I recently set up a new Mac mini with an external Home Folder. However, for some reason, the system won’t allow me to Write to the internal SSD. The available options are System/Read & Write, Wheel???/Read and Everyone/Read. I can’t change or add a new user, including the Administrators. My internal SSD only has four root folders: Applications, Library, System, and Users. I have two users set up: one internal and my main user, which uses the external Home Folder. Both users are Administrators, but neither can write to the internal SSD. What obvious selection am I missing?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Enable Read/Write Permissions when OS won’t allow???
- Thread starter Julien
- Start date
- Sort by reaction score
If you must have write permission to your boot drive, you will need to disable SIP first.
(Apple does not recommend leaving SIP disabled...)
(Apple does not recommend leaving SIP disabled...)
So I need to:
- Boot into Recovery Mode and disable SIP then boot up normally.
- I can then change to Read/Write for Everyone or do I need to add a User: Administrator or Internal (my internal User) or Julien (my external and main User)?
- Then after I set Read/Write Permissions I then need to go back into Recovery mode and disable SIP and reboot.
Why did macOS setup my entire internal SSD to Read only in the first place? Didn't select anything like that?
It's unclear from your post -- where on the internal drive are you trying to write? Are you trying to modify files in / or /System or /Library? Or are you trying to add apps to /Applications or add folders to /Users?
It has others which are hidden by default. Hold Shift+Command keys and press the "dot" key (sometimes called full stop or period).
It didn't. You are just looking at the top level permissions. You should have permission to read, for example, /Users and the folders immediately below. And then to be able to write to /Users/<you> and /Users/Shared.
You can't (in Finder) add folders to the top level of the boot disk - and you should not try to do so. An administrator can always add folders under /Users, /usr, /private, etc. though this may require an administrators password.
Be warned that adding folders and files in unexpected places is likely to cause trouble. In general, only add below your own user home folder or /Users/Shared.
Don't do this. Disabling SIP to create non standard folders in the root of your boot disk is also asking for trouble.
I prefer to keep all home folders on the boot disk and place large folders on external disks referenced with symlinks. I would only put the home folder on an external disk if I could see no other way forward.
Last edited:
Have a M4 Pro Mac mini with an internal 512GB SSD (Mac HD) and have a Thunderbolt 1TB SSD (Home Folder).
The problem is I can't Write on my M4 Pro Mac mini internal 512GB SSD (Mac HD). I can't add any new Folders to the Root (grayed out) or Write any data to it. Even Blackmagic can't write to it. It has over 400GB of free space that isn't assessable.
Example: On my internal SSD (Mac HD) how do I add a Folder named Work Data to the Root and then put Sub Folders and Data in it?
Did just find I can go into Users Folder and add a Folder and Write to it. Am I crazy/forgetful and this is the way it has always been and you could never put Folders in the Root of the "main SSD"?
There is no problem adding a Folder or Writing to the Root of the external SSD (Home Drive).
There is no problem adding a Folder or Writing to the Root of the external SSD (Home Drive).
This is normal now. They want you to store your stuff in the Users folder. ...This does make some sense, it makes it much easier to know where "everything" is that you might need to move to a new system.
If you want more folders at the root level, there is probably a proper way to do this (without disabling SIP) by adding an additional APFS volume to your drive. There are already two volumes, basically the "System" volume which you are not allowed to touch and the "Data" volume which has the home directories (plus third-party apps in the /Applications folder, system-wide config files, ...). They share space in the same disk "partition" and the filesystem of the two is sort of overlaid together. I've never messed with adding another volume on the internal drive...
If you want more folders at the root level, there is probably a proper way to do this (without disabling SIP) by adding an additional APFS volume to your drive. There are already two volumes, basically the "System" volume which you are not allowed to touch and the "Data" volume which has the home directories (plus third-party apps in the /Applications folder, system-wide config files, ...). They share space in the same disk "partition" and the filesystem of the two is sort of overlaid together. I've never messed with adding another volume on the internal drive...
OP:
Did you originally have a home folder and user account set up on the internal SSD?
And then... create a NEW account on the external SSD?
Do you now have TWO user accounts? (one on internal, one on external)?
If so, no wonder you're having permissions problems.
Did you originally have a home folder and user account set up on the internal SSD?
And then... create a NEW account on the external SSD?
Do you now have TWO user accounts? (one on internal, one on external)?
If so, no wonder you're having permissions problems.
UNIX systems and that includes MacOS X have been configured not to allow users to write to "/" for a decades. Only the "root" user can add/modify things there -- and even then it is considered bad practice except as to create a mount point for another drive (e.g. creating a new /MyBigDrive folder so you can mount MyBigDrive there).
Then a Mac OS X user with "admin" is not the same as UNIX "root". An 'admin' user can make changes to the system that a non-admin can't but it is not the "root" user. Making changes to any file or folder owned by "root", which includes /, /System, /Library, etc, requires becoming the root user which practically means using Terminal and then using the "sudo" command.
Also some areas of the system are protected as some sort of sealed system volume. Meaning that they can't be modified unless System Integrity Protection (SIP) is disabled. This makes sense for the vast majority of users who shouldn't be messing with Apple-provided system files though Apple also blocks by default a few things I like to mess with. You should only disable SIP if you fully understand what it does and why. No general app should require disabling SIP.
Finally, more recent versions of macOS block general applications from even reading certain user files via the Privacy->Files and Folders controls. These settings are more easily modified and protects against randoms apps from say mining your Contacts or e-mail.
Yes, out of the box "/" of the system drive and the root of an external drive (other internal drives and even other partitions of the system drive) are treated very different under MacOS X. "/" is assumed to be just Apple system files and the like and is protected assuming you don't want to change any of it.
The archtypical external drive is a flash or other portable drive. As such, the system is optimized out-of-the-box to make it easy to add/modify/delete anything on the drive.
By default all non-system drives (including other internal drives and other partitions of the system drive) are mounted under /Volumes/VolumeName. There they are accessible to all users on the system by default. By default external drives are mounted with "noowners" which means that MacOS X treats every file on the external drive as being owned by the current logged in user (and by default files are read/write to that user).
P.S.While Mac OS X originally started out with the UNIX permissions model, it started to deviate more significantly for pragmatic security and related reasons starting in Catalina. This is a good introductory overview:
macOS Catalina Boot Volume Layout
Note: I have now updated this with the latest roadmaps for 10.15 release. A further article will follow on 11 October explaining more about these. When you upgrade to macOS 10.15 Catalina, your boo…
eclecticlight.co
I have been going through a nightmare with Permissions issues.... Can't even SAVE a Preview Document because of Permissions. I finally, and after some internet research soliciting opinions, DISABLED SIP. All appears to work just fine now. I am a home user with my M3 iMac sitting on my desk. I wish there was a "setting" that disabled ALL the stuff that Apple thinks I need to protect my computer from outside nefarious attacks.
Yes it's annoying, especially if you disabled everything that is possible and still have to enter passwords for changing harmless settings and every app is still asking for all those permissions.
I once made the root account my main account because I was so annoyed even though most of that security stuff from now didn't exist. But I would not recommend that.
