How to Check if System Integrity Protection (SIP) is Enabled on Mac

Aug 1, 2018 - 16 Comments

How to check System Integrity Protection status on Mac

System Integrity Protection (SIP) locks down certain Mac OS system folders to prevent modification, execution, and deletion of critical system-level files on the Mac, even with a root user account. While the SIP security feature is enabled by default on all modern Mac OS releases, you may find yourself in various situations where you need to check SIP status to find out if it is enabled or disabled on a particular Mac, or to otherwise confirm the SIP status on any Mac.

There are two ways to check System Integrity Protection status; by using the command line, and by using the System Information profiler tool.

This article will show you both methods to see how to determine if System Integrity Protection / SIP is enabled or disabled on a Mac.

How to Check if System Integrity Protection is Enabled on Mac with Terminal

You can check any Mac for SIP protection by using the command line. This is particularly great if you need to remotely check SIP status through ssh, for example.

  1. Launch the Terminal application in Mac OS, it’s located in the /Applications/Utilities/ directory
  2. Type the following into the command line, then hit return:
  3. csrutil status

  4. You will see one of the following messages, indicating the status of SIP on that Mac:
    • If SIP is on – “System Integrity Protection status: enabled.”
    • If SIP is off – “System Integrity Protection status: disabled.”

How to check SIP status from command line on Mac

If SIP is enabled, you likely want to keep it that way. Nonetheless, some advanced users may want to disable System Integrity Protection in Mac OS for various reasons. If SIP is disabled, you will likely want to turn it back on.

How to Check SIP Status on a Mac from System Information

Mac users can also check if System Integrity Protection is enabled or disabled by referring to the System Information tool found in MacOS:

  1. Open the /Applications/ folder and then go to /Utilities/
  2. Open the “System Information” application (you can also get there by holding Option key and clicking the  Apple menu to choose “System Information”)
  3. Scroll down the left side list and choose “Software”
  4. Look for “System Integrity Protection” on the right side, and whether or not you see an “Enabled” or “Disabled” message alongside that

How to check SIP System Integrity Protection status from System Information on Mac

Again, if SIP is enabled, you almost certainly want to keep it that way. And if SIP is disabled, you likely want to turn it back on again to enjoy the protection that SIP offers.

What Folders Does SIP Protect in Mac OS?

In case you are wondering what directories and folders are protected by System Integrity Protection, the current list is as follows:

/System
/sbin
/bin
/usr *
/Applications **

* /usr is protected with the exception of /usr/local subdirectory, which is often used by tools like Homebrew

** /Applications is protected for apps that are pre-installed with Mac OS (Calendar, Photos, Safari, Terminal, Console, App Store, Notes, etc)

(Note that most of those SIP protected system folders are hidden from user view by default, though if you use a trick to show hidden files in MacOS like a keystroke or defaults command, you will be able to see those otherwise hidden system directories from the Finder)

Those directories are protected from modification (adding, deleting, modifying, editing, moving, etc) from any administrator account and even root accounts, the latter of which is perhaps why SIP is sometimes called ‘rootless’. Only if System Integrity Protection is manually disabled can you have modification privileges of those directories, and disabling SIP requires an admin password and boot access to a Mac.

Aside from the security benefits offered by SIP, it also can prevent deletion of system files and system resources in Mac OS (whether intentional or accidental) since those critical files and folders do not have modification access while the feature is turned on. Again, don’t turn SIP off unless you have a really compelling reason to do so, and even then then you’ll almost certainly want to quickly turn it back on again.

As previously mentioned, SIP is enabled by default on all modern Mac OS software releases. This includes macOS Mojave, macOS High Sierra, MacOS Sierra, and Mac OS X El Capitan, and it’s safe to assume all future Mac OS system software versions will have SIP enabled by default as well. If the version of Mac OS is older than what SIP supports, the feature will not be available, and neither will be the ability to check the status of SIP with the csrutil command, or the System Information method.

