Opening applications from 'unidentified developers' when you're not an admin
Problem: You have a non-administrator account on a Mac and wish to start a new application you just downloaded. However, the application was not 'cryotographically signed' with a certificate issued by Apple, and you need administrator-level privileges to start this from the Finder.
This web page will show you how you can fix this from the UNIX command line.
What you see from the Finder
When you start an application for the first time after downloading it, Apple tries to protect you from nefarious apps that may have downloaded without your permission. It tells you when you downloaded it and the name of the source web site. If it is not cryptographically signed, it won't even let you automatically start it, as shown by this dialog box:
What you don't want to do is to change your preferences; they are set to protect you. Instead, you can right-click (that is, control-click) on the application icon, and select the "Open" menu option.
The dialog box asks you again whether you wish to open it. Notice now that there are two buttons, with the Open button on the left, and the default being to Cancel (what happens if you hit Return).
If you are an admin on this Mac, you then will see your name and a box to enter your password. If you are not an admin, you get two blank boxes, and you're stuck unless you can find an admin to authenticate for you:
Ah, but wait: the UNIX command line to the rescue! If you own the application, you can fix this on your own.
Brief background explanation: The mechanism by which Apple prevents you from running something you downloaded without confirming it first is by use of the "extended attribute" called "quarantine". You can view and manipulate these extended attributes with the ls and xattr commands.
[By the way, you have to use Apple's /bin/ls, not the ls provided by the GNU Coreutils (part of the ASD MacPorts setup), because the latter does not know about the special needed flags.]
UNIX Command line solution
Start by showing the extended attributes of the application in question
(SAOImage DS9, in this example).
Note the unusual e and @ flags to ls:
% ls -lae@ SAOImageDS9.app/ total 0 drwxr-xr-x@ 3 dfriedla staff 102 Feb 27 12:53 . com.apple.quarantine 57 drwxr-xr-x 4 dfriedla staff 136 Jul 11 13:49 .. drwxr-xr-x@ 6 dfriedla staff 204 Feb 27 12:53 Contents com.apple.quarantine 57
Now lets delete that attribute, using -d to delete and -r to do so recursively:
% xattr -r -d com.apple.quarantine SAOImageDS9.app xattr: [Errno 13] Permission denied: 'SAOImageDS9.app//Contents/Frameworks/Tcl.framework/Tcl' xattr: [Errno 13] Permission denied: 'SAOImageDS9.app//Contents/Frameworks/Tk.framework/Tk'
There is an interesting error above we will deal with in a moment, although it does not affect anything here.
Repeating the ls command from above shows the extended attribute is gone:
% ls -lae@ SAOImageDS9.app/ total 0 drwxr-xr-x 3 dfriedla staff 102 Feb 27 12:53 . drwxr-xr-x 4 dfriedla staff 136 Jul 11 13:49 .. drwxr-xr-x 6 dfriedla staff 204 Feb 27 12:53 Contents
You should now be able to double-click to open the application from the Finder in the normal way and it should open with no dialog boxes.
You're done!
So what's the story with that error?
It turns out in this case that the two files complaining above were simply read-only, even by the file owner. Changing them to read-write and repeating the xattr command (which one could apply to the entire application again or just those two files) solved it.
% ls -l SAOImageDS9.app/Contents/Frameworks/Tcl.framework/Tcl -r-xr-xr-x@ 1 dfriedla staff 1380012 Feb 27 12:41 SAOImageDS9.app/Contents/Frameworks/Tcl.framework/Tcl % ls -l SAOImageDS9.app/Contents/Frameworks/Tk.framework/Tk -r-xr-xr-x@ 1 dfriedla staff 1228232 Feb 27 12:44 SAOImageDS9.app/Contents/Frameworks/Tk.framework/Tk % cd SAOImageDS9.app/Contents/Frameworks/ # just to make commands shorter and more readable % ls -lae@ Tcl.framework/Tcl Tk.framework/Tk -r-xr-xr-x@ 1 dfriedla staff 1380012 Feb 27 12:41 Tcl.framework/Tcl com.apple.quarantine 57 -r-xr-xr-x@ 1 dfriedla staff 1228232 Feb 27 12:44 Tk.framework/Tk com.apple.quarantine 57 % chmod u+w Tcl.framework/Tcl Tk.framework/Tk % xattr -d com.apple.quarantine Tcl.framework/Tcl Tk.framework/Tk % ls -lae@ Tcl.framework/Tcl Tk.framework/Tk -rwxr-xr-x 1 dfriedla staff 1380012 Feb 27 12:41 Tcl.framework/Tcl -rwxr-xr-x 1 dfriedla staff 1228232 Feb 27 12:44 Tk.framework/Tk
David Friedlander, 12 July 2018