Enable/Disable Rootless Mode
What is SIP?
SIP (aka rootless mode) is a security feature introduced in OS X El Capitan that amongst other things stops anybody (including root!) from writing to certain folders and files, typically related to the system or Apple’s own apps. The following folders are protected by default, and also most applications that came preinstalled with OS X (e.g. Dashboard):
The average user doesn’t usually need to mess around with root-level files. This also adds another layer of security for users with admin privileges, since they sometimes can be tricked by attackers into disclosing their password, or even their machine could be compromised and an attacker would get local code execution.
View files protected by SIP and check status
$ csrutil status
System Integrity Protection status: enabled.
$ cat /System/Library/Sandbox/rootless.conf
$ cat /System/Library/Sandbox/Compatibility.bundle/Contents/Resources/paths
You can also check whether a file or folder is protected by adding the O (capital O) flag to the
$ ls -lO /System/Library/CoreServices/Dock.app
drwxr-xr-x 3 root wheel restricted 102 26 Mar 2017 .
drwxr-xr-x 160 root wheel restricted 5440 14 Mar 12:10 ..
drwxr-xr-x 10 root wheel restricted 340 26 Mar 2017 Contents
Assuming you understand the implications and know what you’re doing, you can turn off SIP in a few steps:
- Restart your Mac
- While restarting, hold down ⌘ + R to enter Recovery System. Hold down the two keys until the Apple logo appears.
- This will boot the system into OS X Utilities window. Select Utilities → Terminal and enter the following:
$ csrutil disable
- Click the Apple menu and select Restart. The system will start up with SIP disabled.