[eropple]

I feel you there. It got to the point at one gig where engineering folks--who were given root on their preconfigured laptops--often spent their first day figuring out how to kill and extricate Sophos from their machines. For developers who weren't seasoned jerks, it could be a real challenge until somebody took pity on them and helped them find single-user mode, yank out the kexts, and manually delete everything. (The happy .pkg BOMs helped out, too!)

Ordinarily I wouldn't do this and just punch out on a gig (because seriously, it's that annoying and that effectively-useless), but we were a recently-acquired startup subsidiary, so we were also our own IT shop--the CTO actively approved.

[i336_]

Is it still possible to do this kind of thing on the most recent macOS? I recall the issue with the 'git' binary not being modifiable, even with sudo, unless you mounted the macOS filesystem under Linux and made the changes from there.

[eropple]

You can disable rootless via the recovery partition.

[i336_]

Ah, thanks. I'm assuming that quietly got added in after "we can't touch the filesystem at all" caused too many complaints...?

[eropple]

It was literally there from day one (from day minus-a-bunch if you count the beta releases) and the hyperbolic inanity that led normal people to the misconception you had was never necessary in the first place.

[i336_]

Heh. Thanks for the info.

I just checked, I read about this at http://rachelbythebay.com/w/2016/04/17/unprotected/.

I must admit that I am very curious why "git and 64 other files in /usr/bin are all the same size (18176 bytes on my machine)", why dtruss and strings fail, and what behavior changes when you turn rootless off.