Fix Terminal “Operation not permitted” Error in macOS Sonoma, Ventura, Monterey, Big Sur, Catalina, Mojave
If you’re a Mac command line user you may have noticed that many frequently used commands entered into the Terminal (or iTerm) result in an “Operation not permitted” error message since updating to MacOS Mojave 10.14 or later, including Sonoma, Ventura, Monterey, and Big Sur. The “Operation not permitted” error in the Terminal can be seen after issuing even simple commands like using ‘ls’ ‘mv’ and ‘cp’ within the users own directory, but also in many other directory locations on the Mac, and when trying to use many defaults commands. Obviously this type of error message makes navigating and using the command line in MacOS to be quite difficult if not impossible for many purposes. Don’t worry, the Terminal is not broken in new MacOS versions.
This walkthrough will show you how to fix “Operation not permitted” error messages seen at the command line in Terminal for Mac OS in Mojave 10.14 or later.
How to Fix “Operation not permitted” Error in Terminal for Mac OS
- Pull down the Apple menu and choose ‘System Preferences’
- Choose “Security & Privacy” control panel
- Now select the “Privacy” tab, then from the left-side menu select “Full Disk Access”
- Click the lock icon in the lower left corner of the preference panel and authenticate with an admin level login
- Now click the [+] plus button to add an application with full disk access
- Navigate to the /Applications/Utilities/ folder and choose “Terminal” to grant Terminal with Full Disk Access privileges
- Relaunch Terminal, the “Operation not permitted” error messages will be gone
If you have not encountered the “Operation not permitted” error message in the Terminal of MacOS (Mojave 10.14 or later) yet, then it’s likely because you haven’t wandered into a directory or file path that has the additional access restrictions (or that you don’t use Terminal, in which case this entire article is not for you).
While many of the various core System and root directories will throw error messages in macOS Terminal too, you can also find the error message even when trying to work in the users own Home directory, including in many of the user ~/Library/ folders, like ~/Library/Messages (where iMessage attachments and chat logs are stored in Mac OS) and ~/Library/Mail/ (where user-level mail plugins, mailbox data, and other Mail app data is stored), and many others.
You can test this yourself, before and after making the settings adjustment outlined above with a simple command like using ls on one of the protected folders:
ls ~/Library/Messages
If Terminal does not have Full Disk Access granted, you will see the “Operation not permitted” error message.
If Terminal does have Full Disk Access granted, or if SIP is disabled, you will not see that error message in the MacOS Terminal.
In case you were wondering, yes that does mean there are actually two ways to fix the “Operation not permitted” errors you may encounter in MacOS Terminal; the first which we detail here is rather simple that grants additional access privileges to Terminal app, and the other is a bit more dramatic which involves disabling System Integrity Protection on the Mac which is generally not recommended and we won’t specifically cover here, though simply disabling SIP and rebooting is typically enough to make the error go away if you’d rather go that route.
The “Operation not permitted” message is one of a variety of command line errors you may encounter in Mac OS Terminal. Another frequently seen command line error is the the “command not found” error message which can also be encountered in the Terminal for MacOS for a variety of different reasons as well.
If you have any other tips, tricks, suggestions, or thoughts about the command line in MacOS or this particular error message, share with us in the comments below.
https://community.jamf.com/t5/jamf-pro/issues-pacakging-cyberark-epm-latest-version-any-ideas/td-p/325001
chaps we’ve had this issue see the link please and the vendor hasn’t really helped us resolve the issue, were a typical corp laptop with crowdstrike, Microsoft Defender, zscaler , usual macos security tools , any ideas?
I also toggled `sshd-keychain-wrapper` to allow SSH incoming sessions to see my Mac’s ~/Downloads/ folder. Thanks to https://superuser.com/questions/1615072/getting-an-operation-not-permitted-error-when-running-commands-after-to-sshing for details.
THANK YOU. In 2024, this answered my question after reading COUNTLESS apple support threads without finding a resolution. In the new OS system it’s much easier to navigate to the Full Disk Access, and I had to add “Disk Utility” to the application list so I could create a read-only image of my Time Machine backups. I am wholly grateful.
thank you, it worked for me.
Thanks for this article, very helpful :- )
Thanks for this it worked!
Enable [Full Disk Access] “Terminal” solve the issue!
Thankyou, it worked for me :)
I got this issue once randomly. I realized what happened was i had deleted and then re-added the directory i was working in in another terminal session so the terminal window inside my IDE was “lost”. Just backed out of the directory and then back in and all was well :)
You saved my day. Thank you!
That helps! Thanks.
awesome saved my life, for me it worked with single quotes on Application Support folder: sudo ln -s /Volumes/WDeasy/iOS/Backup ~/Library/’Application Support’/MobileSync
Perfect!!
