OS X: El Capitan's Deletion of "Repair Disk Permissions" Could Impact You

Apple's next version of OS X El Capitan uses something called "System Integrity Protection" to prevent the alteration of critical system files. As a result, scripted installers and even privileged admin users can no longer change those UNIX file permissions and then modify them. This should make El Capitan more stable and secure. So, while "Repair Disk Permissions" is gone, that also creates an important issue for users: software upgrades.

The high level explanation for this analysis comes in the public beta release notes under Notes and Known Issues, Other:

System file permissions are automatically protected, and updated, during Software Updates. The Repair Permissions function is no longer necessary.

This change will generally go unnoticed by most average users except for the absence of that button in /Applications > Utilities > Disk Utility.app. A revised, better looking and easier to understand version of Disk Utility comes with El Capitan. However, in some cases, there could be further impact.

System Integrity Protection

This change comes under the umbrella of an OS X El Capitan feature called System Integrity Protection. The overall goal here is to prevent an overly ambitious installer that wants its own way or a piece of malware from altering critical system files and compromising the security or stability of OS X.

Apple has provided a way for developers or expert IT managers to turn SIP off when absolutely necessary, but that's something ordinary users will never learn about nor ever need to do. Developers have access to that information.

As part of the upgrade process, if the El Capitan installer finds unauthorized files in certain protected directories that don't belong there anymore, perhaps from a long forgotten installation, it will delete them. This could lead to some of your important software not operating as expected—or at all.

What this means for the average user is to take inventory of all mission critical apps to make sure they can migrate to El Capitan.

Upgrade Thoughts

Because of the above, it's probably a smart idea, in this author's opinion, to do a clean install of El Capitan and then reinstall just the software, updated for El Capitan, that you need. You can check on compatibility at "Roaring Apps" or by directly querying the developer's website. I surmise that some software in the Mac App store may need to be modified and may not be able to make the leap.

One question to ask is why Apple didn't do this sooner. The answer is that Apple typically warns developers ahead of time that certain functionality will be deprecated. It gives developers time to react. For example those same release notes state: "OS X El Capitan is the last major release of OS X that will support the previously deprecated Java 6 runtime and tools provided by Apple."

The bottom line here is that Repair Disk Permissions is going away because Apple is hardening OS X against alterations to critical system files via System Integrity Protection. The fallout for the customer is that it'll be more important than ever to certify that every critical app used is ready for the migration to El Capitan.