in the newly-released final 10.11, the option to disable SIP is missing from Utilities when i boot up in Recovery Mode (it was there in the betas). No longer possible? or is there a terminal command to run in recovery?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
no way to disable SIP??
- Thread starter fisherking
- Start date
- Sort by reaction score
works (and allowed me to reinstall the Bartender app helper, and change some icons, ie safari, mail). thanx!
Riddle me this. How can you possibly disable SIP if you run OS X from a RAID boot volume? There is no recovery partition in such a setup. How the ###% does Apple expect you to boot into a Recovery Partition that doesn't exist??? You don't normally need a recovery partition if you have a full volume bootable backup (at least not until now). Why on earth would they create a command that can only be run from a partition that doesn't exist for power users when power users are the ones most likely to want to disable that POS (and yes it's a POS since it stops Xtrafinder and other programs from running and believe you me that you NEED Xtrafinder to make Finder usable).
FRACK APPLE. It's MY computer. They have NO RIGHT to tell the ROOT USER that he can't edit a simple .plist file to make NFS work without having to manually turn it on via the shell every time I reboot.... It's what startup scripts exist for, to let you start things up during boot up! This isn't security. It's bullcrap.
They need to make another way to disable it that doesn't involve a non-existent partition.
FRACK APPLE. It's MY computer. They have NO RIGHT to tell the ROOT USER that he can't edit a simple .plist file to make NFS work without having to manually turn it on via the shell every time I reboot.... It's what startup scripts exist for, to let you start things up during boot up! This isn't security. It's bullcrap.
They need to make another way to disable it that doesn't involve a non-existent partition.
What process are you trying to use to start NFS?
Put your NFS shares in a file at /etc/exports, and nfsd automatically starts and shares them, and you don't deal with SIP whatsoever.
https://support.apple.com/en-us/HT202243
Install 10.11 onto an external drive, and it will have its own recovery partition that you can use via Option-boot.
If you have created a USB Install Drive, you can use it to change SIP.
I am currently running PB6, but tomorrow I will be doing the upgrade so I created the USB drive earlier and on a whim I booted the installer drive, disabled SIP in Terminal, re-booted my PB6 install and ran csrutil status.
The "Protection status" bug still exists.
This provides an alternate method to change SIP when the Recovery Partition does not exist, such as a raid configuration.
DS
I am currently running PB6, but tomorrow I will be doing the upgrade so I created the USB drive earlier and on a whim I booted the installer drive, disabled SIP in Terminal, re-booted my PB6 install and ran csrutil status.
Code:
System Integrity Protection status: enabled (Custom Configuration).
Configuration:
Apple Internal: disabled
Kext Signing: disabled
Filesystem Protections: disabled
Debugging Restrictions: disabled
DTrace Restrictions: disabled
NVRAM Protections: disabled
This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.The "Protection status" bug still exists.
This provides an alternate method to change SIP when the Recovery Partition does not exist, such as a raid configuration.
DS
I already have them in etc/exports. XBMC needs the -N option (allow non-root clients to access files, which XBMC requires as it has no root privileges nor should it) when NFSD starts and that is in /System/Library/LaunchDaemons/com.apple.nfsd.plist file. You normally just add <string> -N </string> after the NFSD string line and all is good. Apple removed that change from my Mavericks file I made and put it back to not having the -N option and locked the file so you can't change it (SIP). -N is a valid option. Options exist for a reason. Startup files exist for a reason. Apple has said we are too stupid to use the UNIX features in OS X and used security as an excuse to lock us out of them. They could have just used a "MASTER" password that is ONLY used for those files and is never allowed to be used by a 3rd party program unless you login in a shell with it or something, but instead, they put it in the Recovery Partition, which means not only a reboot for most people, but it means power users that have a RAID boot drive have no way to turn it off period. It also killed XtraFinder and TotalFinder as well the same way.
I CAN get NFS to work with XBMC manually if I stop the process and manually restart it with the -N option, but unless I can find a script to automate this away from the one OS X automatically starts I'd have to do it every time I reboot.
I just read for some options you can do a "Defaults write <key> <value>" argument, but I saw no change in the file so I have no idea what it did or if I used the wrong argument. I should reboot and see if anything changed since it only runs that file on boot.
But will that allow me to turn it off and modify files on my RAID boot partition or would it only modify them on the external drive? I suppose I could then COPY that external version file change BACK to the RAID boot partition using Carbon Copy Cloner. Hmmm, that might at least get around the problem for NFS and installing something like XtraFinder. The only issue is I have Mavericks on that backup copy right now as I evaluate El Capitan and so I'd either have to buy another backup drive or wait until I'm sure I'd want to stick with El Capitan. Of course, every time Apple updates OSX, there's a chance it would change the files back to default all over again.
Well, if that will work for the boot partition (where does SIP exist? In EFI? I assumed it was changing a file setting on the boot partition itself and thus it would change it on the regular boot partition on the USB stick, not the RAID drive), but your post seems to indicate otherwise. I downloaded a script that will install a recovery partition on my backup drive (which is not RAID) so I can try that there (Carbon Copy Cloner apparently only clones a recovery drive from the existing source, not creates one when it's already wiped out; this utility claims to create a new one). So I can see what happens. Bad for me if something goes wrong, though (since Mavericks is on it right now). The USB drive thing sounds safer, but I'd have to make one up first.
Edit: I guess SMB doesn't work after all. It was still using my SMBuP settings. Turning on Apple's own SMB killed it on a reboot.... figures.
Last edited:
As I understand it, the SIP setting is stored in NVRAM. This means that however you boot El Capitan on a specific machine, the setting will always be the same. The minimal OS used by the install and the Recovery Partition provide the ability to change the SIP state.
Tomorrow I am going to try a test. I am going to disable SIP on my PB6 system, do the standard install and see what the setting is when I am done. Just curious if it persists across OS X installs.
DS
Tomorrow I am going to try a test. I am going to disable SIP on my PB6 system, do the standard install and see what the setting is when I am done. Just curious if it persists across OS X installs.
DS
Just a quick followup. The SIP disabled setting did persist across the standard install.
DS