Monterey: so what's the deal with /bin/sh scripts and xattr?

Maybe this has been an issue for longer already. Or perhaps in the transition to Monterey and my new 14" MBP I’ve managed to screw up my settings, but some of the shell scripts I run locally no longer want to just execute. Instead I’m getting stuff like “bash: bad interpreter: Operation not permitted”. Turns out I need to run something like

xattr -d /path/to/shell/script

first in order to get the shell script to execute.

In principle that’s not a big deal, except that every time I modify that shell script I need to remember to rerun that xattr command. And that’s annoying.

It’s not related to bash vs. sh vs. zsh or anything like that. They also have full disk access so that isn’t the issue either. Is there any cheap workaround here?

If you create a new file and copy into it the contents of a problematic script, does the new file have the same issue?

1 Like

This doesn’t happen to me on Monterey running as an admin user and editing script files with BBEdit.

Your editor is adding the quarantine xattr when you edit a file.

  • Are you running as a standard user?
  • What program are you editing the shell scripts with?
1 Like

I use a standard account and have tested to change a sh script with vi in terminal. The script is in a folder inside my user folder. No problem on this M1 MacBook Pro.

1 Like

Thank you, folks. Now I get where it’s coming from.

It only happens in shell scripts I had edited with open -e which calls TextEdit. If I edit them in emacs or pico instead, no trouble. Obviously it’s TextEdit that is adding a quarantine attribute to .sh files. Would be nice if I could turn that off. For very simple edits I like to use it because it’s so quick to load and gets the job done (and of course because even after 40 years of programing, I still haven’t learned to love vi). :wink: I’ll have to remember to resort to nano/pico more often for simple edits.


Hey Simon,

While I use TextEdit for editing RTF scraps I would never use it for programming – been bit by it in the past a few times…

Scope out Eddie – very mature, lightweight, and powerful for its size.

EL34 - The home of Eddie - About

BBEdit runs 24/7 on my systems, but I’ve kept Eddie around for many years for testing.


FWIW, I always use Emacs for my default text editor. I installed GNU Emacs for Mac OS X, which supports full GUI operation.

There’s a .app file you can use to launch it like a normal Mac app. If you would like CLI sessions to run it (instead of the terminal-only version Apple provides), it’s not hard to create a symbolic link to put its internal executable on your path:

$ sudo ln -s /Applications/ /usr/local/bin/emacs

Setting the quarantine bit ( which is what xattr is removing in that command ) is a Gatekeeper function. Apple has been gradually ( since Sierra IIRC ) increasing its security. For standard bundle apps, current standards effectively require code signing and notarization ( for non-Mac App Store apps ) . I don’t know how that is handled for scripts. You can, of course, just turn Gatekeeper off ( sudo spctl --master-disable ) and later turn it back on ( using Sys Prefs/Security Privacy ) when you’re finished running scripts. Alternatively, you could add exceptions to GateKeeper’s approval list with the spctl --add pathToDotAppOrScript. HTH a little

1 Like