Re: stable coreutils-8.1 today, fingers crossed

[Jim Meyering]

Alan Curry wrote:
> Jim Meyering writes:
>>
>> Gilles Espinasse wrote:
>> ...
>> >> [chroot-i486] root:/$ umask
>> >> 0022
>> >> [chroot-i486] root:/$ rm -rf /usr/src/coreutils*
>> >> [chroot-i486] root:/$ cd /usr/src
>> >> [chroot-i486] root:/usr/src$ tar xf cache/coreutils-8.1.tar.gz
>> >> [chroot-i486] root:/usr/src$ ls -ld /usr /usr/src /usr/src/coreutils-8.1
>> ...
>> >> drwxrwxrwx 13 root root 4096 Nov 18 18:55 /usr/src/coreutils-8.1
>> >>
>> >> don't know why
>> >
>> > Just the side effect of using tar as root
>> > --no-same-permissions let umask be applied
>>
>> Thanks for explaining.
>> That's another good reason to do less as root.
>
> So was the drwxrwxrwx in the tarball put there to teach a lesson to those
> who trust a tarball to have sane permissions? Or is it a bug?

On one hand, you can also think of it as a LART for
anyone who builds from source as root  ;-)

I think the motivation was to avoid imposing restrictions.  With relaxed
permissions, the umask of the unpacker completely determines the permissions.
If the distribution-tarball-creator were to choose stricter permissions,
say prohibiting group/other write access, that would make it harder for
people who use 002 and want all directories to be group-writable.

That said, I'd have no objection to applying "chmod 755"
(rather than a+rwx) to the directories that go into the tarball.

FYI, those permissions were set via the Automake-generated "make dist"
rule, so every automake-using package has created distribution tarballs
that way for at least 10 years.