System Integrity Protection in OSX 10.11 EL Capitan

System Integrity Protection is a security technology introduced with OSX 10.11 that helps to inhibit potentially malicious software of modifying essential system files and folders on the Mac which can prevent your Mac from booting or compromise its security.

In previous OSX Versions the “root” user account had no permission restrictions and had access to any system files and applications. Software gained root-level access when a user entered an administrator name and password to install or run an application which then was able to modify or overwrite any system file or application.

System Integrity Protection (SIP) uses sandboxing technology to restrict the root account and limit actions that it can perform on the protected system parts of OSX.

Paths and applications protected by System Integration Protection include:

  • /System
  • /usr
  • /bin
  • /sbin
  • Applications that are shipped with OSX

Paths and applications that are exempt from SIP and third-party software can write to include:

  • /Applications
  • /Library
  • /usr/local

The protected parts of OSX can only be modified by processes that are signed by Apple which are granted special permissions to write to system files such as Apple software updates and Apple installers.

Third-party applications downloaded from the Mac App Store already work with SIP. Other third-party software might conflict with SIP and might require an update to make it compatible with OSX EL Capitan.

In addition, SIP also prevents software from automatically changing your startup volume. To start up the Mac from a different volume, press down the Option key while the Mac is restarted or use the Startup Disk Pane in System Preferences and select a Volume from the list.

[Disclaimer – I take no responsibility for any damage to you or your system inflicted by following any of the presented instructions]

Certain applications or abandoned old software that is no longer supported might require you to disable SIP in order to make them work on OSX El Capitan. Follow this steps to disable SIP:

  1. Reboot the Mac into Recovery Mode by restarting the Computer and holding down Command + R until the Apple Logo appears on the screen
  2. Select Utilities → Terminal to open up a shell
  3. Enter: csrutil disable
  4. Reboot the Mac

You can verify if a file or folder is is restricted by issuing the ls command with the -O (capital “O” not zero) to modify the long listing flag

root folder listing

One Reply to “System Integrity Protection in OSX 10.11 EL Capitan”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.