One of the changes made in macOS Sierra is summed up by my colleague @n8felton below:
/Volumes is the invisible directory used by OS X and macOS as the OS’s default mount point for accessing the filesystems of other storage (like external hard drives, USB flash drives, mounted disk images, network fileshares, etc.)
Up to OS X El Capitan, the /Volumes directory was world-writable and had the following permissions:
This meant that any process or user could create a directory inside /Volumes or store files there.
World-writable directories are generally seen as a security risk, which may explain why Apple chose to change the permissions on the /Volumes directory. As of macOS Sierra, the permissions on the directory are as follows:
This change means that the /Volumes directory is readable by anyone but can only be written to by processes using root privileges.
This permissions change should not affect the system’s ability to mount storage devices or fileshares from network servers, as the OS itself is the one handling the mounting and has all the necessary permissions.