It worked for me. Thanks a lot!
thanks a lot !
Thx for the help!
Thank you so much for posting this clear and concise fix.
Phew! This worked! Thanks
Allowing the terminal app full disk access was not enough. I had to unselect the firewall (F-secure Save app) option “Viruses and Threats>Files and apps can be blocked on their internet reputation”
After doing that, the shell scripts worked as expected.
I found that virtual box running ubuntu could do stuff sroot on terminial on macos could not WTF.
But that does mean I have a separate spot to go whenever there is a problem without having to open terminal up for ALL users ( IE me when am just mis-typing)
This works like charm!
Thank you
A million thanks worked perfectly!!!
work like a charm, thanks for safe my days
Thanks, hint about how to give Terminal full disk access saved my day
Remember when Apple’s slogan was “it just works”? That was nice.
thx a lot
I had to give permission to the terminal in order to use a dd command to clone a HDD drive
that’s really helpful, thanks very much!
This fixed my problem under macOS 11.2.2. Until now, I never encountered such a problem. Thanks.
Still impossible to issue rm commands
Thank you so much. Helped fix my error related to XCode not recognizing my modules and not being able to open one of the files associated to the modules. Much thanks!
Cheers,
Derek
Just fixed this problem for the following scenario in Catalina. I have a backup script that runs from /etc/daily.local and therefore needs full disk access. The /etc/{daily,weekly,monthly}.local scripts are run by “periodic”, so you’d think dragging /usr/sbin/periodic to “Full Disk Access” under System Preferences > Security & Privacy would work. No, it turns out that “periodic” is run by /usr/libexec/periodic-wrapper and that’s the program that has to be given Full Disk Access.
Figured that out by having daily.local run a program called “treeps.pl” that puts out a tree-oriented process list. From that, you can work back up the tree to see who ran “daily.local”. You can find treeps.pl here: https://apple.stackexchange.com/questions/11770/linux-ps-f-tree-view-equivalent-on-osx (search for “treeps”, not “pstree”).
I hope I stuffed enough good keywords in there to save someone the time it took me to track that down!
This may be helpful if you are trying to replicate the tree command on Mac too:
https://osxdaily.com/2016/09/09/view-folder-tree-terminal-mac-os-tree-equivalent/
I upgraded an unsupported machine (MacPro 4,1) to Mojave using the DosDude1.com patch, and now my numerous Ruby scripts won’t work.
First, the Apple-supplied /usr/bin/ruby is ancient. I renamed it /usr/bin/ruby-2.3.7, and did “ln -s /usr/local/opt/ruby/bin/ruby” to link to the Homebrew-installed ruby (version 2.7.2).
That didn’t help, so I change all my scripts to refer to the Homebrew version, by making “#!/usr/local/opt/ruby/bin/ruby” the first line. Still no joy.
When trying to run any ruby script, I get:
/usr/local/opt/ruby/bin/ruby: bad interpreter: Operation not permitted
However, strangely enough, I CAN do “/usr/local/opt/ruby/bin/ruby <MyRubyScript.rb" and it works just fine! (I can simply do "ruby <MyRubyScript.rb" successfully, too.
I have SIP disabled and can do things that SIP would not allow, so I don't think that's the issue.
Been hacking UNIX for nearly 40 years, and this has me stumped.
this worked for me! thank you so much!
Thanks ! it works for me too !
Bonjour j’ai un soucis avec mon terminal je suis mac os Hugh sierra 10.13.6 je voudrais faire reconnaitre ma carte USB wifi a partir de mon terminal avec cette instruction sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /System/Library/Extensions/RT2870USBWirelessDriver.kext/Contents/Info.plist demandant mon mot de passe administrateur après mon mot de passe il écrit Illégal instruction:4 que faire
Just like Jeff and Marius before me I couldn’t get rid of the ‘Operation not permitted’ error despite following these instructions.
Is there anything else I can try?
What worked for me at the end was to add “/bin/bash” to the list of Full Disk Access. (After hitting “+” in Step 5 above, hold “Cmd-Shift-G” and type “/bin”, then click on “bash”.)
I have seen the posts about “how to add users to the sudoers list”, but if I have no sudoers, I can’t execute any SUDO commands. Ho can I add a sudoer without using terminal “sudo” command.
Thanks Paul, Terminal in OSX is working now, but when SSH to mac it still says Operation Not Permitted when listing some directories.
Tried adding /bin/ssh and sbin/sshd if I remember correctly still same problem. Any clues? Thanks!
Thank you for this tip, was very helpful and easy. I ran in to this issue after updating to Catalina and it helped me.
I was getting below error and it is fixed now.
