Restricted /bin directory after 10.11 upgrade

My /bin directory now has a restricted flag on it. Even with sudo i can't change anything. I tried using chflags to remove it without luck.


% ls -alO / | grep -i restricted !2008

drwxr-xr-x@ 4 root wheel restricted 136 Jun 8 16:17 System

drwxr-xr-x@ 56 root wheel restricted,hidden 1904 Jun 8 16:30 bin

lrwxr-xr-x@ 1 root wheel restricted,hidden 11 Jun 8 16:23 etc -> private/etc

drwxr-xr-x@ 59 root wheel restricted,hidden 2006 Jun 8 16:24 sbin

lrwxr-xr-x@ 1 root wheel restricted,hidden 11 Jun 8 16:23 tmp -> private/tmp

drwxr-xr-x@ 12 root wheel restricted,hidden 408 Jun 8 16:30 usr

lrwxr-xr-x@ 1 root wheel restricted,hidden 11 Jun 8 16:24 var -> private/var


I also tried adding my user to the perms, sudo su as root cant even move files there.


Making it really difficult to edit the scripts i have there.


I even did a permission verify and repair on the disk.


MacBook (Retina, 12-inch, Early 2015)

1.2 GHz Intel Core M

8 GB 1600 MHz DDR3

INTEL HD Graphics 5300 1536 MB


Available: 430.94 GB (430,935,441,408 bytes)

Capacity: 498.95 GB (498,954,403,840 bytes)

Mount Point: /

File System: Journaled HFS+

Writable: Yes

Ignore Ownership: No

BSD Name: disk1


Media Name: APPLE SSD AP0512H Media

Size: 499.31 GB (499,313,168,384 bytes)

Medium Type: SSD

Protocol: PCI-Express

Internal: Yes

Partition Map Type: GPT (GUID Partition Table)

Status: Online

Up vote post of JaredWilliams Down vote post of JaredWilliams
3.3k views
Posted by
JaredWilliams
Reply
Add a Comment

Replies

That's the intended bahavior in 10.11


From the beta 1 release notes:


Notes and Known Issues

Installation

Note

After upgrading to OS X v10.11 Developer Beta, applications that write to protected/system locations may no longer function correctly.


It was also mentioned in the Keynote and Platform State of the Union sessions. There was reference to the ability to turn it off for testing, but I haven't come across that session/documentation yet.

Posted by
sdagley
Up vote reply of sdagley Down vote reply of sdagley
Add a Comment

Its called SIP (System Integrity Protection)


We talked about it earlier here....

https://forums.developer.apple.com/message/7098#7098


You can disable it by booting into the Recovery Partition and look under the Utilities menu.

Posted by
cashxx
Up vote reply of cashxx Down vote reply of cashxx
Add a Comment

So, inline with this question...


I also noticed that "/System/Library/LaunchDaemons" is also "restricted". The thing is, I want to change the default SSH port... In previous OS X version, I would edit the ssh.plist file in this folder. Now, with SIP activated I can't do that. What's the recommended way to change SSH port withough deactivating SIP?

Posted by
spencerdiniz
Up vote reply of spencerdiniz Down vote reply of spencerdiniz
Add a Comment