On Mon, Jul 18, 2022 at 10:22 AM Bruno Haible <br...@clisp.org> wrote: > > Jeffrey Walton wrote: > > I believe MacOS maps /etc and /tmp to a private area for the user. > > They are not world readable/writable. I believe Apple did it for > > hardening. > > > > Here's from a MacOS X 10.5 machine I have: > > > > $ ls -l /etc /tmp > > lrwxr-xr-x@ 1 root wheel 11 Feb 10 2015 /etc -> private/etc > > lrwxr-xr-x@ 1 root wheel 11 Feb 10 2015 /tmp -> private/tmp > > /tmp is world-writable, of course: > > $ ls -lLd /etc /tmp > drwxr-xr-x@ 124 root wheel 3968 27 Jun 01:25 /etc > drwxrwxrwt@ 8 root wheel 256 18 Jul 14:38 /tmp
I believe Apple creates a copy of /etc, /var and /tmp for the user. Then, writes occur to the private area the OS provides to the user. I don't believe users are allowed to write directly to those directories. In the old days it happened because of NetBoot. Nowadays it's because of Apple's System Integrity Protection. Also see https://apple.stackexchange.com/questions/1043/why-is-tmp-a-symlink-to-private-tmp and https://en.wikipedia.org/wiki/System_Integrity_Protection . Jeff