System Integrity Protection (SIP) in El Capitan

Here's a fun little exercise on El Capitan:

tony@iMac:~$ su - apl

iMac:~ apl$ 
iMac:~ apl$ sudo su -
iMac:~ root# echo ls > /usr/bin/foobydoo
-sh: /usr/bin/foobydoo: Operation not permitted
iMac:~ root# 

What's going on? It's SIP (System Integrity Protection, also known as "Rootless") in the latest OS X. It protects /usr, /bin, /System, and /sbin from writing, even by root. It also won't allow you to debug certain protected system processes and you cannot use unsigned kernel extensions at all.

Of course this is good for system security, but it has also killed some apps outright and caused major changes in others.

System Integrity Protection (SIP) in El Capitan kills some apps

In some cases, you can still use the app by disabling SIP, installing the app and then renabling SIP. You do that by booting into the Recovery partition and using the csrutil tool.

$ csrutil
usage: csrutil 
Modify the System Integrity Protection configuration. All configuration changes apply to the entire machine.
Available commands:
        Disable the protection on the machine. Requires a reboot.
        Enable the protection on the machine. Requires a reboot.
        Display the current configuration.

Most of us won't need to be concerned about any of this.

Use and Abuse of /usr/local/bin

Got something to add? Send me email.

(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> System Integrity Protection (SIP) in El Capitan

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Anthony Lawrence

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

A refund for defective software might be nice, except it would bankrupt the entire software industry in the first year. (Andrew S. Tanenbaum)

This post tagged: