I did some research and learned the the + and the @ are indicating extented attributes which can be managed using the xattr command. I played a little bit with it, and found out that my scripts had the following extended attribute for some reason
I deleted it using xattr -d com.apple.quarantine script.sh and the script worked again. This is one point.
What still drives me nuts, is the fact that this attribute was set without any interaction of me. Does anyone know if Apple has build in some new security stuff with 10.7.3? Or is this just accidential and some other action, which I am not aware of, has changed or added the extended attributes?
I realy would like to have that clarified. My scripts are part of an automated process and it took some days till I noted that this process does not work anymore, which resulted in data loss. I was happy that those days data was not very important. Now I am afraid that this may happen again any time :-(
same happened to me after updating to Lion. instead of com.apple.quarantine I had com.apple.TextEncoding and every time I tried to open the file in text editor it gave me the message that this file was downloaded from the internet.... bla bla bla
I used the solution you recommended and the problem is fixed.
I noticed the com.apple.TextEncoding as well. So it seems that at least we both stepped into the same trap
Just like you, I ignored the TextEncoding attribute and it did not harm the script execution. I am still pretty mad, that Lion introduce so much trouble. 10.7.3 broke my FTP server as well and really hope that I do not need to fix all kinds of stuff every time Lion gets updated
Thanks Thomas, saved me hours of effort. Using OS X 10.7.3 - had the same problem with a new script written with a plain text editor and mv'd from Documents to usr/bin. Wherever it was located, the script would run in a second shell using
but it would not run using just
which gave Operation not permitted, until I applied your solution.
So I guess the quarantine is to force users to run a second shell?
I have a feeling this is a bug in the changes they made for Gatekeeper in 10.7.3...
If I open a new TextEdit Window and write the following script...
then save it, go to Terminal and chmod 755 on it.... then go back in Finder and double click, i get the...
"XXXX" is a Unix application downloaded from the Internet, Are you sure you want to open it? TextEdit downloaded this file today at 7:30 AM."
message... which is stupid. I just wrote the script, it wasn't downloaded.
If I press to Open on that message, it also clears the quarantine and then the script starts running fine from command line without that error message.
Looks like a threat response to me:
If I create a shell script test.sh using Xcode (empty project, Shell Script file template) then the quarantine extended attribute is not set, and it will execute directly from the terminal as /path/test.sh after chmod +x /path/test.sh .
If I create the identical script test1.sh using TextEdit.app then it will run in its own shell after chmod +x (sh /path/test1.sh) but not otherwise (Operation not permitted), and xattr /path/test1.sh shows com.apple.quarantine.
So whether this attribute is set seems to depend on the editor used to create the script.