+ or @ mark after running 'ls -al'

In Mac OS X, run 'ls -al' offers me something similar to this.

drwxrwxrwx+  4 smcho  staff     136 May  5 09:18 Public
drwxr-xr-x+  6 smcho  staff     204 Feb  1  2010 Sites
drwxrwxrwx   9 smcho  staff     306 Feb  2  2010 backup
[email protected] 36 smcho  staff    1224 Sep  4 22:51 bin
  • What's the + or @ at the end of the first column suggests?
  • Is this one-of-a-kind to Mac, or usual in UNIX?


After Michael Mrozek's solution, I ran 'ls -ale' to get the adhering to.

drwx------+ 66 smcho  staff    2244 Aug 30 13:40 Library
 0: group:com.apple.sharepoint.group.3 allow search
 1: group:everyone deny delete
drwxr-xr-x   3 smcho  staff     102 Sep  4 15:01 Mail
drwx------+ 13 smcho  staff     442 Aug 28 17:55 Movies
 0: group:everyone deny delete
drwx------+  6 smcho  staff     204 Jul  9 09:37 Music
 0: group:everyone deny delete
drwx------+ 11 smcho  staff     374 Aug 28 16:55 Pictures
 0: group:everyone deny delete
drwxr-xr-x   3 smcho  staff     102 Mar 18 15:43 Projects
drwxrwxrwx+  4 smcho  staff     136 May  5 09:18 Public
 0: group:everyone deny delete
drwxr-xr-x+  6 smcho  staff     204 Feb  1  2010 Sites
 0: group:everyone deny delete

What those added messages suggest? Why do I have them for several of the documents? I do not bear in mind doing anything certain for them.

2019-05-04 17:19:43
Source Share
Answers: 1

The @ suffix is one-of-a-kind to Mac OS and also is covered by this question, so I replicated this component of my solution from there ; it suggests the documents has extended attributes. You can make use of the xattr command-line energy to watch and also change them :

xattr --list filename
xattr --set propname propvalue filename
xattr --delete propname filename

The + suffix suggests the documents has an accessibility control checklist, and also prevails in any kind of *nix that sustains ACLs. Offering ls the -e flag will certainly make it show the linked ACLs after the documents, and also chmod can be made use of to change after that. A lot of this is from the chmod male web page :

You add an ACL with chmod +a "type:name flag permission,...", and also remove it with chmod -a. The argument to chmod is rather difficult :

  • type is either user or group, to make clear if name is describing a username or a team name. If name is distinct, you can leave out the type
  • name is the username or team the ACL relates to
  • flag is allow if this ACL access is providing an approval, or deny if it's refuting an approval
  • approval is the real approval being changed ; you can detail as several as you like, comma-separated
    • delete -- Allow the file/directory to be removed
    • readattr -- Read standard features
    • writeattr -- Write standard features
    • readextattr -- Read expanded features (making use of xattr, from over)
    • writeextattr -- Write extensive features
    • readsecurity -- Read ACL details
    • writesecurity -- Write ACL details
    • chown -- Change proprietor
    • Directory-specific approvals
      • checklist -- Show the files/folders in the directory site
      • search -- Find a file/folder in the directory site by name
      • add_file -- Create a new documents in the directory site
      • add_subdirectory -- Create a new directory site in the directory site
      • delete_child -- Remove a file/directory in the directory site
      • Inheritance-control.
        • file_inherit -- ACLs on the directory site are acquired by documents
        • directory_inherit -- ACLs on the directory site are acquired by subdirectories
        • limit_inherit -- Stops ACLs acquired by this directory site from being acquired by subdirectories
        • only_inherit -- Inherited by all freshly developed things yet overlooked
    • File-specific approvals.
      • read -- Open the apply for reviewing
      • write -- Open the apply for creating
      • append -- Open the apply for adding
      • execute -- Run the documents

In your certain instance, a lot of the ACL access are group:everyone deny delete. That is, all users in the everyone team (which is normally every person) are refuted the approval to delete the folder. I think, although I can not locate any kind of documents concerning it, that these are default ACLs to stop you from getting rid of crucial origin folders-- someone remedy this if that's not the instance. The only various other access is group:com.apple.sharepoint.group.3 allow search, which permits Directory Services to look for documents by name in the /Library folder

2019-05-08 02:15:55