Understanding the @ Symbol in MacOS File Permissions: Extended Attributes Explained for Developers


2 views

When you see the @ symbol in MacOS file permissions (like -rwxrwxr-x@), it indicates the file has extended attributes. This is a special filesystem feature in MacOS (HFS+/APFS) that stores additional metadata beyond standard Unix permissions.

To inspect these attributes, use the xattr command:


xattr -l filename.so
# Example output:
com.apple.quarantine: 0083;5a7b9c8d;Safari;01234567-89AB-CDEF-0123-456789ABCDEF
  • com.apple.quarantine: Marks files downloaded from the internet
  • com.apple.metadata: Stores Finder metadata
  • com.apple.ResourceFork: Legacy Mac resource fork data

The ln -s command preserves extended attributes when creating symlinks. To demonstrate:


# Create a test file with attributes
touch testfile
xattr -w com.example.test "test value" testfile

# Create symlink
ln -s testfile testlink

# Verify attributes
xattr -l testlink  # Shows same attributes as original

To strip all extended attributes (useful when debugging permission issues):


xattr -c filename.so

Or for recursive removal in a directory:


xattr -rc /path/to/directory

When writing scripts that handle file operations:


#!/bin/bash
# Check for extended attributes before processing
if xattr -l "$1" &>/dev/null; then
    echo "Warning: File has extended attributes"
    # Optionally preserve important attributes
    xattr -p com.apple.metadata "$1" > metadata_backup
fi

Note that extended attributes behave differently across filesystems:

  • HFS+: Fully supports extended attributes
  • APFS: Enhanced support with better performance
  • Network/SMB shares: Attributes may not persist

When you run ls -l on macOS and see an @ symbol in the permission string (like -rwxrwxr-x@), this indicates the file has extended attributes. These are metadata features specific to macOS's HFS+ and APFS filesystems.

Extended attributes (xattrs) can store additional information such as:

  • Finder metadata (tags, colors)
  • Quarantine flags for downloaded files
  • ACLs (Access Control Lists)
  • Code signing information

Use xattr command to view them:

xattr -l apc.so
# Output might show:
# com.apple.quarantine: 0083;5a9c3b2e;Safari;D3A5F5D0-1C3F-4E8C-9E6A-3F7B6E8C4A1A

Symbolic links (created via ln -s) often inherit xattrs:

ln -s original.txt link.txt
ls -l link.txt
# Shows @ symbol if original had xattrs

To remove all xattrs (careful!):

xattr -c filename

For selective removal:

xattr -d com.apple.quarantine filename

When working with:

  • Code signing: com.apple.cs.CodeDirectory xattrs matter
  • App bundles: com.apple.FinderInfo affects display
  • Security: Quarantine xattrs trigger Gatekeeper checks
import xattr

# List xattrs
attrs = xattr.listxattr('file.txt')
print(attrs)

# Read specific attribute
value = xattr.getxattr('file.txt', 'user.comment')
print(value)

Ignoring xattrs can cause issues when:

  • Distributing binaries (code signing breaks)
  • Backup/restore operations (metadata loss)
  • Cross-platform file sharing (Windows/Linux don't preserve xattrs)