Whilst correcting the permissions of my ssh key files on my Mac, I noticed a permissions flag that I hadn’t seen before, an
$ ls -la
> -r--------@ 1 bmaher staff 1.7K 4 May 2017 id_rsa
Turns out that this signifies that OS X has applied
extended attributes to the file.
I wanted to see what information OS X was adding to the file so I ran:
$ xattr -l id_rsa
> com.apple.quarantine: 0001;56d4c0a9;Google\x20Chrome.app;85AF15BC-7CAE-4D1C-A208-60E2BB234258
This tells me that OS X has quarantined the file (against trojans etc.), noting that it was downloaded through Chrome.
Looks like this is the attribute that determines whether or not that ‘this file was downloaded from the internet…’ message appears when you try to open it.
Since I knew the source of this file, and I won’t be opening it through Finder, I removed the file from quarantine by removing the attribute: