[BRLTTY] README.Mac

Cheryl Homiak cah4110 at icloud.com
Fri Sep 1 20:39:16 EDT 2017 

I think I mentioned this in a post to the list a couple of years ago but I didn't go into detail at the time.

First of all, by default the root user on a mac is not enabled; in order to discourage use of root, there is no root password set up by default and root is not directly enabled. Most root functions can be carried out by an administrative user using sudo. It is possible to enable root using an application called Directory Utility. This used to be in /Applications/Utilities but is now in /System/library/CoreServices/Applications. However, a couple of years ago, Apple decided that this was not enough protection. Something called "System Integrity Protection" was implemented. According to Apple, "SIP prevents improper modification of core OS X system items and processes. SIP does this by acting as a meta-permission that prevents write access to system items and processes." Now, users and processes with root can't modify core OS X system items and processes. This "protection" includes /System, /bin, /sbin, and /usr. The only exceptions to this are /System/Library/User Template and (thankfully) /usr/local.

SIP can be bypassed, either temporarily or permanently. To do it temporarily, one would boot into a recovery system or a system older than the El Capitan installation. This starts up the computer without SIP and then modifications that need these accesses can be done and then SIP takes over again when the computer is restarted with El Capitan or later.

To do it permanently, or at least until you deliberately decide to undo your change, you start up from OS X recovery. You then open terminal and type "crsutil disable" and the setting is set to the Mac's firmware. Then any El Capitan system or Sierra system, which would usually enable SIP on boot, will not do so. One can then re-enable SIP by returning to OS X Recovery and in terminal typing "csrutil enable".

You check the status of SIP by typing "csrutil status" (without the quotes) from Terminal; this doesn't require booting into the recovery system.
You disable SIP in the OS X Recovery system by typing

csrutil disable

Then you reboot back into your normal system and it will stay disabled until you change it back.

To enable csrutil when you have had it disabled, you again go into System Recovery and in terminal type

csrutil enable

This is what I have chosen to do because I want brltty in /bin and I have other programs for which I do not want my access to the areas listed above blocked.

However, one can install in /usr/local or /opt/local with no problem without doing anything about SIP if one wishes to do so using the available configuration options for brltty as well as other programs installed via Terminal.


-- 
Cheryl

May the words of my mouth
and the meditation of my heart
be acceptable to You, Lord,
my rock and my Redeemer.
(Psalm 19:14 HCSB)




On Sep 1, 2017, at 6:27 PM, Dave Mielke <dave at mielke.cc> wrote:

[quoted lines by rmgls on 2017/09/01 at 20:48 +0200]

> But we need to know that /usr/bin is unwritable and brltty
> Must be installed  in a writable path.

I'm not understanding, but maybe it's something about Macs that I don't know. 
Are you saying that /usr/bin is simply nwritable, or that you don't want to 
risk writing to it?

-- 
Dave Mielke           | 2213 Fox Crescent | http://Mielke.cc/
Phone: 1-613-726-0014 | Ottawa, Ontario   | http://Mielke.cc/bible/
EMail: Dave at Mielke.cc | Canada  K2A 1H7   | The Bible is the very Word of God.
_______________________________________________
This message was sent via the BRLTTY mailing list.
To post a message, send an e-mail to: BRLTTY at brltty.com
For general information, go to: http://brltty.com/mailman/listinfo/brltty

More information about the BRLTTY mailing list