I have a mac lab with network accounts on an nfs server (ubuntu.) Starting in 10.8, when users download Numbers or Pages files from Moodle, or they receive email attachments, they cannot open the files. The error panel has the quarantine symbol (house with the safe dial and the yellow warning triangle) and the correct [some program] "downloaded this file " [on day] at [time] informational message. But the error message is truly obnoxious --
"[filename]" is damaged
and can't be opened. You should move it
to the Trash.
and the two button choices are "Cancel" and "Move to Trash".
Through some odd accidents, we have discovered the following details:
- The files can be opened just fine on a machine running 10.5 (We've got 10.5 eMacs and 10.8 iMacs)
- The files have permissions 644
- The Downloads/ directory is supposed to have permissions 700. When it is changed to 755, the files open without problems.
- A file opened once on a 10.5 machine, or on a 10.8 machine when the parent directory's permissions broken, can thereafter be opened without problems on the 10.8 machine with the parent directory having its correct 700 perms.
- When doing an ls -l the files and the Downloads directory show the user as the files' owner, and "students" as the group, and students is in fact the primary group of these accounts. However, running 'dseditgroup -o checkmember students' on the command line in 10.8 says that the users are NOT members of the group, while the same command when the same user is logged into the 10.5 client the answer is "yes". (The ubuntu file server is also the ldap server, and it puts the student users in group students.)
Each of these files clearly has a resource fork (which on the nfs volume shows up with the same filename except with a leading '._') It appears that opening the file successfully fixes the resource fork. (Which is why the hysterical file-damaged-delete-delete-DELETE message is so obnoxious!)
Does anybody have any clues as to how to beat the file quarantine utility into a more cooperatve state -- you know, a warning, but let you open the file? And maybe tone down the demand that the file be deleted -- that's a bit overwrought considering that toggling the bits on the parent directory can miraculously cure the damage?
Alternatively, what are the dangers of having the students have 755 permissions on their Downloads directories and Mail downloads directories?