If you have any other methods of checking SIP status on a Mac, or any comments, thoughts, tips, tricks, or other noteworthy info about System Integrity Protection, share with us in the comments below!

.

Related articles:

Posted by: Paul Horowitz in Command Line, Mac OS, Security, Tips & Tricks

16 Comments

» Comments RSS Feed

  1. bridget says:

    Can you help me uncheck shared extensions due to heavy security and privacy attacks. i.e. in sys prefs, extensions, share menu: mail, airdrop, messages, add people. I need to get to terminal level to ‘ uncheck ‘ . Im the admin and owner and a victim of skillful destructive, malicious and driven by $$ to bank access through the equipment. the pw resets were being deleted from the mail app and other important communications were being affected. Here I am now and apple was useless despite the engineers even having a session recording 1 of my design firm machines ( MINE ) and proving someone was inside my icloud acct, had turned back to my mac on.. etc.. that was before Mojave which caused a brand new machine to be accessed in no time with both a download called ‘ invest ‘ and a keyboard found on the lock screen which prevented me as admin from getting to my desktop after PW was entered. Another machine totally erased .. and still I am fighting to have control that can only be assured in terminal.

  2. Curt says:

    Should all the different line items also show “Enabled”? If not how can they be set to Enabled?

    • Louie says:

      On my mac running High Sierra, I only see two such lines under the software header within system information: System Virtual Memory and the aforementioned SIP. Both are enabled by default.

  3. John says:

    @James Allison

    of course you had not have to hear about sip, because it is a 1-2 yo feature…

  4. Sal says:

    My machine is a hackintosh so its custom. SIP is enabled but kext signing is disabled and 2 others are disabled. Guess you can’t hack with everything turned on/protected.

  5. James Allison says:

    Thanks, after using Macs since 1992, I’ve never heard of SIP !

    Checked it out, SIP was enabled.

    Thanks for the heads up.

    Jim
    England,UK.

  6. Mark Safron says:

    The easiest way to check SIP status is to click on the Apple logo>About this Mac>Overview–System Report>which takes you to the same window.

    • fred says:

      Mark, thanks. Yes, your way is the easiest.

      • Ted says:

        What I do to check SIP quickly is this:

        – Hit Command Spacebar to bring up Spotlight

        – Type “System Info” and hit return (this opens System Information)

        – Type ‘so’ on your keyboard to select the “Software” section instantly in System Information

        Boom. You have your SIP Status displayed right there, along with software version, uptime, boot volume, user name, computer name, etc.

        I think that’s the fastest, all using the keyboard, and can be done very quickly. But I like using Spotlight for launching apps.

  7. Mark Leffler says:

    Thanks for the tip. SIP was enabled, but it was nice to be able to confirm it so easily. OSXDaily is a great service.

  8. Old Coot says:

    In the latest Google Chrome

    osxdaily.com is blocked
    Requests to the server have been blocked by an extension.
    Try disabling your extensions.
    ERR_BLOCKED_BY_CLIENT

    • Paul says:

      Where do you see this error? Can you take a screenshot of that error and when you see it? Send it to osxdailycom@gmail.com if possible.

      My guess is that you have an Adblock-type extension enabled which is preventing you from loading something on the site, though I am not sure what since I can not reproduce the error myself. OSXDaily.com is free and supported entirely by ads, so it’d be nice if you could whitelist our site so that we can (hopefully!) continue to exist. Regardless let’s try to troubleshoot the message, as I have never seen that one before.

    • James Allison says:

      Like Paul,

      I cannot reproduce the error that you describe in Google Chrome.

      Not sure whether you’re a Mac user or not, but without doubt Safari is the best browser. If you’re a PC user you can still download Safari for Windows.

      I wouldn’t use Google Chrome unless you have software that stops Google tracking you.

      I find Safari, is not as good as Opera for streaming video, which support html5.

Leave a Reply

 

Shop on Amazon.com and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks

News

iPhone / iPad

Mac

Troubleshooting

Shop on Amazon to help support this site