32

After updating to big sur, I can no longer mount the root as writable (even with SIP disabled):

sudo mount -uw /
mount_apfs: volume could not be mounted: Permission denied
mount: / failed with 66

How can I fix this?

bmike
  • 235,889
Sam Denty
  • 689

2 Answers2

26

DISCLAIMER: have a good backup and plan to erase and reinstall your Mac from the internet before trying this procedure. A mistake can prevent your system from starting without assistance.

  1. Disable FileVault
  2. Reboot into recovery mode and run: 
    csrutil authenticated-root disable
  3. Reboot back into MacOS
  4. Find your root mount's device - run mount and chop off the last s, e.g. if your root is /dev/disk1s2s3, you'll mount /dev/disk1s2
  5. Create a new directory, for example ~/mount 
    mkdir -p -m777 ~/mount
  6. Run sudo mount -o nobrowse -t apfs DISK_PATH MOUNT_PATH, using the values from above 
    sudo mount -o nobrowse -t apfs /dev/disk1s2 ~/mount
  7. Modify the files under the mounted directory
  8. Run sudo bless --folder MOUNT_PATH/System/Library/CoreServices --bootefi --create-snapshot
  9. Reboot your system, and the changes will take place
seunggabi
  • 103
Sam Denty
  • 689
  • DISK_PATHis /dev/disk1s2, MOUNT_PATH is ~/mount, I assume? – nohillside Jul 06 '20 at 06:17
  • 7
    WARNING If you follow these instructions you will not be able to reenable FileVault! – user3439894 Dec 23 '20 at 12:55
  • 2
    How is this managed to work? You cannot unmount something that runs your terminal and zsh/ bash /sh whatever you need to run it? I cannot manage to get this working as mount_apfs: volume could not be mounted: Resource busy failed with 75 – Dominik Bucher Feb 05 '21 at 01:05
  • 3
    I'm getting exactly what @DominikBucher says on an M1 (Apple Silicon) with latest Big Sur installed. When mounting from recovery and modifying, for instance, files under /System/Library/LaunchDaemon/ with both SIP and SSV disabled (SSV = https://eclecticlight.co/2020/06/25/big-surs-signed-system-volume-added-security-protection/), any modifications performed are not persisted once I boot back into OSX :/ – brainstorm Feb 12 '21 at 02:12
  • Even with Big Sur 11.0.1 (not the latest), it gives mount_apfs: volume could not be mounted: Resource busy and fails with 75, like what @DominikBucher and @brainstorm said. – auspicious99 Apr 28 '21 at 11:24
  • 1
    @brainstorm Like you, I was able to successfully mount r/w in recovery and modify files, but lost all the modifications when I rebooted. I think it is because step 8 (the bless command) fails to even create a snapshot, much less bless it. I also tried another way to create a snapshot, /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs_systemsnapshot -v <volume mount point> -r "" from https://www.tonymacx86.com/threads/solved-disable-system-file-protection-in-big-sur.302406/ but that also gave an error, so I rebooted back without a snapshot of my changes, and lost them all .. – auspicious99 Apr 28 '21 at 16:05
  • Interesting, related recent read about bputil: https://eclecticlight.co/2021/05/21/m1-secure-boot-morphine-and-self-destruction/ – brainstorm May 21 '21 at 12:08
  • I'm unable to get this to work on MacOS 11.6.5. Like the previous commenter noted, creating a snapshot with bless fails: Couldn't create snapshot on volume /Users/me/mount: Operation not permitted – GolDDranks Apr 10 '22 at 08:50
  • 1
    I got it to work finally. The problem was that authenticated-root was not properly disabled. I run MacOS in VMWare, and disabled SIP using this guide: https://itectec.com/askdifferent/how-to-disable-sip-when-big-sur-is-installed-in-a-vmware-fusion-player-virtual-machine/ but disabling authenticated-root was missing from the hex value stored to NVRAM. Using value ff0f0000 instead of 7f000000 did the trick. – GolDDranks Apr 10 '22 at 15:22
  • The --folder option is only supported for external devices on Apple Silicon Macs. % sudo bless --folder ~/mount/System/Library/CoreServices --bootefi --create-snapshot, bless: For Apple Silicon Macs, the 'folder' option is only supported for external devices. But the --mount option (and the --setBoot option) seems to work. % sudo bless --mount ~/mount/System/Library/CoreServices --setBoot --create-snapshot link – H.Katsura Sep 29 '23 at 03:57
20

My company requires to read/write environment informations under /data/webapps/appenv. Therefore, this workaround shared by a colleague of mine might not answer this question directly, but it is super useful if you want to write something under your root path!

  1. Create a file: sudo vim /etc/synthetic.conf.

  2. Write content: <dir>⇥/System/Volumes/Data/<dir>. Notice: the is a tab!

    In my case, it looks like this: data⇥/System/Volumes/Data/data

  3. Go to /System/Volumes/Data and do sudo mkdir <dir>.

  4. Then do sudo chmod -R 777 <dir>.

  5. Finally, reboot, and your directory <dir> should now be accessible.

dan
  • 12,177
  • 8
  • 58
  • 136
Seaky Lone
  • 317
  • 5
    I don’t know why this was downvoted. Maybe because the answer is formulated in an anecdotal way, but AFAICS it points to the preferable way of creating symlinks or directories under / on Big Sur, namely “synthetic firmlinks”, see man synthetic.conf or https://derflounder.wordpress.com/2020/01/18/creating-root-level-directories-and-symbolic-links-on-macos-catalina/ – hans_meine Apr 03 '21 at 18:55
  • 5
    This is the actual correct answer that solves the XY problem here – Andrew Faulkner Jun 09 '21 at 18:24
  • This is a solution to the problem, but not an answer to the question. So I understand it not being the top answer. Thank you though, as this solves my exact problem in a less hacky way. – tschundler Jul 26 '21 at 23:16
  • I'm not sure this helps you exctaly as I don't know the reason you want writeable, but if you just one folder like me that needs rw for projects, just open "System Preferences" -> "Disk Utility" and create a volume on your disk. Very easy and painless. – Marco Feb 05 '22 at 19:53
  • Beware disinformation from posters on discussions.apple.com - see https://archive.ph/V5BWp for a bunch of misinformation on this topic - which Apple then censored entirely. – WHO'sNoToOldRx4Covid-CENSORED May 22 '23 at 19:36
  • From what I tried you should remove the leading "/" from the mounted dir. For example the synthetic.conf line would be ⇥System/Volumes/Data/ – Alex Efimov Mar 14 '24 at 09:22