grant full access to only a few specific directories?
Elizabeth Jones says
Hi Fernando,
You can grant Full Fisk Access to only certain apps, but you cannot specify which directories are accessible to those apps.
Cathy says
Still not working for me on Catalina after granting full disk access to Terminal.
Micah says
Same boat… I tried dragging /bin/bash to Full Disk Access, but no good. Apple Support is not helpful… They wanted me to copy and move stuff with Finder versus Terminal (or XQuartz). The tech didn’t understand that this problem is pervasive outside of simple commands like cp or mv.
jeff says
Didn’t work when adding Terminal for full disk access. It still throws the warning…Operation not permitted. I am in as root.
Elizabeth Jones says
Hi Jeff,
What macOS version does your system use?
Andy says
I think this is complete madness. Adding the Full Disk Access for terminal (and XQuartz, for that matter) does not solve the problem. Even the second solution above is worded in such a way that it implies that each time I want to use “ls” I should reboot, deactivate the SIP, then reenable this afterwards. I hope this is not a general indication of where the Apple OS is going.
Charlie Kilpatrick says
I had this same problem. Try hittng Shift-Command-G and go to /bin.
Then from the Finder drag your “bash” executable into the allowed apps window for Full Disk Access (you can’t otherwise add bash via the “+” button in your preferences window).
Restart XQuartz and you should be able to use XQuartz normally again.
Discovered this solution on Stack Overflow
Le Vu says
I would like to grant A Terminal Full Disk Access but I have to do that for 100 of machines. I want to automate that process and not manually go to each machine to go to Open System Preferences > Security & Privacy > Privacy Tab .
Do you know if there is a command for me use so I can automate that step?
Thanks,
Le
Lizzy says
Yes! Oh my goodness this was driving me cracking crazy.
Thank you, thank you Dan.
Great advice fir those of us used to using Terminal and frustrated by this error in macOS Mojave.
Bless ya for real,
Lizzy