How to modify System Integrity Protection in El Capitan

Just in case it prevents an app to work, you should know how to modify System Integrity Protection in El Capitan.

If you don’t know by now, El Capitan, Apple’s new OS X, has a cool feature called SIP – System Integrity Protection. It’s the same thing as rootless mode. Considering that Macs, and basically everything that Apple makes now, are being targeted more and more by bad guys – read, hackers; SIP reduces the surface on which the malware attack relies on.

Rootless mode, or System Integrity Protection, prevents users from meddling with operating system files and directories. Do note, that it prevents any changes made regardless if the user has admin – root; rights.

It’s not fail-safe, and hackers can find a way to undermine SIP, but it’s way harder than before. The more time it takes to gain entry, the more hackers are discouraged to destroy or steal personal data.

Yet, there are quite a few pieces of software that don’t work properly when SIP is in control – mostly, system modifying apps or system extending ones.

You can turn SIP off – it’s harder than it was in the beta, but it isn’t impossible.

Early user reports have noted problems with rootless mode and its capability of preventing software to work when it has restriction enabled. Take SuperDuper!, the app developed by Shirt Pocket Software.

Apple listened to the community feedback and the company actually made some changes here and there. Still, developers like Shirt Pocket now have the task to constantly update their software specifically for El Capitan.

At the current moment, the following utilities just won’t work when System Integrity Protection is enabled.

  • Default Folder 4.7. It’s being developed by St. Clair Software. The developer has noted that they are currently working on version #5, that doesn’t require to circumvent SIP. It’s going to be free for users who have purchased from 4.7 and upwards.
  • BinaryAge has stated that they will terminate their development process on the TotalFinder app, which enhances Finder. They will still continue to support TotalSpace 2, the widely used desktop space manager, but the app will continue to need SIP to be disabled in order to function.

Even Rogue Amoeba is joining the discontinuing band-wagon – they have noted that they have opted out of developing Intermission. It wasn’t a big seller because it wasn’t SIP-compatible. Functionality has been implemented into the Audio Hijack app.

The following utilities suffered from the SIP plague, but are now resolved:

  • The menu bar app coordinator – Surtees Studio Bartender 1.3 now works with SIP enabled if you go to Recovery and do a round-trip there. Meaning two system restarts that entail a disabling, installing and enabling once again. Developer has announced that the Bartender 2.0 will work without the need of meddling.
  • The latest versions of Disk Sensei and Trim Enabler work properly and without the need to turn off rootless mode.

In the beta of El Capitan, to disable the rootless mode you just had to select a menu item after you restarted your system into Recovery mode. However, now it’s a little bit hard.

Before you take to disabling SIP, please do note that it is there to prevent unwanted attacks and malware on your computer. You should think twice before you disable your System Integrity Protection.

For the following steps to work, you first have to have a legit and up to date Recovery partition on your boot drive. You can also clone a startup volume even if you don’t have Recovery installed.

You need to restart your Mac machine. Just before your OS X boots, keep your finger pressed on Command-R until the Apple icon and the progress bar can be seen. Afterwards, you can remove your finger. The machine has now been booted into Recovery.

Go to the Utilities Menu and access Terminal.

When you are prompted with a window to type in, type – csrutil disable; and press the Return button.

You should now see a message that SIP has been safely disabled.

You can now go back to the original menu and press Restart.

Any time you want to enable SIP, do the exact same steps but instead of typing csrutil disable, you type csrutil enable. That’s it folks

I don’t recommend disabling SIP for any reason, but if you really need to use that app that can’t circumvent rootless mode, I can’t think of any other way to do so.

Image Source: 1, 2

Leave a Reply

Your email address will not be published. Required fields are marked *