我在 Mac (macOS 10.14.3) 上遇到了一个奇怪的问题。我跑去sudo du -xk /获取有关磁盘使用情况的详细数据,但遇到了几个错误:
du: /Users/brx/Library/Application Support/MobileSync: Operation not permitted
du: /Users/brx/Library/Application Support/CallHistoryTransactions: Operation not permitted
du: /Users/brx/Library/Application Support/com.apple.TCC: Operation not permitted
du: /Users/brx/Library/Application Support/CallHistoryDB: Operation not permitted
du: /Users/brx/Library/IdentityServices: Operation not permitted
du: /Users/brx/Library/Messages: Operation not permitted
du: /Users/brx/Library/HomeKit: Operation not permitted
du: /Users/brx/Library/Mail: Operation not permitted
du: /Users/brx/Library/Safari: Operation not permitted
du: /Users/brx/Library/Suggestions: Operation not permitted
du: /Users/brx/Library/Containers/com.apple.VoiceMemos: Operation not permitted
du: /Users/brx/Library/Containers/com.apple.Home: Operation not permitted
du: /Users/brx/Library/Containers/com.apple.Safari: Operation not permitted
du: /Users/brx/Library/Containers/com.apple.iChat: Operation not permitted
du: /Users/brx/Library/Containers/com.apple.mail: Operation not permitted
du: /Users/brx/Library/Containers/com.apple.news: Operation not permitted
du: /Users/brx/Library/Containers/com.apple.stocks: Operation not permitted
du: /Users/brx/Library/PersonalizationPortrait: Operation not permitted
du: /Users/brx/Library/Metadata/CoreSpotlight: Operation not permitted
du: /Users/brx/Library/Metadata/com.apple.IntelligentSuggestions: Operation not permitted
du: /Users/brx/Library/Cookies: Operation not permitted
du: /Users/brx/Library/Caches/com.apple.safaridavclient: Operation not permitted
du: /Users/brx/Library/Caches/com.apple.HomeKit.configurations: Operation not permitted
du: /Users/brx/Library/Caches/CloudKit/com.apple.Safari: Operation not permitted
du: /Users/brx/Library/Caches/com.apple.Safari: Operation not permitted
du: /Users/brx/Library/Caches/com.apple.homed: Operation not permitted
这很奇怪,因为即使没有sudo. 如果我在 Finder 中打开它们,我可以很好地看到内容,但是在终端中:
~/Library/Caches$ ls -la com.apple.homed/
ls: : Operation not permitted
~/Library/Caches$ sudo ls -la com.apple.homed/
ls: : Operation not permitted
~/Library/Caches$ ls -lade@ com.apple.homed/
drwxr-xr-x 7 brx staff 224 Mar 18 14:36 com.apple.homed/
所以没有 ACL 或扩展属性。我拥有该目录,所以我应该能够列出它!
但是,如果我这样做open /Users/brx/Library/Caches/com.apple.homed/,会弹出一个 Finder 窗口,其中包含内容(三个文件Cache.db{,-shm,-wal}和一个名为 的目录fsCachedData)。
这里发生了什么?
我相信 macOS 的 SIP(系统完整性保护)可以阻止du和ls进程访问文件/目录,即使以 root 身份运行也是如此。自 macOS Mojave 以来,SIP 似乎在 下的许多位置都处于活动状态~/Library,这意味着只有受信任的应用程序才能访问它们。
我将我的终端应用程序 (iTerm2) 添加到应授予“完整磁盘访问权限”的应用程序列表中,并在“安全和隐私”系统首选项设置中的“隐私”选项卡下进行了此操作。这似乎已经为我解决了。我说“似乎”是因为我不是 macOS 专家,但我相信这使我能够访问~/Library.
出于显而易见的原因,Apple 建议不要在系统上全局关闭 SIP,而且我也认为没有真正的理由这样做。