I'm trying to add "/Volumes" as an exclusion but am getting the error "Could not write domain". I've tried adding "Terminal" and "defaults" to the full disk access permissions to no avail. I'm guessing at this point, programmatic modification of that file via script/defaults is going to require disabling SIP, which isn't an option.
Does anyone know of any other options to programmatically add exclusions to spotlight?
Rich Trouton covers the move of /Volumes to no longer being world writable as of Sierra (10.12)
As for your issue in writing to the VolumeConfiguration.plist, I don't see it listed in the rootless.conf but I don't believe that Spotlight indexes network drives by default (I'll have to check my notes on this).
With SIP enabled, the command "defaults read /.Spotlight-v100/VolumeConfiguration.plist" results in 'domain not found', however "cat /.Spotlight-v100/VolumeConfiguration.plist" shows the contents. With SIP disabled you can read and write to the plist using the defaults command, which confirms my suspicion that rootless.conf is not a live configuration file, but rather just a documentation list that may or may not be up to date with any given release.
Anyway, still looking for an alternative means of configuration.
@MrP I ran into this. I submitted feedback to Apple to allow
mdutil the option to manage exclusion paths for Spotlight index with the options of: add-path, remove-path, and reset exclusion and perhaps some support for reading from a plist. I'm not sure whether they'll oblige but you should submit similar feedback if interested. Also just so you know this is only a problem in 10.14. In 10.13, it seems to work fine.