The recent versions of Mac OS X include the System Integrity Protection (SIP) that a number of users enable on their device. It is actually a kernel level feature that limits the root account. A root account is the one that can access your entire Mac operating system and is present in the system by default. Being a root user you can set the permissions, access, delete, and modify the files. Nonetheless, if any malware programs gain control over the root permissions then the operating system files are affected.
Nevertheless, as you specify the password in the security dialog, you give the root permissions for an application. The SIP works by restricting the root account on Mac. The kernel OS checks over the access for root users and restricts certain actions. For instance, you will be not allowed to modify the protected locations in the system. Moreover, almost all the kernel extensions must be signed; you won’t be able to disable the SIP within Mac just like that. Even so, if you attempt to write to it then you will see any of these directories – /bin, /usr, /system or /sbin. You won’t be able to mount and you would eventually see a message that says- Operation not permitted.
Disabling System Integrity Protection
It is actually not recommended to disable the system integrity protector on your Macintosh. If it is to deal with malware threats and other bad/unauthentic program that is causing troubles then you may have to go for it. So, until and unless you do not have any specific reason do not intend to disable the system protection.
The System Integrity Protection is not found in the Mac OS X but in the NVRAM. The modifications can be done in the recovery environment. Boot the Mac into Recovery environment ( Command + R) and navigate through Utilities -> Terminal and type the command as:
csrutil status [to check the status]
csrutil disable [to disable]
if you want to enable the protection again, then use the command as csrutil enable