System Integrity Protection
Macs have something called System Integrity Protection (also known as SIP), which means certain critical directories and files can’t be deleted, even as root. Even the /Applications/Chess.app can’t be deleted because of SIP.
ls -ldO /System/Applications/Chess.app
drwxr-xr-x 3 root wheel restricted 96 Sep 30 21:10 /System/Applications/Chess.app
See that restricted
in there? It means that it’s part of SIP.
/tmp not in SIP
But there is what I’d consider a critical directory that isn’t part of SIP—that’s the /private/tmp or /tmp directory.
ls -ldO /private/tmp
drwxrwxrwt 5 root wheel - 160 Oct 19 18:58 /private/tmp
No restricted
in there.
Why would /tmp not be there?
Now who knows why you’d ever delete /tmp? I can only imagine maybe some badly thought-out script decided cleaning out the /tmp directory was necessary and meant to do rm -rf /tmp/*
but did rm -rf /tmp/
instead.
Just to be clear here: there’s absolutely no reason you should ever need to even run rm -rf /tmp/*
. In fact, if a script did that, it’d be a wild overstep. Lots of processes use /tmp, so if your script is cleaning out all files in that directory, you’re deleting other programs’ things. Don’t do that.
Examples of what could break
Software Update
If the /tmp directory doesn’t exist, you can click through several parts of Software Update, but you’ll get an error when you get to the download phase.
Here’s an excerpt from the /var/log/install.log file:
SUOSUMobileSoftwareUpdateController: Download finished: Error Domain=SUMacControllerError Code=7722 “[SUMacControllerErrorPreflightPrerequisiteCheckFailed=7722] Failed to perform PreflightPrerequisite operation: NSPOSIXErrorDomain:2 | The operation couldn’t be completed. No such file or directory: [NSPOSIXErrorDomain:2]” <br<UserInfo={NSLocalizedDescription=Current device configuration and target is invalid for install in the current state. Please try again., SUMacControllerErrorIndicationsMask=0, NSDebugDescription=[SUMacControllerErrorPreflightPrerequisiteCheckFailed=7722] Failed to perform PreflightPrerequisite operation: NSPOSIXErrorDomain:2 | The operation couldn’t be completed. No such file or directory: [NSPOSIXErrorDomain:2], NSUnderlyingError=0x7ad9ce730 {Error Domain=NSPOSIXErrorDomain Code=2 “No such file or directory” UserInfo={NSFilePath=/tmp/msu-target-g4bWmdpv}}}
Munki
If you use Munki, it also needs the /tmp directory. If that directory doesn’t exist, Munki will have trouble installing software:
Here’s an excerpt from the /Library/Managed Installs/Logs/ManagedSoftwareUpdate.log file:
Oct 19 2024 19:03:40 -0700 ### Beginning unattended installer session ###
Oct 19 2024 19:03:40 -0700 Processing installs
Oct 19 2024 19:03:40 -0700 Checking if Google Chrome.app is running…
Oct 19 2024 19:03:40 -0700 Installing Google Chrome (1 of 2)
Oct 19 2024 19:03:40 -0700 Mounting disk image GoogleChrome-115.0.5790.98.dmg
Oct 19 2024 19:03:41 -0700 ERROR: Error: “hdiutil: attach failed – no mountable file systems” while mounting GoogleChrome-115.0.5790.98.dmg.
Oct 19 2024 19:03:41 -0700 ERROR: No mountable filesystems on GoogleChrome-115.0.5790.98.dmg
Oct 19 2024 19:03:41 -0700 Checking if Slack.app is running…
Oct 19 2024 19:03:41 -0700 Installing Slack (2 of 2)
Oct 19 2024 19:03:41 -0700 Mounting disk image Slack-4.40.126-macOS-4.40.126.dmg
Oct 19 2024 19:03:41 -0700 ERROR: Error: “hdiutil: attach failed – no mountable file systems” while mounting Slack-4.40.126-macOS-4.40.126.dmg.
Oct 19 2024 19:03:41 -0700 ERROR: No mountable filesystems on Slack-4.40.126-macOS-4.40.126.dmg
Oct 19 2024 19:03:41 -0700 ### End unattended installer session ###
How to fix
I doubt most people reading this have ever even accidentally deleted the /tmp directory, but if you do, you can re-create it:
sudo mkdir -p /private/tmp
sudo chmod 1777 /private/tmp
Software Update should work again:
And Munki should work again, too:
Oct 19 2024 19:05:59 -0700 ### Beginning unattended installer session ###
Oct 19 2024 19:05:59 -0700 Processing installs
Oct 19 2024 19:05:59 -0700 Checking if Google Chrome.app is running…
Oct 19 2024 19:06:00 -0700 Installing Google Chrome (1 of 2)
Oct 19 2024 19:06:00 -0700 Mounting disk image GoogleChrome-115.0.5790.98.dmg
Oct 19 2024 19:06:00 -0700 Copying Google Chrome.app to /Applications/Google Chrome.app
Oct 19 2024 19:06:29 -0700 Setting owner and group for ‘/tmp/munki-evjby6nf/tmpuz8eetg6/Google Chrome.app’ to ‘root:admin’
Oct 19 2024 19:06:29 -0700 Setting mode for ‘/tmp/munki-evjby6nf/tmpuz8eetg6/Google Chrome.app’ to ‘o-w,go+rX’
Oct 19 2024 19:06:29 -0700 The software was successfully installed.
Oct 19 2024 19:06:29 -0700 Checking if Slack.app is running…
Oct 19 2024 19:06:29 -0700 Installing Slack (2 of 2)
Oct 19 2024 19:06:29 -0700 Mounting disk image Slack-4.40.126-macOS-4.40.126.dmg
Oct 19 2024 19:06:30 -0700 Copying Slack.app to /Applications/Slack.app
Oct 19 2024 19:06:52 -0700 Setting owner and group for ‘/tmp/munki-evjby6nf/tmp3idyq324/Slack.app’ to ‘root:admin’
Oct 19 2024 19:06:52 -0700 Setting mode for ‘/tmp/munki-evjby6nf/tmp3idyq324/Slack.app’ to ‘o-w,go+rX’
Oct 19 2024 19:06:53 -0700 The software was successfully installed.
Oct 19 2024 19:06:53 -0700 ### End unattended installer session ###
Leave a Reply