I think I mentioned this in a post to the list a couple of years ago but I didn't go into detail at the time.
First of all, by default the root user on a mac is not enabled; in order to discourage use of root, there is no root password set up by default and root is not directly enabled. Most root functions can be carried out by an administrative user using sudo. It is possible to enable root using an application called Directory Utility. This used to be in /Applications/Utilities but is now in /System/library/CoreServices/Applications. However, a couple of years ago, Apple decided that this was not enough protection. Something called "System Integrity Protection" was implemented. According to Apple, "SIP prevents improper modification of core OS X system items and processes. SIP does this by acting as a meta-permission that prevents write access to system items and processes." Now, users and processes with root can't modify core OS X system items and processes. This "protection" includes /System, /bin, /sbin, and /usr. The only exceptions to this are /System/Library/User Template and (thankf ully) /usr/local. SIP can be bypassed, either temporarily or permanently. To do it temporarily, one would boot into a recovery system or a system older than the El Capitan installation. This starts up the computer without SIP and then modifications that need these accesses can be done and then SIP takes over again when the computer is restarted with El Capitan or later. To do it permanently, or at least until you deliberately decide to undo your change, you start up from OS X recovery. You then open terminal and type "crsutil disable" and the setting is set to the Mac's firmware. Then any El Capitan system or Sierra system, which would usually enable SIP on boot, will not do so. One can then re-enable SIP by returning to OS X Recovery and in terminal typing "csrutil enable". You check the status of SIP by typing "csrutil status" (without the quotes) from Terminal; this doesn't require booting into the recovery system. You disable SIP in the OS X Recovery system by typing csrutil disable Then you reboot back into your normal system and it will stay disabled until you change it back. To enable csrutil when you have had it disabled, you again go into System Recovery and in terminal type csrutil enable This is what I have chosen to do because I want brltty in /bin and I have other programs for which I do not want my access to the areas listed above blocked. However, one can install in /usr/local or /opt/local with no problem without doing anything about SIP if one wishes to do so using the available configuration options for brltty as well as other programs installed via Terminal. -- Cheryl May the words of my mouth and the meditation of my heart be acceptable to You, Lord, my rock and my Redeemer. (Psalm 19:14 HCSB) On Sep 1, 2017, at 6:27 PM, Dave Mielke <[email protected]> wrote: [quoted lines by rmgls on 2017/09/01 at 20:48 +0200] > But we need to know that /usr/bin is unwritable and brltty > Must be installed in a writable path. I'm not understanding, but maybe it's something about Macs that I don't know. Are you saying that /usr/bin is simply nwritable, or that you don't want to risk writing to it? -- Dave Mielke | 2213 Fox Crescent | http://Mielke.cc/ Phone: 1-613-726-0014 | Ottawa, Ontario | http://Mielke.cc/bible/ EMail: [email protected] | Canada K2A 1H7 | The Bible is the very Word of God. _______________________________________________ This message was sent via the BRLTTY mailing list. To post a message, send an e-mail to: [email protected] For general information, go to: http://brltty.com/mailman/listinfo/brltty _______________________________________________ This message was sent via the BRLTTY mailing list. To post a message, send an e-mail to: [email protected] For general information, go to: http://brltty.com/mailman/listinfo/brltty
