MacOS Mojave has extended the effects of SIP into the home directories of users. By default, access is denied to many directories in a user’s home directory. A few examples of these directories follow.
~/Library/Messages
~/Library/Mail
~/Library/Safari
[… etc.]
In order to access these directories from a terminal, the terminal application must be defined in System Preferences > Security & Privacy > Privacy > Full Disk Access. The configuration works, except for the following directory on my system. The same behavior may exist for other data in containers – not sure.
~/Library/Containers/com.apple.mail/Data/DataVaults
The intriguing behavior is easy to reproduce. The directory isn't even visible.
cd ~/Library/Containers/com.apple.mail/Data
ls
ls: DataVaults: Operation not permitted
I use rsync
to mirror my home directory to an external hard drive; but, I can no longer do so because rsync
complains, "IO error encountered — skipping file deletion," which breaks the mirroring effect. I do not find any documentation on this issue. Apple support have no idea. Why is this directory special, and how can we gain access to it without disabling SIP?
Results of Further Investigation with SIP Disabled
According to System Information, the Mojave upgrade was performed on 24 September 2018. The directory was also created on the same day. My user owns the directory, and the staff group is the group owner. Its permissions are 0700. It has extended attributes as indicated by the @ symbol. No ACLs. No flags.
xattr -l ~/Library/Containers/com.apple.mail/Data/DataVaults
com.apple.quarantine: 0082;00000000;Mail;
com.apple.rootless: Mail
ls -lO DataVaults
(no result; exit 0)
After disabling SIP, deleting the directory, and reenabling SIP, the directory reappears with the same permissions as soon as Mail is opened. Mail (Version 12.0 (3445.100.39)) has no plugins.
Results from a Fresh Installation on Oct 16 2018
The directory does not exist after formatting and reinstalling. I still have no clue how it was ever there to start.
Results from an upgrade on March 29, 2019
The directory has reappeared coinciding with the upgrade to Mojave 10.14.4 (18E226) and/or Mail Version 12.4 (3445.104.8).
Best Answer
The DataVaults directory has to do with entitlements. Access is prevented unless the owner of the entitlement grants the access. The entitlements for Mail.app can be listed as follows and provides an XML plist.
At this time, the only remaining method to acquire access to the directory is to turn off SIP. In regard to my
rsync
issue, I opted to keep SIP turned on and utilized thersysnc
option,exclude
, to ignore the DataVaults directory, which, by the way, is devoid of content.From a comment the blog at Eclectic Light Company, offering more clues:
I did not find a flag on
~/Library/Containers/com.apple.mail/Data/DataVaults
, and a clean installation of Mojave caused the directory not to appear again since.A summary overview of access controls was also published.