Working with your Mac’s Terminal Utility but getting the error message “Operation not permitted?” Are Terminal commands that used to work in macOS High Sierra and Sierra not working?
If so you are not alone, quite a few of our advanced Mac readers tell us that their work is stymied by this “operation not permitted” error message. They see this error on advanced commands like super-user sudo and change ownership chown commands but also on simple commands like the list directory command ls and others. What a mess!
Many users are confronted with this irritating error message since updating to macOS Catalina-Mojave.
It occurs when running third-party applications or after inputting command lines in Terminal—no matter how simple the request is!
The “Operation not permitted” error message even appears when trying to read certain directories in the local user!
macOS is reliable and well-protected, but sometimes those protections go over the top. Find out what causes the “Operation not permitted” error message and learn how to fix it.
So what exactly is causing this frustration and how can you remedy it?
The good news is that it’s pretty darn easy to fix–we just need to update some of your Mac’s security and protection settings!
- 1 It Starts With Apple’s System Integrity Protection
- 2 How-To Fix App or Terminal Error Operation Not Permitted by Granting Terminal or An App Full Disk Access
- 3 Getting Error Message Operation Not Permitted in macOS High Sierra, Sierra, or El Capitan?
- 4 Want Another Way? Be Cautious!
- 5 Unable to Read User Library Files in macOS? Do you see Operation Not Permitted Message?
- 6 Reader tips
- 3 Tips Using Terminal Command to Speed Up Your Mac
- How to Fix macOS Mojave Battery Draining Issue
- Your Mac Was Unable to Communicate With Your Apple Watched Error Message, How-to Fix
It Starts With Apple’s System Integrity Protection
Starting with macOS Mojave, Apple’s added some additional security measures via SIP (System Integrity Protection) to keep your operating system running smoothly. In fact, many of these new “features” closely resemble how iOS works with app permissions on your iPhones and iPads!
System Integrity Protection (SIP) is Apple’s way of protecting your Mac from malicious software. The way SIP works is to lock down sensitive areas of the OS so only Apple can access them.
This process is typically done by official updates or Apple installers. The result is that users and third-party apps occasionally can’t read-or-write in the places that they need to work.
This restriction causes most “Operation not permitted” error messages
While SIP was present since El Capitan, Apple expanded its protection in Mojave and above. As a result, many people are getting errors where they weren’t before. SIP still allows access to some directories, like ~/Applications, but totally locks down others like ~/System or ~/usr.
SIP’s (System Integrity Protection) job is to keep ALL TYPLE OF USERS, including admin users from changing what Apple considers critical operating files.
And that’s good and bad.
Good for folks who mess around with their systems without really knowing what they are doing And bad for folks that actually do know what they’re doing.
But like most things in the Apple World and in life, there’s a workaround.
You can read what Apple has to say about SIP on their website. But to find out what you can do about it, just read on below.
So let’s get to it!
How-To Fix App or Terminal Error Operation Not Permitted by Granting Terminal or An App Full Disk Access
There are two possible solutions if you encounter the “Operation not permitted” error message. However, be warned that each solution weakens the security of your machine to some extent.
It’s recommended that you keep a recent backup and only continue if you’re confident with computers.
Also, check around for other alternatives before trying our solutions. You may find another way around what you’re trying to do that’s easier and safer. You could even contact Apple directly to see if they can help.
The first, and definitely preferred, solution is to permit Full Disk Access to the application that you’re trying to use.
Most commonly, users encounter the error message when running command lines in Terminal.
But you may have come across it while using a third-party app. Either way, the first thing to try is to give the relevant app or utility Full Disk Access.
This is akin to putting is on a White List for Apple’s SIP and allows read-or-write access to all directories.
How-To Grant An App or Terminal Full Disk Access
Granting Full Disk Access to any apps or utilities (including Apple’s native ones like Terminal) is potentially problematic, especially if you are not familiar with macOS.
Steps to fix “operation not permitted” by giving full disk access
- Close the app you need to grant full disk access to first
- It’s also a good idea to close all other apps and restart your Mac (*not required but recommended)
- Open System Preferences > Security & Privacy > Privacy Tab
- Select Full Disk Access from the left sidebar
- If you can’t make changes, unlock your disk by pressing the padlock icon in the lower-left corner and enter your Administrator Password
- Tap the + symbol
- Add the App or Terminal to your approved apps with Full Access. If you didn’t close the app previously, close the app now if it’s already running and then add it to the list for full disk access
- Restart the App or Terminal and see if it now accepts your commands
- For apps, upon reopening, grant it access to make changes to your computer if needed
- You should only need to do this ONCE for each app or Terminal
- Don’t See Full Disk Access in Security & Privacy Settings?
