Hi.
I’m trying to modify my flame system, /etc/exports file with nano. when I go to write out the changes it says operation not permitted. I have enabled root access and in the terminal I started off by going via su and my root password. why can’t I update my file?
Write “sudo nano /etc/exports” and enter your user password, assuming that your user has administrative privileges.
You don’t have to use root user. sudo is for administrative user and it is the most convenient.
That’s what I did at first but I still get the error message saying operation not Permitted
When I do, I get info on the file. It has a lock icon on it. I tried to unlock it but I get an error message not permitted. I am an admin user so I don’t know why I can’t Unlock it
And while you’re there you could try Marcel s software called NFSManager
And yes, It should be easy
Lastly, if you’re on a Mac you may want use pico, instead of nano.
1 Like
I’m on rocky linux. My /etc/exports file has root as owner, but I can edit it with sudo. I have just checked it.
Maybe is it in use?
Why You Can’t Modify /etc/exports on macOS
On macOS, modifying system configuration files like /etc/exports requires elevated permissions because these files are protected by the operating system. Here’s why you might be encountering issues:
1. File Permissions: The /etc/exports file is owned by root and is writable only by root. Attempting to modify it without sudo results in a “permission denied” error.
2. System Integrity Protection (SIP): macOS includes a feature called System Integrity Protection (SIP), which restricts modifications to certain system files even by the root user. If SIP is protecting /etc/exports, you need to temporarily disable SIP to modify it.
Steps to Modify /etc/exports
- Use sudo to Edit the File
To modify the file with elevated permissions:
sudo nano /etc/exports
After making your changes, save and exit (in nano, use Ctrl+O, then Ctrl+X).
- Temporarily Disable SIP (if Necessary)
If you still encounter issues after using sudo, SIP might be blocking access. To disable SIP temporarily:
1. Boot into Recovery Mode:
• Restart your Mac.
• Hold Command (⌘) + R during boot to enter Recovery Mode.
2. Open Terminal in Recovery Mode:
• From the menu, navigate to Utilities > Terminal.
3. Disable SIP:
• Run the following command:
csrutil disable
• Restart your Mac.
4. Modify /etc/exports:
• Edit the file as described in Step 1.
5. Re-enable SIP (Important for Security):
• Reboot into Recovery Mode and run:
csrutil enable
• Restart your Mac again.
- Restart the NFS Service
After modifying /etc/exports, restart the NFS service to apply the changes:
sudo nfsd restart
To check the status of the NFS server:
sudo nfsd checkexports
Common Issues
1. File Doesn’t Exist: On some macOS installations, /etc/exports may not exist by default. You can create it using:
sudo touch /etc/exports
2. Permission Errors Persist: Ensure you are using an admin account. Non-admin users cannot execute sudo.
3. Configuration Errors: Use the correct syntax for NFS exports in /etc/exports. For example:
/path/to/share 192.168.1.0/24(rw,async,no_subtree_check)
1 Like
Hi
@randy thanks for the info.
Yes the problem has something to do with the SIP. @Slabrie suggested the following which worked.
as a root user:
chflags nosimmutable /etc/exports
nano /etc/exports
chflags simmutable /etc/exports
nfsd update
1 Like
We all love macOS security, don’t we? 