System Integrity Protection was introduced in El Capitan to add another layer of security to OS X. The system prevents the root user from doing things that are potentially harmful. Apple did this because any app at any time may ask for the administrator password and execute commands with elevated permissions, which is a big security risk on single user systems.
There are downsides to yet another layer of security, and much like Gate Keeper, System Integrity Protection brings us one step closer to a completely locked off system like iOS. I guess that’s the long term plan.
Until then, and if you need it, you can disable System Integrity Protection. Here’s how to do it:
- boot into the Recovery Partition (hold down CMD + R during boot)
- this takes a little longer than usual
- when the system is back, select Utilities – Terminal
- now type “csrutil disable”
- close Terminal and restart the system
You can check at any time if this feature is on or off by typing
csrutil status System Integrity Protection status: disabled.
Enable it again during a Recovery session by typing “csrutil enable” and El Capitan is secured again.
To see what else this command has to offer, type csrutil without parameters:
csrutil usage: csrutil <command> Modify the System Integrity Protection configuration. All configuration changes apply to the entire machine. Available commands: clear Clear the existing configuration. Only available in Recovery OS. disable Disable the protection on the machine. Only available in Recovery OS. enable Enable the protection on the machine. Only available in Recovery OS. status Display the current configuration. netboot add <address> Insert a new IPv4 address in the list of allowed NetBoot sources. list Print the list of allowed NetBoot sources. remove <address> Remove an IPv4 address from the list of allowed NetBoot sources.