Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to turn off Rootless (SIP, or System Integrity Protection) in Mac OS X

Lucy Hattersley | June 22, 2016
System Integrity Protection (rootless) is a Mac security feature that stops you changing root-level files, and it can stop some programs working. Here's how to disable it

Removing or disabling your Mac's security features isn't something to be done lightly. To an extent we can assume that any reader who would ask this relatively advanced question won't be a complete newcomer to computing, and have a pretty good reason to turn off System Integrity Protection (also known as SIP, or "rootless") on your Mac. But to be on the safe side we'll briefly discuss the advantages and protections provided by System Integrity Protection before getting rid of it.

How to turn off rootless/System Integrity Protection on Mac: What is System Integrity Protection?

Introduced as a security feature in Mac OS X El Capitan, OS X System Integrity Protection (SIP) protects files, directories, and processes at the root level from being modified.

For a lot of people this is a good thing: Ars Technica argues that there are "almost no downsides to SIP for most users". The average OS X user doesn't need to go messing around with root-level files, and it provides an extra layer of security for users with a single account with admin privileges (which is most users). Nefarious hackers find it pretty easy to trick users into entering their system password; SIP prevents them from making any significant changes to the operating system.

The protected directories are: /System, /bin, /sbin, /usr (but not /usr/local). The symbolic links from /etc, /tmp, and /var to /private/etc, /private/tmp, and /private/varare also protected, although the target directories are not themselves protected. Most preinstalled Apple applications in /Applications are also protected.

For some power users SIP can be a major headache. It prevents all kind of software from being installed, and doesn't let you work outside your home directory (even if using Sudo at the command line, or when logged in as the "root" user).

If you don't know what "sudo" or the "root" user is then you should perhaps stop right here. SIP exists for good reason, and most users are infinitely better off with it disabled.

Still resolved to turn SIP off? Okay: let's proceed.

How to turn off rootless/System Integrity Protection on Mac: Disable SIP

Access Terminal in Recovery mode

Turn off System Integrity Protection

Turning off SIP is something of a hassle because you need to restart your Mac in Recovery Mode. Make sure that you re-enable SIP as soon as you've finished with whatever task it was interfering with. It forms a vital part of OS X's security system.

Assuming that you know what you're doing, here is how to turn off System Integrity Protection on your Mac.

  1. Turn off your Mac (Apple > Shut Down).
  2. Hold down Command-R and press the Power button. Keep holding Command-R until the Apple logo appears.
  3. Wait for OS X to boot into the OS X Utilities window.
  4. Choose Utilities > Terminal.
  5. Enter csrutil disable.
  6. Enter reboot.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.