The Mac OS X 10.11 El Capitan is responsible for protecting system files and processes using the latest feature called System Integrity Protection or SIP, a kernel-level feature limiting what the “root” account is able to do.
This is an excellent security feature and there are few people, including developers and power users, that tamper with it — you should always leave it enabled. However, if it is critical that you modify system files, there is a way that you can bypass it.
How it works
System Integrity Protection is also referred to as ‘rootless’ and restricts the root account. The operating system kernel alone keeps check on the root user’s access and will prevent the root user from doing certain things like modifying protected locations or injecting code into protected system processes and procedures.
Every kernel extension has to be signed, and you cannot disable System Integrity Protection from within Mac OS X itself. Those applications that have elevated root permissions can’t tamper with system files any longer.
You will discover this when you try to write to one of the following directories: /sbin, /System, /usr, or /bin.
OS X does not allow it, and you will receive a message, ‘operation not permitted.’ Also OS X will not let you mount another location over any of these protected directories – put simply, there’s no way to get around this.
You can find a full list of protected locations at /System/Library/Sandbox/rootless.conf on your Mac. It includes files such as Chess.app, Mail.app and other apps included with Mac OS X, so you will not permit you to remove these — even from the command line as the root user. This also means that malware will not be able to modify and infect those applications.
How you can disable System Integrity Protection
The System Integrity Protection setting is stored in NVRAM on each individual Mac, and the only way to modify it is from the recovery environment.
- To boot your Mac into recovery mode, restart your Mac and as it boots hold down the Command+R. You will then enter the recovery environment.
- Now click the menu marked ‘Utilities’ and choose ‘Terminal’ and a terminal window will open. On your terminal type “csrutil status”.
- Press Enter and the status will appear that will show you whether System Integrity Protection is enabled.
- To disable your System Integrity Protection, type the following command: “csrutil disable”.
- If at a later date you decide to enable SIP again, just return to the recovery environment and type the following command: “csrutil enable”.
- Restart your Mac for your new System Integrity Protection settings to be effective. The root user will now have unrestricted access to the complete operating system and all the files.
Warning: you should never do this without a really good reason and without the skills to know what you are doing. The majority of users would have no reason to disable this security setting. This setting does not stop you from messing with your system.
Its purpose is to prevent malware or other programs from messing up your system. However, keep in mind that there are some low-level utilities that will only be able to function with unrestricted access.