What is integrated protection system (System Integrity Protection)?
Use the integrated protection system, Apple decided to have some third-party applications will never be allowed to do. In some terms, such protection and more like the iOS. Third-party applications are more limited compared to them. This is the origin of the word rootless, system administrator privileges to some extent limit the account.
Apple on OS X El Capitan 10.11 system has been used Rootlees, can be understood as the kernel protection system of a higher level, the system will default locking / system, / sbin, / usr three directories (not including the / usr / local). rootless characteristics so that certain operations may only be licensed application apple (judged by code signing). So even if the third-party application is running as root, the mechanism is turned on after Rootless, any of these actions will prompt a few directories do not operational authority.
:cd /usr
:sudo mkdir zhaolu
mkdir: zhaolu: Operation not permitted
:cd local
:sudo mkdir zhaolu
:sudo rmdir zhaolu
This protection also can be closed.
Restart the mac, then black when ready to boot, hold down the command + R, then will go into recovery mode.
In the top toolbar, select Utilities >> terminal. As follows:
Then enter the command: csrutil disable.
Restart the computer, Rootless mechanism will be closed.
If you want to open this mechanism then restart, then enter the command in the terminal: csrutil enable.
Use csrutil status command in normal desktop terminal can view the status of Rootless:
:csrutil status
System Integrity Protection status: enabled.