a subtle(?) tar extraction permission problem

Robert P. J. Day rpjday at mindspring.com
Sun Jun 27 16:43:44 UTC 2004 

On Sat, 26 Jun 2004, Cameron Simpson wrote:

> On 17:34 25 Jun 2004, Robert P. J. Day <rpjday at mindspring.com> wrote:
> |   say i have a directory structure a/b/c/{f1,f2,f3,...}.  for access
> | reasons, i decide to change the permissions on the "c" directory,
> | perhaps changing the owner/group, and definitely changing the perms to
> | include "setgid".
> |   later, i get a tarball with contents a/b/c/{something}.  i found out
> | that if i extract that tarball while root, and the effect is to add or
> | delete files under the "c" directory, the permissions on "c" revert
> | back to default values.  how annoying.
>
> I think you'll find the tarball also has "a/b/c" in it too.

sure, but the attributes of *those* directories don't get changed when 
i do the extraction.

> |   apparently, as long as what i'm extracting is already in that
> | directory (so that the directory entries themselves don't change), i'm
> | safe.  but if the extraction changes the directory contents
> | themselves, i get the owner/group/perms resetting on "c", which i'd
> | *really* like to avoid.
> |
> |   i've perused the tar options, and i don't see anything that says,
> | "don't mess with existing options on existing directories."  is there
> | a standard approach to handle this?
>
> 1: Don't extract as root?

not an option.  a single package/tarball might want to put files/dirs 
in various places, owned by various accounts.

> 2: Note perms, extract, fix perms.

ouch.  that would work, but it would definitely be a bit messy.

> 3: Extract only the files - avoid the directories.

tempting, but i'm wondering what would happen if the tarball has a 
directory that doesn't exist yet.  it will have to be created, of 
course, at which point i'd have to take care of setting its original
attributes.

>   A tar file has entries for the dirs, which is of course where the perms are.
>   Don't as for them:
>
> 	tar xvf tarfile a/b/c/f1 a/b/c/f2 ...
>
>   You could do this algorithmicly by doing a table of contents,
>   sucking out the filenames, then doing the extract.

again, i can't just assume that all of the directories in the tarball 
already exist on the system.  dang.  i was really after the 
hypothetical tar option "do *not* screw with the attributes of 
existing objects."  i don't think i'm going to find it.

rday

More information about the fedora-list mailing list