1

Calling:

sudo du -sh /var

returns:

0B /var

but calling:

sudo du -sh /var/log

returns:

613M /var/log

Why is du not counting subdirectory despite sudo?

Also some items gave Operation not permitted errors with sudo like:

sudo du -sh /private/var/db/fpsd/dvp

du: /private/var/db/fpsd/dvp: Operation not permitted

My machine is running macOS Mojave 10.14.6. Is there a way to allow sudo to access these "hidden" files?

Improve this question
6
  • du means diskusage and /var is not a disk :) I don't know the answer but can imagine there might exist invisible mount namespaces or selinux-like (MAC) mandatory access control restrictions. It might also the reason that BSD du does not work as expected, try GNU du or busybox du maybe?
    – alecxs
    Commented Sep 11, 2021 at 9:26
  • 2
    I will hazard a guess and say that /var is a symlink and running du against a symlink, always returns zero bytes. Whereas /var/log is a real directory.
    – Bob Goddard
    Commented Sep 11, 2021 at 10:35
  • eclecticlight.co/2017/04/28/…
    – alecxs
    Commented Sep 11, 2021 at 13:06
  • @Bib you're right! dumb of me to not have noticed this myself. in fact, /var -> /private/var, which means my only remaining question is why some items in /private/var cannot be operated on by sudo du.
    – Kevin S.
    Commented Sep 11, 2021 at 16:06
  • @alecxs i did suspect SIP, but the behavior is not quite the same. SIP protected files can be operated on by ls -laO to show its restricted status, but the example file I gave could not even be operated on by sudo ls -laO. In contrast, files listed in rootless.conf like /Applications/iTunes.app can be listed or read even if they do have restricted status. du obviously is a read-only operation which doesn't seem to be related to SIP which is mainly for anti-tampering.
    – Kevin S.
    Commented Sep 11, 2021 at 23:04

1 Answer 1

Reset to default
0

This might work. It worked for me trying to ls the contents of ~/Library/Mail. It was also giving Operation not permitted

  1. In System Preferences select the Security & Privacy control panel
  2. Unlock the little lock on the bottom of the control panel
  3. From the icons on the left of the control panel, select Full Disk Access
  4. Click on the "+" below the list of applications (if any) that already have Full Disk Access over on the right.
  5. On the left hand side of the panel, select Applications if not already there.
  6. You will see a list of folders and your applications. Find and double click the Utility folder.
  7. You will now see the apps in the Utility folder. Find and double click the Terminal application. It will show up on the control panel as having
  8. Relock the control panel

I can't guarantee that this will work, buy you have nothing to lose. I would recommend you reverse the process and take Terminal out of the list when you are done.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .