Apple has with OS X 10.11 El Capitan so-called system integrity protection was introduced in 2015. This is usually abbreviated to SIP, after the English term "System Integrity Protection". Protection for the Apple Mac operating system is also integrated in the macOS versions from 10.12 Sierra (2016) to 11 Big Sur (2020). It will also definitely be part of the systems from 2021. In this guide I have summarized what the SIP is and what purpose it fulfills.
Chapter in this post:
What is System Integrity Protection on Mac?
SIP is a security technology that is supposed to protect the Mac from malicious software as well as from mistakes by the user. The SIP prevents protected files and folders on the Mac hard drive from being changed or deleted. This includes files and folders that are used for the operating system, the root process, system processes themselves, and similar things. In short, system integrity protection should ensure that malware cannot make any significant changes to OS X or macOS.
This is also ensured by the fact that the SIP restricts the root user account. This is the account from which administrators can carry out tasks on the Mac that intervene in system areas. Before OS X El Capitan, there were no restrictions on the root account. Up to OS X 10.10 Yosemite, if an app or tool was given the appropriate admin rights by entering the password, then it could - if it was malware - make extensive interventions in the Mac system. This has not been possible since 2015. So the protection of the Mac has been effectively expanded.
What parts of the Mac system does the SIP protect?
Various parts and programs are protected by the SIP so that an app, a system tool or other software can no longer change, delete or overwrite system files even when the password is entered. In addition to preinstalled apps, these include the following directories in OS X and macOS:
- / System
- / Usr
- / bin
- / sbin
- / var
However, there are still system paths in which apps are allowed to write. These write permissions ensure that the app is recognized as a program, can create directories for its own data and can carry out similar actions. Third-party installation programs and software have access to the following directories:
- / Programs
- / Media library
- / usr / local
How can system changes still take place?
If a new operating system is rolled out or an update for the existing system is to be loaded and installed on the Mac, then of course changes in the above paths and folders are made. System changes made by Apple through an update or upgrade of macOS are still possible. Other Apple software or even app offers from other developers can only do this if their software has been signed by Apple and thus receives special authorizations. "Apps that you download from the Mac App Store are already compatible with System Integrity Protection“, It says in the Support document HT204899.
There you will also find the note that programs from OS X 10.11 El Capitan can no longer select a startup disk. So if you want to specify that the Mac should start from a different hard drive / partition than the current one, then you have to do that manually. This is possible, even in current systems, via the Apple menu in the menu bar of macOS. There you click on System settings ... and then in the window that opens Startup disk. In the overview that then opens, you can select one of the various installed systems. If only one is installed, only this is displayed.
Can I turn off Mac System Integrity Protection?
If you are a developer or attribute a system error to the SIP, then you are probably wondering whether you can turn off Mac System Integrity Protection manually. And the answer is actually "Ja". However, this is only recommended if you only do this to fix a bug and then reactivate the protection. I already gave you the instructions a few days ago in this post: Catalina Installer cannot be deleted from the trash on macOS Big Sur. With the link you should go directly to the section "Switch off SIS or SIP: Delete installer by deactivating system integrity protection" leap.
That brings us to the why. Because for many users who just want to use a working Apple Mac, the SIP probably doesn't play an active role. It's just there and makes the system more secure. However, there are rare bugs that can only be solved with deactivated Mac protection. And that sometimes includes deleting an installer from the trash. The installer is recognized as a system file, assigned to one of the above paths and accordingly prevented from being removed. If you want to get rid of the multiple GB, you have to follow the linked instructions (or follow Dirk's path in the comments).
In this sense: Good luck!
Related Articles
Retrieve iCloud emails via Thunderbird on your Windows PC: This is how it works!- OS X 10.11 El Capitan - Everything you need to know!
- Mac: enable and disable expanding folders in Finder
- 5 app recommendations in January 2022
- Which cable do you need for a 144Hz monitor?
- Canceling a PayPal subscription - explained step by step
- What battery goes into an Apple AirTag?
- Instructions: Use the iMac as a Windows PC monitor
After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.
