APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

System Integrity Protection (SIP) in El Capitan

Some material is very old and may be incorrect today

© December 2015 Anthony Lawrence

Here's a fun little exercise on El Capitan:

[email protected]:~$ su - apl

iMac:~ apl$ 
iMac:~ apl$ sudo su -
iMac:~ root# echo ls > /usr/bin/foobydoo
-sh: /usr/bin/foobydoo: Operation not permitted
iMac:~ root# 

What's going on? It's SIP (System Integrity Protection, also known as "Rootless") in the latest OS X. It protects /usr, /bin, /System, and /sbin from writing, even by root. It also won't allow you to debug certain protected system processes and you cannot use unsigned kernel extensions at all.

Of course this is good for system security, but it has also killed some apps outright and caused major changes in others.

System Integrity Protection (SIP) in El Capitan kills some apps

In some cases, you can still use the app by disabling SIP, installing the app and then renabling SIP. You do that by booting into the Recovery partition and using the csrutil tool.

$ csrutil
usage: csrutil 
Modify the System Integrity Protection configuration. All configuration changes apply to the entire machine.
Available commands:
        Disable the protection on the machine. Requires a reboot.
        Enable the protection on the machine. Requires a reboot.
        Display the current configuration.

Most of us won't need to be concerned about any of this.

Use and Abuse of /usr/local/bin

If you found something useful today, please consider a small donation.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> System Integrity Protection (SIP) in El Capitan

Inexpensive and informative Apple related e-books:

Take Control of High Sierra

Take Control of Pages

Take Control of the Mac Command Line with Terminal, Second Edition

Take control of Apple TV, Second Edition

Take Control of Apple Mail, Third Edition

More Articles by © Anthony Lawrence

Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Perl: The only language that looks the same before and after RSA encryption. (Keith Bostic)

Linux posts

Troubleshooting posts

This post tagged:




Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode