what does the "+" or "@" mark(special mark) means when running 'ls -al' on Mac OS X

unix macos

In Mac OS X, run 'ls -al' gives me something like this.

drwxrwxrwx+  4 smcho  staff     136 May  5 09:18 Public
drwxr-xr-x+  6 smcho  staff     204 Feb  1  2010 Sites
drwxrwxrwx   9 smcho  staff     306 Feb  2  2010 backup
drwxr-xr-x@ 36 smcho  staff    1224 Sep  4 22:51 bin

What's the + or @ at the end of the first column means?
Is this unique to Mac, or common in UNIX?
ADDED
After Michael Mrozek's answer, I ran 'ls -ale' to get the following.

drwx------+ 66 smcho  staff    2244 Aug 30 13:40 Library
 0: group:com.apple.sharepoint.group.3 allow search
 1: group:everyone deny delete
drwxr-xr-x   3 smcho  staff     102 Sep  4 15:01 Mail
drwx------+ 13 smcho  staff     442 Aug 28 17:55 Movies
 0: group:everyone deny delete
drwx------+  6 smcho  staff     204 Jul  9 09:37 Music
 0: group:everyone deny delete
drwx------+ 11 smcho  staff     374 Aug 28 16:55 Pictures
 0: group:everyone deny delete
drwxr-xr-x   3 smcho  staff     102 Mar 18 15:43 Projects
drwxrwxrwx+  4 smcho  staff     136 May  5 09:18 Public
 0: group:everyone deny delete
drwxr-xr-x+  6 smcho  staff     204 Feb  1  2010 Sites
 0: group:everyone deny delete

What those appended messages mean? Why do I have them for some of the files? I don't remember doing anything particular for them.

The @ suffix is unique to Mac OS and it means the file has extended attributes. You can use the xattr command-line utility to view and modify them:

xattr --list filename
xattr --set propname propvalue filename
xattr --delete propname filename

The + suffix means the file has an access control list, and is common in any *nix that supports ACLs. Giving ls the -e flag will make it show the associated ACLs after the file, and chmod can be used to modify then. Most of this is from the chmod man page:

You add an ACL with chmod +a "type:name flag permission,...", and remove it with chmod -a. The argument to chmod is fairly complicated:

• type is either user or group, to clarify if name is referring to a username or a group name. If name is unambiguous, you can omit the type
• name is the username or group the ACL applies to
• flag is allow if this ACL entry is granting a permission, or deny if it's denying a permission
• permission is the actual permission being modified; you can list as many as you like, comma-separated
  
  • delete -- Allow the file/directory to be deleted
  • readattr -- Read basic attributes
  • writeattr -- Write basic attributes
  • readextattr -- Read extended attributes (using xattr, from above)
  • writeextattr -- Write extended attributes
  • readsecurity -- Read ACL info
  • writesecurity -- Write ACL info
  • chown -- Change owner
  • Directory-specific permissions
    
    • list -- Show the files/folders in the directory
    • search -- Find a file/folder in the directory by name
    • add_file -- Create a new file in the directory
    • add_subdirectory -- Create a new directory in the directory
    • delete_child -- Remove a file/directory in the directory
    • Inheritance-control
      
      • file_inherit -- ACLs on the directory are inherited by files
      • directory_inherit -- ACLs on the directory are inherited by subdirectories
      • limit_inherit -- Stops ACLs inherited by this directory from being inherited by subdirectories
      • only_inherit -- Inherited by all newly created items but ignored
  • File-specific permissions
    
    • read -- Open the file for reading
    • write -- Open the file for writing
    • append -- Open the file for appending
    • execute -- Run the file

In your particular example, most of the ACL entries are group:everyone deny delete. That is, all users in the everyone group (which is naturally everyone) are denied the permission to delete the folder. I believe, although I can't find any documentation about it, that these are default ACLs to stop you from removing essential root folders -- somebody correct this if that's not the case. The only other entry is group:com.apple.sharepoint.group.3 allow search, which allows Directory Services to search for files by name in the /Library folder

整理自：
+ or @ mark after running 'ls -al' | Unix & Linux Stack Exchange