If you see Operation not permitted, macOS is blocking Terminal from accessing certain files or folders.

This is a security feature called System Integrity Protection (SIP) or Full Disk Access.

The Most Common Fix: Grant Full Disk Access

  1. Open System Settings (or System Preferences)
  2. Go to Privacy & SecurityFull Disk Access
  3. Click the lock to make changes (enter your password)
  4. Click + and add Terminal (find it in Applications → Utilities)
  5. Restart Terminal

Now try your command again.

What Causes This Error

Protected locations: Some folders are protected even from root:

  • /System/
  • /usr/ (mostly)
  • Some parts of /Library/

SIP-protected files: System files that even sudo can't modify.

TCC (Transparency, Consent, and Control): macOS requires explicit permission for apps to access certain data:

  • Desktop
  • Documents
  • Downloads
  • iCloud Drive
  • External drives
  • Mail, Messages, Safari data

Check If It's a Permissions Issue

ls -la /path/to/file

If you're the owner and have write permission but still get the error, it's likely SIP or TCC - not traditional Unix permissions.

Using sudo

If it's a regular permission issue:

sudo command

But sudo doesn't bypass SIP or TCC. If you still get "Operation not permitted" with sudo, Full Disk Access is the answer.

Terminal Alternatives

If you use iTerm2, VS Code's terminal, or another app:

  1. Go to System Settings → Privacy & Security → Full Disk Access
  2. Add that specific application

Each terminal app needs its own permission.

Disabling SIP (Not Recommended)

You can disable System Integrity Protection, but you shouldn't unless you really know what you're doing:

  1. Restart and hold Command + R to enter Recovery Mode
  2. Open Terminal from the Utilities menu
  3. Run csrutil disable
  4. Restart

This makes your Mac less secure. Most people don't need this.

Common Scenarios

Can't access external drive

Add Terminal to Full Disk Access, then eject and remount the drive.

Can't read Desktop/Documents

Same fix - Full Disk Access.

Can't modify /usr/local

This might be a permissions issue:

sudo chown -R \$(whoami) /usr/local

Homebrew install fails

sudo chown -R \$(whoami) /opt/homebrew

(For Apple Silicon Macs)

rm -rf fails on a folder

Check if SIP protects it:

ls -lO /path/to/folder

If you see restricted, it's SIP-protected.

Check SIP Status

csrutil status

Output: System Integrity Protection status: enabled.

If it's enabled (default), certain operations are blocked regardless of permissions.

Extended Attributes

Sometimes files have special attributes. Check with:

xattr -l filename

Remove them with:

xattr -d com.apple.quarantine filename

The quarantine attribute often causes issues with downloaded files.

The Error Is a Feature

macOS is trying to protect you. Before bypassing security:

  1. Ask if you really need to modify that file
  2. Consider if there's a safer way
  3. Understand what you're doing

Keep Learning

Understanding macOS security makes you more effective in Terminal. The free course covers permissions and more.

Check it out at Mac Terminal for Humans.