XXX-MacBook-Pro:Downloads root# ls -l
ls: .: Operation not permitted
Thanks so much for posting this and making it very easy to understand, it helped fix my problem on my own Mac, as well as my mom’s MacBook. It’s so great to have forms like this to help fix problems that Apple has made.
Glad this could help you resolve your issue with “Operation not permitted” errors in MacOS, thanks for reading! This applies to Catalina too.
Gracias, i was facing the issue after i upgraded to Mac OS Catalina, and ur fix worked for me.
Thanks for publishing the solution. It solved my problem.
I can confirm what Jeff said. After adding Terminal to the Full Disk Access List, and restarting it (even rebooting), I still see:
myprompt:~$ cd /usr
myprompt:/usr$ sudo chown myuser:staff local/
Password:
chown: local/: Operation not permitted
myprompt:/usr$
This doesn’t appear to work for certain files or folders. After giving full disk access to Terminal, as described, and restarting Terminal:
Jeffs-MacBook-Pro-2:~ jeffsidell$ cd /usr/bin
Jeffs-MacBook-Pro-2:bin jeffsidell$ sudo mv python python2.7.10_JPS_mv_python
Password:
mv: rename python to python2.7.10_JPS_mv_python: Operation not permitted
I do NOT want to give terminal full disk access for ALL users. I want to give terminal full disk access ONLY for root. Is there a way to do that?
Thanks budy, this really solved my terminal issues with “Operation not Permitted”.
Great tutorial.
I did the first few steps but I can’t find the Full Disk Access option. Help
Same here can’t find the Full Disk Access. Help us :(
Couldn’t also find the Full Disk Access.
Hi, I have put a file into my trash. When I try to empty the trash, it says I dont have permission. So I right-clicked on the file to Get info and give permission to “read and write” the file. But, when I do the Get info, it says in the Sharing and permission section (below) “You have no permission”. How do I fix that problem ? How do I force delete a file that does not want to be deleted ?
First you could try emptying the trash securely. [Finder->Secure Empty Trash…].
If that doesn’t work, go to the terminal and navigate to the trash folder. It will probably be in [/Users/your_user_name/.Trash].
So, “cd /Users/your_user_name/.Trash”
ls -l (see if your file is listed)
rm -iv “your_file_name”
Answer “remove your_file_name?” with a “y” and it should be gone. You may have to add “sudo” to the beginning, as in:
sudo rm -iv “your_file_name”
Authenticate with admin password.
Answer with “y”
If that doesn’t work, you will have to disable SIP (System Integrity Protection)
HTH
I had the same problem. Like stargood said, you probably have to disable SIP (see link in this article). This should let you delete the files.
Don’t forget to turn it on afterwards, if you don’t explicitly need it off.
For anyone writing a shell script that’s run by `cron`, e.g. you use `rsync` in a script to backup your files on another server…
You will notice that adding “Terminal.app” to the “Full Disk Access” does not work, because cron does not use “Terminal.app”.
Now you could grant “Full Disk Access” access to the `rsync` program, and that solves some of the permission problems, but this is not enough if you need access to:
~/Pictures/Photos Library.photoslibrary
~/Library/Application Support/AddressBook
Instead, you should add `cron` to “System Preferences > Security & Privacy > Full Disk Access”.
I did this by running `open /usr/bin/`, which opened a Finder window that allowed me to easily drag/drop the `cron` program into the “Full Disk Access” list.
After one year your post saved my scripts life ;)
Thank you
After 1.5 years, this helped resolve my issue as well. Thanks.
If you expect “security” and “privacy” in a closed source operating system, you’re a lost cause anyways. If you aren’t even allowed to understand how your online banking balance was being rendered on your screen, you should overthink your ways. Remember: If the number on your online banking page is all wrong, you’re going to starve. So this isn’t some “minor thing only nerds should care about”.
Security in Mac OS X. Pff.
These new “security” features and alerts of 10.14 are nothing more than annoying and unnecessary tactics to trick fools into believing they’re safe. Apple calls these things “features”, but for skilled administrators those are nothing more than “bugs”, simply put. Because they break stuff. Render it unusable, unless intervened.
After having migrated from an earlier macOS/Mac OS X release to 10.14, you’ll find your Macintoshes automation techniques struggling hard. In order to get your deserted Mac up and running again, I suggest the following:
1. Open up System Preferences.app, navigate to “Security & Privacy” > “Privacy” > “Full Disk Access”
2. Press option & command & spacebar, this should open up a spotlight window
3. Enter “kind:application” into the search field
4. Drag every result from that window into the “Full Disk Access” list in System Preferences
5. Open up a terminal
6. “$ echo $PATH”
7. open up every path from that, e.g. a default 10.14 install will say “/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin” by using “$ open”. So “$ open /usr/local/bin” and then “$ open /usr/bin” and so on and so forth.
