Fork me on GitHub

SIP macOS

SIP (system integrity protection) is a feature of many recent versions of macOS. In 10.14.x Apple introduced privacy protection which means that programs are not able to access certain areas of any users home directory. The idea is to prevent malicious attacks (including data theft). This feature means that any program on MacOS 10.14.x or later needs to be granted full disk access in order to access various areas of the home (such as iPhoto Library / Mobile backups and much more).



By default on a standard system the SSH daemon is granted full disk access on MacOS 10.14.x. This means that if you are backing up a system via SSH, then rsync will be granted full disk access and will be able to read all the files in a users home directory. As such, if you are performing a local backup of user(s) homes, it is very easy to backup everything in the home directory by enabling SSH on the system and then backing up via the loop back address. There are other ways to accomplish a backup of everything in the home directory without using SSH. The most obvious approach is to disable SIP entirely. However, there are also other approaches.



To view notes specific to using rsync with LBackup on different versions of macOS visit the install page.



A common error message which will be displayed when you are being prevented by SIP from performing a local backup is listed below :

rsync: opendir "/Users/username/Library/Containers/com.apple.mail" failed: Operation not permitted (1)