What is System Integrity Protection? - Apple Club
What is System Integrity Protection? - Apple Club

Back to: 

       
   


This article will cover everything you need to know about an Apple technology called System Integrity Protection (SIP), also known as "rootless." It will cover what it is, what it does, and how to turn it off if you need to.

What is SIP?
System Integrity Protection is a technology in OS X El Capitan (10.11) and later that prevents any application from modifying files and resources that reside in the System directory and certain other directories on your Mac. SIP prevents access to the following folders:
  • /System
  • /bin
  • /sbin
  • /usr (with the exception of /usr/local)
  • /Applications/Utilities
How Does it Work?
In addition to the user accounts that you have set up on your Mac, there are multiple other hidden users, one of which is "root." If you ever use Activity Monitor (located in /Applications/Utilities) to check your CPU or memory usage, you may notice that some of the processes are owned by the root user (this applies to OS X Mavericks (10.9) and earlier).

You will notice that in later macOS versions, "root" is nowhere to be found.

Root is essentially a user with unlimited privileges, meaning that it can read or write to any file on the system. System Integrity Protection takes some of the power away from the root user, so it is impossible to modify the privileged folders listed earlier. SIP was created due to the concept that malware could theoretically give itself root privileges, and then damage the system by modifying system resources. However, any malware using this technique would still need knowledge of your password, or rely on some other vulnerability.

How do I Disable SIP?
There are many legitimate applications that may need to modify resources in the System folder. As a tradeoff for the extra security, some of the applications you want to use might be blocked by SIP. However, it is relatively easy to turn off, using the following steps:
  1. When starting up your Mac, boot to the Recovery partition. This can be done two ways
    • Hold the Command and R keys while the Mac is booting (start holding the keys down before the chime)
    • Hold the option key while the Mac is booting, and then use the arrow keys to select the "Recovery" partition. Press Return
  2. After the Recovery partition loads, go to the "Utilities" menu in the menu bar at the top
  3. Choose "Terminal," the option at the bottom
  4. In the window that appears, enter the following command: csrutil disable
  5. Restart your Mac by going to the Apple menu , then choosing "Restart" (or "Startup Disk")
NOTE: This command cannot be run from Terminal while booted into macOS. It can only be run from Terminal in the Recovery partition.

After your Mac reboots, the protection will be disabled. Any application that was previously inhibited by SIP should now run. If you ever feel the need to re-enable it, repeat the process, and when opening Terminal, type csrutil enable instead of disable.


Back:
 Ask:
Rate:
https://appleclubsv.com/support/advice-and-articles/system-integrity-protection/rate
 Share:
https://appleclubsv.com/support/advice-and-articles/system-integrity-protection/share		 Print:
javascript:window.print()

Article ID: AA1128

Previous Article

Next Article

What is Stored in iCloud and What is Not?

What to Do if You Find Someone's iOS Device

Related Articles

Related Questions

Viruses, Malware and Adware on the Mac

No related questions found


Overall User Rating: [1 RATING]

Comment on this Article