Strange behaviour of symlink /var

pathsymlinkterminal

I have a pretty new MacBook and got this from our central IT department pre-installed.
I experienced a problem, which I first thought was related to Terraform, but after investigation this seems to be a general problem at all.

Having a look at simple cat commands:

ls -al /var/tf-test/                                                                 
total 8
drwxrwxrwx   3 root     wheel   96  3 Aug 11:00 .
drwxr-xr-x  30 root     wheel  960  3 Aug 10:57 ..
-rwxrwxrwx   1 user     wheel  198  3 Aug 11:00 backend.hcl

cat /var/tf-test/backend.hcl                                                         
I am fine

pwd                                                                                  
/Users/user/tf-test

cat ../../../var/tf-test/backend.hcl                                                 
cat: ../../../var/tf-test/backend.hcl: No such file or directory

This is pretty strange ….since cat should resolve the symlink und should automatically point to the real path, right?

This basically leads to my Terraform to not deploy anything, since Terraform is generating a relative path from the current directory to a backend-config (a parameter) and then couldn't resolve it:

pwd                                                                                  
/Users/user/tf-test

terraform init -backend-config /var/tf-test/backend.hcl                          
Initializing the backend...
Error: Failed to read file
The file "../../../var/tf-test/backend.hcl" could not be read.

Permissions seems to be ok, isn't it?

ls -la /
drwxr-xr-x    6 root  wheel    192 28 Mai 01:32 private
lrwxr-xr-x@   1 root  admin     11 13 Jul 13:05 tmp -> private/tmp
lrwxr-xr-x@   1 root  admin     11 13 Jul 13:05 var -> private/var

Guys, this freaks me out.
Any ideas how to fix this?

Best Answer

I would probably start with two things.

  1. sudo -s
  2. Judicious use of file hopefully can help pick apart the error in thinking, permissions or execution here.

File should report correct results all the way back to root, and then all the way back to /private/var - once you’ve got a string of good results - repeat the sequence of file checks to test ../../var/whatever

# file ../../var/                                      
../../var/: directory
# file ../../var/com.twocanoes.tcscryptotoken.tcstoken/        
../../var/com.twocanoes.tcscryptotoken.tcstoken/: directory
# file ../../var/com.twocanoes.tcscryptotoken.tcstoken/token.sh 
../../var/com.twocanoes.tcscryptotoken.tcstoken/token.sh: POSIX shell script text executable, ASCII text

If you are on Catalina - realize you are crossing filesystem boundaries and firmlinks are in play as well as sym links. You can tell that with a df command and if it shows you have a Data APFS volume in addition to the system volume. Hopefully you don’t need to wait for terraform to fix deployment - it might be a simple error, but this is why we’re moving everything into /usr/local so that we get user and non-system installation off the read only disk of macOS sooner rather than later.

# diskutil list|grep Macintosh
   1:                APFS Volume Macintosh HD - Data     122.0 GB   disk1s1
   5:                APFS Volume Macintosh HD            11.2 GB    disk1s5
Related Question