8. Drag every executable in these folders into the “Full Disk Access” list in System Preferences
(9). Bonus: Repeat these steps with the “Accessibility” tab to get rid of those alerts/breakages as well.
Doesn’t fix every annoyance, as it won’t mute alerts that will pop up from applications and executables you’ll install in the future, but it is a step forward.
And please don’t give me crap about how I lure users into doing “dangerous” things. Keep your security hysteria to yourself. If Mac OS X managed to strive without a malware epidemic from 2001 until now, it will continue to do so, even if you enable the “evil evil” disk access.
I’m critically fed up with Apple in 2018. We’re reaching idiocy and greed levels that shouldn’t be possible.
Rather than complaining and moaning, why don’t you simply disable System Integrity Protection? It takes like two minutes, tops. *eyeroll*
Is there a list of “restricted” directories?
This is really disappointing to hear. I was on a Windows machine the other day and couldn’t delete a file. Tried using the command line as admin and various applications. It made me think about why I prefer Mac over windows, one of the reasons being that I (the user) have complete control over the OS. Guess Apple is now deciding that after almost 20 years of macs running OS X that users shouldn’t have access to one of the core features- the unix/bsd base system.
It’s not that big of a deal as you can see this is an easy fix to gain the additional privileges to unix Terminal on Mac.
Until you access your Mojave system via SSH and face a whole new raft of permission wrangling headaches. Mojave has been a real disappointment. Apple Server app lost DHS, DHCP, Mail, Web…pretty much everything you’d use a server for, permissions/access are now so walled off it’s a constant game of access whack-a-mole.
All the while trying to keep users happy :(
Until you need to manage your system remotely, and now you need to add sshd to the list too. This will turn into security whack-a-mole :(
more Apple stupidity! Why do they not listen to users! Each and every update continues to hobble and restrict the OS to something completely useless and unusable by anyone with significant skill! Take your crap OS APPLE and keep making it utterly useless! Moving on to real operating systems from Red Hat, Windows were users can still actually accomplish work and configure systems as needed!
Good luck trying to sell anything you stick a PRO label on with an OS this useless
Since upgrading to Mojave, when trying to run flush.app flash cookie remover, I get an error message:
Not authorized to send Apple events to Terminal (-1743)
Another reason not to upgrade?
Looks like crApple is charging ahead with converting all OS’s to iPads where users have ZERO control over their devices because computers are now considered AD delivery and tracking devices and users are captive audiences.
Thanks for the pictorial representation.. this really helped me to solve my issue. Thanks a lot.
Thanks!
this also solves issues with Macscan and PrivacyScan.
add these to the applist too!
Granting apps full disk access has potential for problems, with Terminal it makes sense if you are a terminal user but for others it’s not a good idea to randomly add apps to that list. This is a protection mechanism in new macOS.
That makes me wonder, what is MacScan and PrivacyScan? What do they claim to do and what makes them? Be wary of junk cleaner apps that aren’t needed by the Mac. Be wary of apps that claim to scan or clean anything, they’re usually junkware trying to put more junk and tracking on your Mac.
Strict Gatekeeper settings and privacy settings, only trusted source apps, Malwarebytes free edition, regular web browser cache and cookie removal, some of the ObjectiveSee apps, that’s really all you should need on a Mac if anything at all. Don’t download sketchy stuff from anywhere and that alone prevents most problems on Mac.
Does this happen even if you are root? I currently don’t have a machine capable of running Mojave so cannot test this. But from the sounds of thing, Apple is making their OS like their hardware, unable to open or look inside anymore.
Yes, it happens even if you are root. Apparently Mojave adds additional “protections” above and beyond the Unix/Posix security model. I wonder if Apple can still claim they are “Unix” under these conditions.
I have a cron job that runs rsync to backup my home directory to another machine. Since Mojave I’m always getting errors from it. I can run it fine from Terminal because I gave full disk access to Terminal, but I haven’t found a way to give permission to cron or rsync, which are plain unix executables. I believe you can only give permission to apps. Any advice?
I Don’t have a solution for you, but this is the sort of crap from Apple that keeps me from updating/upgrading… Tim Cook assumes that all Apple users are all brain dead morons.
I was able to add /usr/sbin/cron in the same way as /Applications/Utilities/Terminal.app
The issue I have isn’t the Terminal getting that message; but the Finder, when manually copying files from one tab to another in the same Finder Window. If in two separate windows, it works; but when the Dock PreferencePane’s “Prefer tabs when opening documents” is set as Always, I get the error. Anyone experience this and any solutions? I could in theory add the Finder.app found in /System/Library/CoreServices; but this is a very risky kludge and not a valid solution.