[brb3]

For those wondering about `rootless`, it is implemented as an extended attribute on files/directories.

$ xattr /usr

com.apple.FinderInfo

com.apple.rootless

Running `sudo rm -rf /usr` fails.

$ sudo rm -rf /usr

rm: /usr: Operation not permitted

Here is a list of all of the `rootless` files and directories on my system. It appears to be mostly kext files, and Apple applications.

https://gist.github.com/bobbyburden/4ce5c42044e5a9967b25

[jakobegger]

I'm pretty sure that rootless is a good thing. I've seen Macs bricked by seemingly harmless operations like changing important permission settings, or by damaged installer packages.

Locking the system down will make it a bit harder to shoot yourself in the foot. Besides the obvious advantage of reducing the attack surface of vulnerabilities.

[super_mario]

That won't brick your OS X installation. Just boot from external drive and fix the permissions. It's not really that hard, and there is even a recovery partition exactly for problems like that.

[jakobegger]

Yep, the recovery partition is also a pretty great feature. But it's even better if you never need it!

[decisiveness]

Seeing `sudo rm -rf /usr` makes me cringe.

A more harmless way to check: `sudo touch -a /usr`.

[brb3]

I did it in a VM. :)

[super_mario]

So how does the installer deal with files that are installed in say /usr/bin that should not be there? Does it leave them there or does it move them? Does it put "rootless" attribute on them?

Can you turn off rootless during installation or is this post installation thing only?

Does rsync backup continue to work with rootless? I have a feeling that booting from external partition and restoring from backup won't work for system files with rootless attribute on them.