What is SIP and how to disable it

In 2015, Apple introduced a new malware protection mechanism in OS X El Capitan (10.11) called System Integrity Protection (also known as SIP or rootless).

What is SIP and how to disable it

In 2015, Apple introduced a new malware protection mechanism in OS X El Capitan (10.11) called System Integrity Protection (also known as SIP or rootless).

Why disable SIP

For example, you want to downgrade iTunes after the next update or simply uninstall one of the Apple programs: Safari, iTunes, Photo..., but these are all pre-installed applications and you cannot remove them. But if you disable SIP, then you will have such an opportunity.

Also, some "treated" applications require disabling SIP for the full operation of all functions due to the peculiarities of the activation implementation.

 

NOTE
Unfortunately, with the release of macOS 11 Big Sur, Apple has revised the security principles of its operating system. Now users do not have rights to change the System folder, only reading is available, disabling SIP does not change anything. Also, she moved all her pre-installed applications to this folder, except for the Safari browser.


Instructions (disabling SIP)

It is impossible to disable SIP from macOS itself, otherwise the whole point of protection is lost. Therefore, you will need to boot into Recovery mode and execute certain commands in the terminal.

1. Start your Mac in macOS Recovery Mode.

Intel: Restart your computer. Once the screen turns black, press and hold the Cmd + R keys until the Apple logo appears on the screen. Upon completion of the download, you will enter recovery mode.

Apple Silicon: Hold down the power button while your Mac is off (10 seconds). Then go to "Options". You may need an administrator password.



If you just booted macOS, you probably held down the key combination too late, or released them too soon. Restart your computer and try again. 

2. Launch Terminal from the Utilities menu:

3. Run the csrutil disable command and press Enter.




We add that not every patched application requires a complete disabling of SIP.
The  csrutil enable --without fs command  will disable it for the file system only, without affecting Kernel Extensions or interfering with NVRAM.

4. Restart your Mac.



Sometimes disabling SIP can cause your Mac to cycle into Recovery mode instead of normal mode. To resolve this issue, hold down the ⌥Option (Alt) key on your keyboard the next time you reboot to boot into disk selection mode. Next, select the disk with the system and click on it with the mouse or press Enter. 

Additionally

It is not necessary to disable SIP permanently. Having done the necessary manipulations (by launching the desired application), you can go into Recovery Mode (again) and enable Mac protection with the csrutil enable command

To check SIP status use csrutil status command

The terminal will display: enabled (enabled) or disabled (disabled).

Available in normal mode, and in recovery mode.


You can read more about SIP at wikipedia.org or support.apple.com or developer.apple.com