What is SIP (System Integrity Protection) on Mac?

Apple has with OS X 10.11 El Capitan so-called system integrity protection was introduced in 2015. This is usually abbreviated to SIP, after the English term "System Integrity Protection". Protection for the Apple Mac operating system is also integrated in the macOS versions from 10.12 Sierra (2016) to 11 Big Sur (2020). It will also definitely be part of the systems from 2021. In this guide I have summarized what the SIP is and what purpose it fulfills.

The SIP (system integrity protection) on the Mac: How long has the security technology been in OS X / macOS, what does it do and how can you deactivate the SIP? You can find all the details here.
The SIP (system integrity protection) on the Mac: How long has the security technology been in OS X / macOS, what does it do and how can you deactivate the SIP? You can find all the details here.

What is System Integrity Protection on Mac?

SIP is a security technology that is supposed to protect the Mac from malicious software as well as from mistakes by the user. The SIP prevents protected files and folders on the Mac hard drive from being changed or deleted. This includes files and folders that are used for the operating system, the root process, system processes themselves, and similar things. In short, system integrity protection should ensure that malware cannot make any significant changes to OS X or macOS.

This is also ensured by the fact that the SIP restricts the root user account. This is the account from which administrators can carry out tasks on the Mac that intervene in system areas. Before OS X El Capitan, there were no restrictions on the root account. Up to OS X 10.10 Yosemite, if an app or tool was given the appropriate admin rights by entering the password, then it could - if it was malware - make extensive interventions in the Mac system. This has not been possible since 2015. So the protection of the Mac has been effectively expanded.

What parts of the Mac system does the SIP protect?

Various parts and programs are protected by the SIP so that an app, a system tool or other software can no longer change, delete or overwrite system files even when the password is entered. In addition to preinstalled apps, these include the following directories in OS X and macOS:

  • / System
  • / Usr
  • / bin
  • / sbin
  • / var

However, there are still system paths in which apps are allowed to write. These write permissions ensure that the app is recognized as a program, can create directories for its own data and can carry out similar actions. Third-party installation programs and software have access to the following directories:

  • / Programs
  • / Media library
  • / usr / local

How can system changes still take place?

If a new operating system is rolled out or an update for the existing system is to be loaded and installed on the Mac, then of course changes in the above paths and folders are made. System changes made by Apple through an update or upgrade of macOS are still possible. Other Apple software or even app offers from other developers can only do this if their software has been signed by Apple and thus receives special authorizations. "Apps that you download from the Mac App Store are already compatible with System Integrity Protection“, It says in the Support document HT204899.

There you will also find the note that programs from OS X 10.11 El Capitan can no longer select a startup disk. So if you want to specify that the Mac should start from a different hard drive / partition than the current one, then you have to do that manually. This is possible, even in current systems, via the Apple menu in the menu bar of macOS. There you click on System settings ... and then in the window that opens Startup disk. In the overview that then opens, you can select one of the various installed systems. If only one is installed, only this is displayed.

Can I turn off Mac System Integrity Protection?

If you are a developer or attribute a system error to the SIP, then you are probably wondering whether you can turn off Mac System Integrity Protection manually. And the answer is actually "Ja". However, this is only recommended if you only do this to fix a bug and then reactivate the protection. I already gave you the instructions a few days ago in this post: Catalina Installer cannot be deleted from the trash on macOS Big Sur. With the link you should go directly to the section "Switch off SIS or SIP: Delete installer by deactivating system integrity protection" leap.

That brings us to the why. Because for many users who just want to use a working Apple Mac, the SIP probably doesn't play an active role. It's just there and makes the system more secure. However, there are rare bugs that can only be solved with deactivated Mac protection. And that sometimes includes deleting an installer from the trash. The installer is recognized as a system file, assigned to one of the above paths and accordingly prevented from being removed. If you want to get rid of the multiple GB, you have to follow the linked instructions (or follow Dirk's path in the comments).

In this sense: Good luck!

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership would support.

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.