Mac OS X 10.11 El Capitan protects file systems and processes with new features called System Integrity Protection. SIP is a kernel level feature that limits what can be done by "root" accounts.
This is a great security feature, and almost everyone - even "power users" and developers - must let it be activated. However, if you really need to modify the system file, you can bypass it.
What is System Integrity Protection?
On Mac OS X and other UNIX-like operating systems, including Linux, there is a "root" account that traditionally has full access to the entire operating system. Being a root user - or getting root permission - gives you access to the entire operating system and the ability to modify and delete any files. Destructive software that obtains root permission can use that permission to damage and infect low-level operating system files.
Type your password into the security dialog and you have given root permission to the application. This has traditionally made it possible to do anything to your operating system, although many Mac users may not be aware of this.
System Integrity Protection - also known as "rootless" - works by limiting the root account. The operating system kernel itself provides checks on root user access and will not allow it to do certain things, such as modifying a protected location or injecting code into a protected system process. All kernel extensions must be signed, and you cannot disable System Integrity Protection from within Mac OS X itself. Applications with high root access rights can no longer tamper with system files.
You’re most likely to notice this if you attempt to write to one of the following directories:
OS X just won’t allow it, and you’ll see an “Operation not permitted” message. OS X also won’t allow you to mount another location over one of these protected directories, so there’s no way around this.
A complete list of protected locations is found in /System/Library/Sandbox/rootless.conf on your Mac. This includes files like the Mail.app and Chess.app applications that are included with Mac OS X, so you can't delete this - even from the command line as a root user. This also means that malware cannot modify and infect the application.
Unintentionally, the "repair disk permissions" option in Disk Utility - long used to solve various Mac problems - has now been deleted. System Integrity Protection must prevent file permissions that are very important to be damaged. Disk Utility has been redesigned and still has the "First Aid" option to correct errors, but does not include ways to fix permissions.
How to Deactivate System Integrity Protection
Warning: Don't do this unless you have a very good reason to do it and know exactly what you are doing! Most users don't need to disable this security setting. This is not intended to prevent you from disrupting the system - it is intended to prevent malware and other badly behaved programs from disrupting the system. But some low-level utilities can only function if they have unlimited access.
The System Integrity Protection setting is not stored on Mac OS X itself. Instead, it is stored in NVRAM on each Mac. It can only be modified from the recovery environment.
To boot into recovery mode, restart your Mac and hold Command + R at boot. You will enter the recovery environment. Click the "Utilities" menu and select "Terminal" to open the terminal window.
Type the following command into the terminal and press Enter to check the status:
You’ll see whether System Integrity Protection is enabled or not.
To disable System Integrity Protection, run the following command:
If you decide you want to enable SIP later, return to the recovery environment and run the following command:
Restart your Mac and your new System Integrity Protection settings will apply. The root user will now have unlimited unlimited access to the entire operating system and every file.
If you previously have files stored in this protected directory before you upgrade your Mac to OS X 10.11 El Capitan, they have not been deleted. You will find them moved to the / Library / SystemMigration / History / Migration- (UUID) / QuarantineRoot / directory on your Mac.