Calling:
sudo du -sh /var
returns:
0B /var
but calling:
sudo du -sh /var/log
returns:
613M /var/log
Why is du
not counting subdirectory despite sudo
?
Also some items gave Operation not permitted
errors with sudo
like:
sudo du -sh /private/var/db/fpsd/dvp
du: /private/var/db/fpsd/dvp: Operation not permitted
My machine is running macOS Mojave 10.14.6. Is there a way to allow sudo
to access these "hidden" files?
du
means diskusage and/var
is not a disk :) I don't know the answer but can imagine there might exist invisible mount namespaces or selinux-like (MAC) mandatory access control restrictions. It might also the reason that BSDdu
does not work as expected, try GNUdu
or busyboxdu
maybe?/var
is a symlink and runningdu
against a symlink, always returns zero bytes. Whereas/var/log
is a real directory./var -> /private/var
, which means my only remaining question is why some items in/private/var
cannot be operated on bysudo du
.ls -laO
to show its restricted status, but the example file I gave could not even be operated on bysudo ls -laO
. In contrast, files listed in rootless.conf like/Applications/iTunes.app
can be listed or read even if they do have restricted status.du
obviously is a read-only operation which doesn't seem to be related to SIP which is mainly for anti-tampering.