Unable to write to /tmp directory in macOS, unable to correct permissions: “Operation not permitted”

macos permissions chmod osx-el-capitan

29,484

Solution 1

Reboot your Mac into recovery mode
Open Utilities menu in the top bar > open Terminal
```
csrutil disable
```
Reboot

Remove the tmp folder

sudo rm -i /tmp
sudo rm -i /private/tmp

Create tmp folder

sudo mkdir /private/tmp
sudo chown root:wheel /private/tmp
sudo chmod 1777 /private/tmp

Create the symlink
```
sudo ln -s /private/tmp /tmp
```

Run repair_packages (you may not need to do this)

sudo /usr/libexec/repair_packages --repair --standard-pkgs --volume /

Reboot back to recovery mode and run
```
csrutil enable
```
Reboot

Props to Andrew Ferk for figuring out a fix; pulling out your comment as a community wiki answer so it's more readable.

Solution 2

sudo chmod 1777 /private/tmp

Did it for me.

29,484

Hugo Roussaffa

I enjoy talking about Natural Language Processing, AI, IBM Bluemix/Watson, REST, C#, Node.js, System Architecture, Version Control, Multithreading, Unit Testing/TDD, Regular Expressions, Security, Cryptography.

Updated on September 18, 2022

Comments

Hugo Roussaffa almost 2 years
macOS El Capitan (10.11) is unable to install any software updates or install any software because the /tmp and the /private/tmp folders don't seem to be writeable.

Running this:
```
sudo /usr/libexec/repair_packages --repair --standard-pkgs --volume /
```
Gives me this error:
```
unable to set owner and group on "tmp" Error 1 Operation not permitted
unable to set permissions on "tmp" Error 1 Operation not permitted
```
Is there a way to manually delete the tmp folders and recreate them? When I tried renaming or deleting /tmp or /private/tmp I kept getting operation not permitted. sudo chmod 1777 also failed in the same way on both /tmp and /private/tmp folders

Disk Utility says the disk is healthy with no issues detected when running first aid.

Is there any way to redirect the tmp location to another writeable folder?
- Tetsujin over 7 years
  
  Did you disable SIP first? From Recovery; Terminal csrutil disable
- Andrew Ferk over 7 years
  
  I have the same problem. Followed Tetsujin's advice, restarted in recovery mode, and ran csrutil disable. After that, I was able to execute repair_packages with success and was able to access /tmp as usual. However, after going back to recovery mode and executing csrutil enable, my system is having the same problem. It seems the only way I can gain access to /tmp is by disabling System Integrity Protection.
- Andrew Ferk over 7 years
  
  I ended up going back to recovery mode and executing csrutil disable. After a restart, I removed tmp folder: sudo rm /tmp; sudo rm /private/tmp, created tmp folder sudo mkdir /private/tmp; sudo chown root:wheel /private/tmp; sudo chmod 1777 /private/tmp, created the symlink: sudo ln -s /private/tmp /tmp, and ran repair_pacakges again. After going back to recovery mode and running csrutil enable, all is working again! However, the permissions of /private/tmp used to be drwxrwxrwt@ and now they are drwxrwxrwt. I'm unsure what the @ is and if this will cause me problems.
- Adam Michalik over 7 years
  
  @AndrewFerk: see these posts apple.stackexchange.com/questions/42177/… unix.stackexchange.com/questions/10/what-does-the-mean-in-ls‌-l for explanation of the @ extended permissions marker
- Clément about 4 years
  
  Another, simpler, solution: apparently, sudo mkdir /private/tmp followed by sudo chmod +t /private/tmp is enough.
johngeorgewright over 7 years

Thank you!!! I had spent 3 days pulling my hair out over this. No idea how the permissions got so screwed in the first place, but one day I turned on the mac to a selection of warnings, programs not working and an inability to install anything. This fixed that problem.
fixer1234 over 7 years

Welcome to Super User. Please don't post an answer to confirm that another answer worked. The site's Q&A format reserves answers for solutions to the question, and each answer should contribute another solution. The way to indicate that an answer was useful is to invest a little time in the site and you will gain sufficient privileges to upvote answers you like.
Fiksdal over 7 years

Why did you make this CW?
ento over 7 years

Because I didn't want to get credit for an answer which I merely converted from someone else's comment
Fiksdal over 7 years

Alright, cool. BTW, I did not see your comment until now since there was no @Fiksdal.
Даниил Пронин over 6 years

10.13: sudo: /usr/libexec/repair_packages: command not found
duerzd696 over 3 years

^This^ is why the accepted answer works, and this solution is much safer! No need to nuke existing directories then recreate them with different permissions.
Monkpit about 3 years

Thank you so much. My machine re-enables csrutil on startup so I couldn't take the steps in the other answer. This answer is a million times more useful. For any potential future googlers - this solved my problem with Cisco AnyConnect saying "failed to determine valid temporary file folder."