The other day, a simple
ushaguduri@work:Wed Feb 20 15:40:17 -> ls -al -rw-r--r--@ 1 ushaguduri staff 899B Feb 20 15:26 test_file
got me digging deeper into the underlying File System. Notice the @ after the file permissions? That’s a way to associate metadata with a file. Its not used by the file system for any useful purpose - just to store additional information, say like the source of the file, author etc.
Bringing up the manual for the ls command describes the @ as an available option too:
-@ Display extended attribute keys and sizes in long (-l) output.
Further digging leads to the xattr command and using it on the test_file above showed interesting data:
ushaguduri@work:Wed Feb 20 15:40:41 scripts(db5-v1-me) -> xattr warmup_redis.rb com.apple.metadata:kMDItemWhereFroms com.apple.quarantine
The above two values in particular indicate:
com.apple.metadata:kMDItemWhereFroms: where the file was downloaded from along with a binary property list, if any
com.apple.quarantine: added by the OS the first time a file is downloaded(referring to the source of the download), so that it can ask for confirmation when the program is run (to stop malware by ensuring that the user is aware of a program wanting to execute). Once confirmed the attribute would be removed so that the program can run normally again without user confirmation.
xattr command takes several options to manipulate the metadata:
-l --> list the actual values -d --> delete the attribute -w --> set the attribute
ushaguduri@work:Wed Feb 20 15:41:57 scripts(db5-v1-me) -> xattr -l test_file com.apple.metadata:kMDItemWhereFroms: 00000000 62 70 6C 69 73 74 30 30 A2 01 02 5F 10 4F 68 74 |bplist00..._.Oht| 00000010 74 70 73 3A 2F 2F 74 69 63 6B 65 74 73 2E 73 6D |tps://<website url>| ....... 000000A0 00 00 00 00 01 01 00 00 00 00 00 00 00 03 00 00 |................| 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 9B |..............| 000000be com.apple.quarantine: 0001;51253196;Google Chrome DEV.app;193F85B5-63F1-4A50-A83E-5713ED49D904|com.google.Chrome ushaguduri@work:Wed Feb 20 15:41:59 scripts(db5-v1-me) -> xattr -w com.apple.metadata:kMDItemWhereFroms http://example.com test_file
Bonus: If you dont want the quarantine attribute set, you can override the defaults on Mac [if you know what you are doing ;)] as such:
defaults write com.apple.LaunchServices LSQuarantine -bool NO