[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-tar] Permissions in tar archives

From: Matt McCutchen
Subject: [Bug-tar] Permissions in tar archives
Date: Sat, 16 Jul 2005 15:40:36 -0400

In my experience, the most annoying thing about tar archives has been
that they remember file security information: users, groups, and
permissions.  This makes perfect sense for archives that represent a
snapshot of part of a filesystem, such as RPMs.  However, the vast
majority of tar archives that people use are meant only to contain data,
and the file security information in them is meaningless.

I use POSIX default ACLs to set different default permissions for new
files in different places on my filesystem, and this works great for
most files that get created.  But I find that every tarball I get from
the Internet has different permissions, and I have to reset the
permissions after I extract it, even with "--no-same-permissions".
"--no-same-owner" works when I remember to use it;
"--no-same-permissions" is dysfunctional as currently implemented.

For this reason, I'd like to suggest a change to the meaning of "not
preserving permissions".  If tar extracts in this mode (whether by
default or explicitly), it should ignore the permissions in the archive
except for the purpose of determining whether a file is executable.  If
an archive entry is a directory or someone has execute permission (the
same rules as chmod's X), the entry is considered executable.  When it
opens the file, tar should supply a mode of 777 if the file is
executable or 666 otherwise; the umask or the default ACL then takes

I wrote a little shell script called "dtar" ("data tar") that deals with
archives "without" file security information:
        tar --mode=ugo=rwX,a-st --owner=0 --group=0 --no-same-owner \
                --no-same-permissions "$@"
When I create archives with "dtar", the entries in them come out as
"root:root" with "rw-rw-rw-" or "rwxrwxrwx" permissions.  When anyone
extracts an archive made with "dtar", the files will come out with the
security information she would expect for new files in the same place.
However, it's not true that any tar archive can be extracted with "dtar"
and produce these results; that would require the change in the meaning
of "--no-same-permissions" described above.

Let me also request that an option be added to tar to make it act like
the dtar above.  Maybe -D/--dtar.  If the -tvD options are used, it
would be nice for the listing format to look like this:
        --      107 2005-07-16 15:17:51 pi
        dx        0 2005-07-16 15:34:41 more-numbers/
        -x        0 2005-07-16 15:35:10 pi-generator
instead of this:
        -rw------- matt/users      107 2005-07-16 15:17:51 pi
        drwx------ matt/users        0 2005-07-16 15:34:41 more-numbers/
        -rwx------ matt/users        0 2005-07-16 15:35:10 pi-generator
or this, for a dtar-made archive:
        -rw-rw-rw- root/root       107 2005-07-16 15:17:51 pi
        drwxrwxrwx root/root         0 2005-07-16 15:34:41 more-numbers/
        -rwxrwxrwx root/root         0 2005-07-16 15:35:10 pi-generator

Thanks for reading.  Please consider my suggestions as a possible way to
eliminate lots of permission headaches when using tar.


Richard Matthew McCutchen, ``hashproduct''
E-mail: address@hidden
Web site: http://mysite.verizon.net/hashproduct/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]