Fighting the Left. TEXAS STYLE!

After running Apple’s latest version of OS X (10.11, El Capitan) on a couple of my Macs for about two months, I’ve become completely enamored with it. Now that the “Gold Master” seed is out for developers I updated all my Macs including my main production machine.* Even though El Capitan contains a few new features, it is (by Apple’s own admission) a “stability release”. By every measure, OS X 10.11 is rock-solid stable…

…and fast!

To further this notion of stability, Apple has introduced a new feature called System Integrity Protection that prevents changes to key OS components and critical applications like Mail and Safari even if you’re logged in with administrator credentials. This expands on the “gatekeeper” philosophy introduced in Mountain Lion that prevented installation of non-App Store applications by default. The idea behind System Integrity Protection (SIP) is to insure OS X’s stable operation by preventing modification of key system components and apps; be it accidently, inadvertently or maliciously. This is a great idea for 99% of users, but you and I fall into that last 1%, don’t we? My first encounter with SIP happened when I tried to change the icon for the Apple Mail app. Why would I want to do that you ask? Maybe I’m allergic to postage stamps. What does it matter? It’s just an icon, but Mail is one of the apps System Integrity Protection locks down. Virtually everything installed with the OS X installer and everything in the Applications folder is the same way. If you want to change anything protected by SIP you have to take very deliberate steps to disable it first. Here’s how:

Reboot your Mac in recovery mode by pressing and holding command + R until the Apple logo is displayed.
Once running in Recovery Mode, open Terminal from the Utilities menu and execute the command: csrutil disable
Reboot your Mac normally

After you’ve done whatever it was you needed SIP disabled for, you have a decision to make. Should you re-enable this feature Apple thinks will save us from unwanted system tampering or leave it disabled? After all, you’ve lived without System Integrity Protection until now, right? Well, it’s up to you, but if you do want to turn it back on you simply reboot into recovery mode again and execute csrutil enable. Bingo. Your Mac is back in Cupertino’s loving, protective arms!

* I’m always anxious to try out the latest betas and I keep an older (2009) MacBook Pro available as a test machine for just that purpose. In fact, it’s the only way I recommend anyone try early betas. I’ve had to resort to “nuke & pave” on more than one occasion when an early OS X beta bites the dust, leaving my poor 17” MBP hopelessly rebooting to the dreaded ⦸ or booting successfully just to kernel panic a couple of minutes later.