macOS – Understanding Why /tmp is a Symlink to /private/tmp

As I understand it, it's a holdover from NextStep (which OS X is based on), and NextStep did it to support NetBooting. The idea was that you could boot from a network-hosted volume (probably read-only, and certainly shared with other computers), and early in the boot process mount a local (writable) volume on /private; as g mentioned, this allowed runtime-modification of /var and /tmp, as well as per-computer settings in /etc.

This isn't needed anymore, as Apple's current NetBoot system uses a shadow disk image to store changes anywhere on the boot volume. But some programs/docs/etc now assume the files live under /private, so it'd be too much trouble to switch them back...

Update: since I wrote this, Apple has stopped supporting NetBoot, so the original purpose of /private is even more obsolete. However, in macOS Catalina (version 10.15), they've added a new volume split. In this case it's for security rather than to support NetBoot, but it works in a fairly similar way.

Catalina's system volume is mounted read-only, with a read-write volume mounted at /System/Library/Data (analogous to the old system that mounted a RW volume at /private), and "firmlinks" making parts of the RW volume appear at their usual locations in the filesystem (again, analogous to the symbolic links that make parts of /private appear at their usual locations). For example, /Users is now a firmlink to /System/Library/Data/Users. The Eclectic Light Company has a good summary.

Catalina also still has the symbolic links to /private; thus, when you access /etc on Catalina, it follows the symlink to /private/etc, and then the firmlink to /System/Library/Data/private/etc