This page may be out of date. Submit any pending changes before refreshing this page.
Hide this message.

How do I turn off the rootless in OS X El Capitan 10.11?

6 Answers
Amir Salah
Amir Salah, CS undergrad student
59.1k Views · Upvoted by Terry Lambert, Former Core OS Kernel team; tech lead UNIX Conformance and Erik Fair,  employee, 1988-1997
(As you will be restarting your OS X device. It might be helpful to print these instructions or access them from a different device).

To disable the rootless feature, reboot your OS into Recovery Mode, to do this:
  • Restart your Mac, and as soon as the screen turns black hold down ⌘R until the Apple logo appears on your screen.

     
  • You have successfully entered Recovery Mode if you see this:

  • Now click on the "Utilities" menu, and then "Terminal".



  • In the Terminal Window type:

    csrutil disable

    Press return, you should then see the following message



  • Restart OS X, your Mac should then restart as normal with SIP disabled,

To re-enable System Integrity Protection, do this:
  • Restart OS X again and hold down ⌘R as earlier, until you see the Apple Logo
  • Now click on Utilities", then "Terminal".
  • In the Terminal Window type:

    csrutil enable

    Then press the return key, you should then see the following message



  • Restart OS X, Your Mac should then restart as normal.
  • Done!

Note:
Apple have made the steps to temporarily disable the new security feature SIP (System integrity Protection) in El Capitan quite difficult. It is recommend to only perform these steps if you really must.
Dillan Laughlin
Dillan Laughlin
34.9k Views
Like others are saying, rootless is there for a reason and should not be disabled. That said if you know what you are doing then you can use the following process:
  1. Restart the computer, while booting hold down Command-R to boot into recovery mode.
  2. Once booted, navigate to the "Utilities > Terminal" in the top menu bar.
  3. Enter csrutil disable in the terminal window and hit the return key.
  4. Restart the machine and System Integrity Protection will now be disabled.
To reenable System Integrity Protection follow the steps above, except use the csrutil enable command for step 3.
Ben Reimers
Ben Reimers, Using OS X since System 9.
46.8k Views
The most future-proof method at time of writing is to boot into recovery mode (Command-R when booting) and disable System Integrity Check. This is not recommended though, since it defeats the whole idea of rootless to begin with.
Vijai Amarnath
Vijai Amarnath, Scientist, operating systems, networks, wireless & core internet techs
26.5k Views
Rootless is there for a very good reason. It's job is to protect system files & structures from intentional or accidental modifications. Integrity of system files is of utmost importance when it comes to your system security, stability & performance. Not exactly a good idea to mess around with it.


Rootless works by locking down access to system files; so that, regular user mode apps as well as processes with admin privileges can't access areas of the system they're not supposed to access. Mainly system files.

For example, in case the system has a malware infection, the OS will continue to run normally and will be able to clear out the infection without any damage to the OS itself. That's the power of rootless.

Firstly, I don't understand why you want to disable rootless!!! Only developers in mac os team will require it. Esp. when they're trying out new kernel mods or drivers. A normal user doesn't have to care about it at all!!!

Ok, here's the command to disable rootless:
sudo nvram boot-args="rootless=0";sudo reboot

Anyways, why would you want to do that? Do you have any overriding reasons? Please do enlighten us. It might help. And above all, I'm curious!!! :)
Fred Maxwell
Fred Maxwell
26.6k Views
Vijai Amarnath wrote:

Firstly, I don't understand why you want to disable rootless!!! Only developers in mac os team  will require it. Esp. when they're trying out new kernel mods or  drivers. A normal user doesn't have to care about it at all!!!

I can't answer for the original poster, but I have several popular commercial apps that will not run with rootless enabled.  Each of these apps rely on scripting additions which are blocked by rootless.  They include Total Finder, Total Spaces 2, and Default Folder X.

This is a major problem as scripting additions have been used by many developers and now, with rootless, all of their applications are "broken."  Apple needs to address this, possibly with something like the "identified developer" signatures they use for establishing trust for installation of applications.

From one of the developers:

Both TotalFinder and TotalSpaces2 work by injecting code into  processes that are part of OSX. They change the way those processes  work, but they don't change the underlying system - they just add  features whilst they are running. If you quit TotalFinder or  TotalSpaces2, those processes restart and system returns to its original  state.

                       
However, in El Capitan OSX 10.11, this kind  of modification will be disallowed by a new feature called "System  Integrity Protection". It is also known as "Rootless". The feature  prevents both modifications to your system files, and to system  processes whilst they are running (even if you enter your password for  administrator access).

                       
So in a normally configured Mac, TotalFinder and TotalSpaces2 cannot run.
View More Answers