Apple introduced System Integrity Protection (rootless) mode as a security feature in OS X El Capitan. It prevents you (and programs) from changing root-level files even with your password, but it can stop some programs from working. Here's how to disable it.

How do I turn off rootless (also known as SIP, or System Integrity Protection) in Mac OS X El Capitan?

Removing or disabling your Mac's security features isn't something to be done lightly. To an extent we can assume that any reader who would ask this relatively advanced question won't be a complete newcomer to computing, and have a pretty good reason to turn off System Integrity Protection (also known as SIP, or "rootless") on your Mac. But to be on the safe side we'll briefly discuss the advantages and protections provided by System Integrity Protection before getting rid of it.

How to turn off rootless/System Integrity Protection on Mac: What is System Integrity Protection?

Introduced as a security feature in Mac OS X El Capitan, OS X System Integrity Protection (SIP) protects files, directories, and processes at the root level from being modified.

For a lot of people this is a good thing: Ars Technica argues that there are "almost no downsides to SIP for most users". The average OS X user doesn't need to go messing around with root-level files, and it provides an extra layer of security for users with a single account with admin privileges (which is most users). Nefarious hackers find it pretty easy to trick users into entering their system password; SIP prevents them from making any significant changes to the operating system.

The protected directories are: /System, /bin, /sbin, /usr (but not /usr/local). The symbolic links from /etc, /tmp, and /var to /private/etc, /private/tmp, and /private/varare also protected, although the target directories are not themselves protected. Most preinstalled Apple applications in /Applications are also protected.

For some power users SIP can be a major headache. It prevents all kind of software from being installed, and doesn't let you work outside your home directory (even if using Sudo at the command line, or when logged in as the "root" user).

But if you don't know what "sudo" or the "root" user is then you should perhaps stop right here. SIP exists for good reason, and most users are infinitely better off with it enabled.

Still resolved to turn SIP off? Okay: let's proceed.

How to turn off rootless/System Integrity Protection on Mac: Disable SIP

Turning off SIP is something of a hassle because you need to restart your Mac in Recovery Mode. Make sure that you re-enable SIP as soon as you've finished with whatever task it was interfering with. It forms a vital part of OS X's security system.

Assuming that you know what you're doing, here is how to turn off System Integrity Protection on your Mac.

1. Turn off your Mac (Apple > Shut Down).
2. Hold down Command-R and press the Power button. Keep holding Command-R until the Apple logo appears.
3. Wait for OS X to boot into the OS X Utilities window.
4. Choose Utilities > Terminal.
5. Enter csrutil disable.
6. Enter reboot.

Your Mac will reboot and start up with SIP disabled. You can check the status of SIP by opening Terminal and entering csrutil status. You should see "System Integrity Protection status: disabled."

How to turn off rootless/System Integrity Protection on Mac: Switch SIP back on

It's important to re-enable SIP when you've finished your task. Here's how to set OS X rootless mode back on.

1. Turn off your Mac (Apple > Shut Down).
2. Hold down Command-R and press the Power button. Keep holding Command-R until the Apple logo appears.
3. Wait for OS X to boot into the OS X Utilities window.
4. Choose Utilities > Terminal.
5. Enter csrutil enable.
6. Enter reboot.

Now open Terminal and enter csrutil status to check the status of SIP. It should say "System Integrity Protection status: enabled."