If you don’t see Full Disk Access in the Privacy tab in Security & Privacy System Preferences, first check that your Mac runs macOS 10.14 or above. This option is not available on earlier macOS versions.
If you confirm your Mac runs macOS Mojave and above, try restarting using another user account and see if the option appears.
Getting Error Message Operation Not Permitted in macOS High Sierra, Sierra, or El Capitan?
If you use earlier versions of macOS or Mac OS X El Capitan and you get this message, then your best recourse is to follow the second solution listed below of temporarily disabling your Mac’s System Integrity Protection, known commonly as SIP.
Want Another Way? Be Cautious!
This second, and more drastic, solution is to turn off Apple’s System Integrity Protection (SIP) entirely.
Doing so potentially opens up your machine to a whole world of vulnerabilities and should be done with extreme caution. Only consider this option if you’ve exhausted all the alternatives and are comfortable running command lines in Terminal.
Again, this extreme solution is not recommended for most users.
Temporarily Turn Off Your Mac’s System Integrity Protection (Recommended For Advanced Users Only!)
- Restart in Recovery Mode (press and hold Command + R at startup)
- Open the Terminal Utility
- Type the command csrutil disable
- This gives you full, unrestricted access to your Mac’s entire operating system and every file–so again, advanced users only
- For Terminal Users;
- Restart your Mac and open Terminal again
- Use Terminal with the commands that resulted in operation not permitted errors
- When done, follow steps 1-2 and turn SIP back on using the command csrutil enable
- Restart your Mac and SIP should be back in business
Don’t let the simplicity of these commands fool you, choosing to turn off SIP should not be taken lightly.
However, once it has been switched off, you’ll be totally unrestricted throughout the directories. No more will that pesky “Operation not permitted” error message bother you.
Turn SIP back on once you complete your tasks that require this type of access.
How to turn on SIP
- Restart your Mac and hold Command + ‘R’ as it turns back on
- Click Utilities and open Terminal
- Type the following command and hit Enter: csrutil enable
Check The Status of Your macOS’s SIP (System Integrity Protection)
If you’re unsure whether your Mac has SIP enabled or disabled, use a simple Terminal Command to check!
- Open Terminal from Applications > Utilities
- Type in this command exactly: csrutil status
- Look for one of these messages:
- System Integrity Protection status: enabled
- System Integrity Protection status: disabled
Change the status following the instructions above. Remember to restart after making ANY change to your Mac’s SIP. If that doesn’t work, reboot your Mac in Recovery Mode (Command + R) and enter Terminal via Recovery. Then type in your SIP command.
Unable to Read User Library Files in macOS? Do you see Operation Not Permitted Message?
Some readers let us know that by adding Terminal and other apps to the list of programs allowing Full Disk Access, they could also access and read directories and files in their user library.
Apple expanded macOS’ SIP (System Integrity Protection) in macOS 10.14+ to include certain system and library folders and files in the user’s home directory. Where you previously could open and access these user files and directories in earlier macOS High Sierra/Sierra, in macOS Mojave, Catalina, and above (i.e. 10.14+), these files, etc. are no longer readable without disabling SIP or granted Full Disk Access.
As a reminder, to grant access to an app go to System Preferences > Security & Privacy > Full Disk Access and add the app you want to give access to.
Let us know in the comments about your experiences with the “Operation not permitted” error message. Did our troubleshooting steps help you out, or did you need to find another way?
- My solution was to instead give Full Disk Access to /bin/bash. To do so,
- Go to System Preferences > Security & Privacy > Privacy > Full Disk Access
- Click the lock and enter an admin password to allow changes
- Open a NEW finder window
- Go to your Mac’s operating hard drive (usually named Macintosh HD by default) and then click these three keys at the same time: Command + Shift + . (period symbol). This allows you to see your Mac’s hidden files–select /bin. Make sure you are at to root directory of your Mac and not your user directory!
- You can also use Finder’s Go > Go to folder… and enter /bin/bash
- Drag /bin/bash to the Full Disk Acces list
- Press the lock icon to prevent any further changes