Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Read ONLY?

paulcons

paulcons

macrumors 6502
Original poster
Apr 3, 2017
299
170
New York City
Log story, I have noticed that my boot drive (os 2016.01) says it's read only. I am the only admin and the only human to ever touch this machine. I tried adding me to the permission list, it said I had no permission. Yeah my account on the machine IS an admin one. Known? If so, why?
 
Sorry, I don't know what os 2016.01 is. However, if you are using a newer version of MacOS with APFS, it is normal for the system volume to be read-only as a security measure (to prevent unauthorized changes to system files).

"In macOS Catalina the System volume role (usually named "Macintosh HD") became read-only"

Apple File System - Wikipedia

en.wikipedia.org en.wikipedia.org
 
  • Like
Reactions: ignatius345, Brian33 and chabig
What YEAR was your Mini made?
What is the real version of the OS running on it?

Power down, all the way off.
Put your finger on the shift key and don't remove it.
Press and release the power on button (still holding down shift).
Does anything change?
 
Mini bought in 2024. I badly mistyped the OS version, it was 26.0.1, now 26.1. Interesting, you are suggesting my going into Safe Boot mode, I can try that for the hell of it.

@Boyd01 I think that refers to the "System" volume, not the "Data" one. That "Macintosh HD" container has both the System stuff and all my stuff, apps and documents.In point oof fact, it isn't really read only. Then again, I have installed apps that place stuff in that System volume... take little Snitch for example... they place a kext so their daemon runs all the time the machine is booted.
 
Little Snitch is installed in the Data volume. APFS has got a feature called "firmlinks" to link folder and files between volumes. And that's how it shows up as a single volume.
 
galad said:
Little Snitch is installed in the Data volume. APFS has got a feature called "firmlinks" to link folder and files between volumes. And that's how it shows up as a single volume.
Click to expand...
Ahhh, I did not know that. Actually, I can't even seem to find it no matter where it is... all I have is an app in /Applications.

While I get the 2 containers, System and Data, I guess my issue is that is not even really indicated in the Finder in any way. Yes I still have a "System" folder and inside that a Library one, then a Extensions, where I remember kexts live. There were a ton of them, all carrying the same day/date/time. Could not find where, how Snitch is doing it's thing, I just remember it sat in System/Library/Extensions in the old days. It's not even in Login Items, so I have no idea how iit is doing what it's doing.
 
I'm still on an older version of MacOS, so something may have changed. But my startup disk is also read-only and locked.

Screen Shot 2025-11-22 at 3.16.04 PM.png


This seems like the way it should be. MacOS is still unix under the hood and you are just a "user" of that Mac. So, you should not be able to create or delete files at the root level of the disk or in another user's directory. But if you go to your own home directory (/users/yourname), you'll have full read/write permission.

If you're also an administrator of the Mac, you can simply click the lock icon, enter your password and have full access to the whole disk if you need it.
 
paulcons said:
Trying to find out why GetInfo on my boot drive says it's locked and read only.
Click to expand...

It is because the Account you are using is not fully Privileged (which is a good thing btw).

This shows my "Get Info" from my regular User Account:

Macintosh-HD_User_Get-Info.png

The "privilege-level" schema was consciously designed for Unix.

By-default, we are not normally allowed to go mucking-about with our resources as the 'root' user (the one user role where everything is permitted).

This is what I see when I open Terminal:

me@My-Mac ~ %

What do you see in Terminal?

In terminal, what do you see when typing:

dscl . list /Users } grep -v '_'
 
paulcons said:
Trying to find out why GetInfo on my boot drive says it's locked and read only.
Click to expand...
This is by design. And you cannot change it.
Safe Boot will - of course - change nothing.

As others have already explained, the boot drive in Finder is a simplified representation of two special APFS volumes. "System" and "Data".
System contains the actual macOS. During installation that volume is fingerprinted and verified against a checksum on Apple's servers, then locked forever (=until the next macOS update).
Data is where everything else (3rd party Apps, extensions, your data) lives.

Finder simply shows these two discs as one volume.
So it makes absolute sense that this drive (kind of a Fusion Drive, lol) would be write protected at the base level.

Some interesting reads:
eclecticlight.co

Boot disk layout in macOS Monterey

In Monterey, these haven’t changed much since Big Sur. However, those small differences are significant, particularly on M1 Macs.
eclecticlight.co eclecticlight.co
eclecticlight.co

Dual-booting macOS: Disk structure and Recovery

Installing two different versions of macOS within a single container brings flexibility as they share free space, a little economy maybe, and complexity – explained here.
eclecticlight.co eclecticlight.co
eclecticlight.co

Boot disk structure in macOS, iOS and iPadOS, and AI cryptexes

There are substantial differences in the structure of the internal disks in macOS, iPadOS and iOS, as shown here. And there are at least 24 cryptexes now used to support AI.
eclecticlight.co eclecticlight.co
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back