Security

How to disable System Integrity Protection

Jesus Vigo reviews System Integrity Protection (SIP), one of El Capitan's newest security features. Find out how it impacts system security, how you can disable it, but why you shouldn't.

Disable System Integrity Protection
Image: Jesus Vigo

Apple has included a new security feature in OS X "El Capitan" to aid in maintaining system security. Dubbed System Integrity Protection (SIP), this technology minimizes the possibility of malware or known vulnerabilities from compromising a system due to unrestricted root access.

Similar to the NX bit found in just about all modern day computing devices, SIP protects the system from users with root access attempting to make changes—knowingly or unknowingly—to the protected directories containing system files, folders, and processes.

The concept is sometimes referred to as "rootless" by preventing changes, even though the user who is logged in may have root privileges on the device. This mitigates security threats, for example, by preventing the installation of malware to a protected directory or denying unauthorized user access to modify a system file.

Why would you ever want to disable this? Well, it doesn't affect the majority of OS X users—including power users—but the technology may disallow the installation of a particular update or software application that has been flagged as a false positive.

It is in these specific, yet rare instances that SIP could be disabled temporarily to allow for the process to proceed. Follow the steps below to learn how to disable SIP and re-enable it in the future.

Disabling System Integrity Protection

  1. Power on your Mac and hold down the [command]+[R] keys to access the Recovery Partition.
  2. From the Recovery Partition, click Utilities from the menu bar, and then select Terminal.
  3. Enter the following command into Terminal and press Enter to execute it:
    csrutil disable
  4. Once the command has executed, exit the Terminal and reboot the Mac. When you log back into OS X, SIP will be disabled.

To enable SIP, simply rerun the steps above, but change "disable" to "enable" to execute the command. Rebooting the Mac will once again enable SIP.

How does SIP work on your El Capitan installation? Is it invisible to you, or is it causing issues with your workflow? Let us know in the discussion thread below.

About Jesus Vigo

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from seve...

Editor's Picks

Free Newsletters, In your Inbox