MacTexan Wallpaper o' th' Week

Sedona Starry Night

Help us, WE'RE BROKE:
Search MacTexan
MacTexan on Twitter

« How to Verify/Repair Disk Permissions in El Capitan | Main | Is Your Dock Out of Control? No Problem. »

Disable El Capitan’s System Integrity Protection

After running Apple’s latest version of OS X (10.11, El Capitan) on a couple of my Macs for about two months I’ve become completely enamored with it. Now that the “Gold Master” seed is out for developers I updated all my Macs including my main production machine.* Even though El Capitan contains a few new features, it is (by Apple’s own admission) a “stability release”. By every measure, OS X 10.11 is rock-solid stable…
…and fast!
To further this notion of stability, Apple has introduced a new feature called System Integrity Protection that prevents changes to key OS components and critical applications like Mail and Safari even if you’re logged in with administrator credentials. This expands on the “gatekeeper” philosophy introduced in Mountain Lion that prevented installation of non-App Store applications by default. The idea behind System Integrity Protection (SIP) is to insure OS X’s stable operation by preventing modification of key system components and apps; be it accidently, inadvertently or maliciously. This is a great idea for 99% of users, but you and I fall into that last 1%, don’t we? My first encounter with SIP happened when I tried to change the icon for the Apple Mail app. Why would I want to do that you ask? Maybe I’m allergic to postage stamps. What does it matter? It’s just an icon, but Mail is one of the apps System Integrity Protection locks down. Virtually everything installed with the OS X installer and everything in the Applications folder is the same way. If you want to change anything protected by SIP you have to take very deliberate steps to disable it first. Here’s how:
  • Reboot your Mac in recovery mode by pressing and holding command + R until the Apple logo is displayed.
  • Once running in Recovery Mode, open Terminal from the Utilities menu and execute the command: csrutil disable
  • Reboot your Mac normally
After you’ve done whatever it was you needed SIP disabled for, you have a decision to make. Should you re-enable this feature Apple thinks will save us from unwanted system tampering or leave it disabled? After all, you’ve lived without System Integrity Protection until now, right? Well, it’s up to you, but if you do want to turn it back on you simply reboot into recovery mode again and execute csrutil enable. Bingo. Your Mac is back in Cupertino’s loving, protective arms!
* I’m always anxious to try out the latest betas and I keep an older (2009) MacBook Pro available as a test machine for just that purpose. In fact, it’s the only way I recommend anyone try early betas. I’ve had to resort to “nuke & pave” on more than one occasion when an early OS X beta bites the dust, leaving my poor 17” MBP hopelessly rebooting to the dreaded or booting successfully just to kernel panic a couple of minutes later.


Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>