How to Disable System Integrity Protection in macOS
Longtime Mac power users likely enjoyed the ability to tweak the operating system at its lowest levels. For years, hidden settings and customization apps let users take complete control of their Mac to customize how it looked and functioned.
But if the user can access these core system files, so too can malware. It’s this reality that prompted Apple to introduce a security feature called System Integrity Protection in macOS, starting with OS X El Capitan in 2015. And while System Integrity Protection is an important feature that most users will benefit from, it can cause issues with certain power user workflows and applications. So, if you’re willing to accept the risk of reduced security in exchange for greater flexibility, here’s how to disable System Integrity Protection in macOS.
What is System Integrity Protection?
Before we go further, let’s take a quick moment to go over exactly what System Integrity Protection does to make sure that disabling it is what you need. System Integrity Protection is all about restricting access to critical system files, thereby blocking certain attack vectors for malware and other malicious software.
Normal macOS user accounts have always had restrictions on which files they could access, but the root user, a special user account that has elevated privileges for the purpose of system administration, had no restrictions. Prior to the introduction of System Integrity Protection, any physical user or script that had access to the root account and password effectively had complete access to every area of the system.
Recognizing the potential security issue, along with the fact that most Mac users will never need to access or modify core system files, Apple created System Integrity Protection to block access to key locations and files, even for the root user. These locations include:
Any application that is pre-installed as part of macOS
With System Integrity Protection enabled, the only way to modify files in these locations is via apps or processes that are signed by Apple with the explicit permission to do so. For example, the Software Update process or Apple’s own application installers. Third party apps and even the Mac’s administrator cannot modify these files under any circumstance. If you attempt to do so, even with a “sudo” command, you’ll simply receive an Operation Not Permitted message.
Should You Disable System Integrity Protection?
As mentioned, System Integrity Protection can cause issues with certain power user workflows or applications that require the ability to modify system files. The good news is that you can disable System Integrity Protection, as long as you’re willing to accept the risk that your Mac will be more vulnerable if you do so. For power users, however, the flexibility to continue to access and modify these files may be worth the risk.
So, in short, if you know for certain that a workflow or app you require relies on access to protected system files, and you understand the risks involved, you’ll likely be OK with disabling System Integrity Protection. But if you don’t know why you need to disable System Integrity Protection, or if you’re just doing it because an app you downloaded told you to, you’re better off keeping it enabled and finding another solution for the app or process you’re trying to accommodate.
Disable System Integrity Protection
- To disable System Integrity Protection, boot your Mac into Recovery Mode by pressing and holding the Command and R keys on your keyboard as soon as you hear the boot chime.
- Once you’ve booted into Recovery Mode, select Utilities > Terminal from the menu bar at the top of the screen.
- To check to see if System Integrity Protection is currently enabled or disabled, use the command csrutil status.
- To disable System Integrity Protection, use the command csrutil disable. You can re-enable it later by repeating these steps and using the command csrutil enable instead.
- Once you’ve disabled System Integrity Protection, restart your Mac via the Apple menu.