Why does chown report "Operation not permitted" on OS X?
Yes, Mac has many enhancements to Unix in the area of files. Ignoring the whole resource fork thing which is not used much anymore, there are:
- the standard Unix permissions
ugorwxand so on. Normal Unix tools apply. - ACL's, viewable with
ls -leand changeable withchmod [ -a | +a | =a ]. - file flags viewable with
ls -lO(Capital oh, not zero) and changeable withchflags. - extended attributes, viewable with
ls -l@(attribute keys only) and viewable and changeable withxattr. (Usexattr -hfor help ifman xattrdoes not give you anything.) - Starting with OS X 10.11 "El Capitan", System Integrity Protection (SIP) further protects some files from changes from ordinary processes, even when using
sudoto run asroot. Files protected by SIP will be listed byls -lOas having therestrictedflag and/or be listed byls -l@as having thecom.apple.rootlessattribute.
You can be denied operations on a file because of Unix permissions, ACLs, file flags, or SIP. To fully unlock a file:
sudo chmod -N file # Remove ACLs from file
sudo chmod ugo+rw file # Give everyone read-write permission to file
sudo chflags nouchg file # Clear the user immutable flag from file
sudo chflags norestricted file # Remove the SIP protection from file
sudo xattr -d com.apple.rootless file # Remove SIP protection from file
If System Integrity Protection (SIP) is enabled, sudo chflags norestricted and sudo xattr -d com.apple.rootless will also return an "Operation not permitted" error. To clear the flag and/or attribute you need to boot into macOS Recovery and either run the commands from Terminal (you may have to first use Disk Utility to unlock and mount your boot drive, then remember your files will be under /Volumes/Macintosh HD or whatever your boot drive is named) or disable SIP altogether and then reboot and the commands should then work. Be aware, however, that future OS updates will likely restore the restricted flag and com.apple.rootless attribute to any files you removed it from.
Disabling SIP is not recommended as it removes lots of protection against malware and accidental damage, plus it is not necessary when you can simply remove the protection on a per-file basis. If you do disable SIP, re-enable it when you are done making changes.
Note that if ls -lO shows the schg flag is set, you have to get into single-user mode to unset it. I'm not going to get into that here as there are bigger questions about why the file has that flag set and why you are trying to mess with it and what the consequences will be.
I had the same problem. It turns out that the offending files were marked as "Locked" by the OS. I found this solution and it solved the problems in seconds:
http://explanatorygap.net/2005/07/10/unlocking-files-recursively-from-the-command-line/
It seems like the
rmcommand has changed in Tiger such that if you userm -Rfwith elevated privileges, it will automatically unlock the files.
In OS X before Tiger: find /Volumes/Transit -flags +uchg -print0 | xargs -0 chflags nouchg
In OS X after Tiger: sudo rm -Rf foldername/
Also, even after OS X 10.4, there may be file metadata flags such as uchg and uappnd, which prevent any modification of the file permissions or ownership. chflags can remove
the flags.
Some of the file attributes/metadata and how they are handled by different copy tools are here.
I had the same problem with the Crashplan.app.
All the solutions listed here would not help me, but this one did the trick: http://forums.macrumors.com/showthread.php?t=1546163
You have to change the system and user immutable flags:
Do this to see which flags are active on your file/folder:
ls -lhdO MyFile
The response might look like this:
drwxrwxr-x 3 root admin schg,uchg 102B Apr 8 2013 MyFile
schg,uchg are those immutable flags. One for the system and one for the user. To remove them, do the following:
chflags noschg CrashPlan.app # this removes system immutable flag
chflags nouchg CrashPlan.app # this removes the user immutable flags
Then, for me at least, the file is unlocked and you can delete it!