LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 01-31-2017, 05:39 AM   #1
elija
Member
 
Registered: Jul 2008
Location: The garden of England. Technically, the compost heap.
Distribution: openSUSE Tumbleweed
Posts: 60

Rep: Reputation: 21
tar and permissions


I have a .tar.gz which has been created using the -p flag which preserves the files permissions on extract. Sometimes this is fine but under normal circumstances I want to extract the archive so that the files have my default permissions of 755 for directories and 644 for files.

I've been poking about with the -p, --same-permissions and --preserve-permissions flags when extracting but my evil-script still gets extracted with archived permissions of 755.

I'm missing something simple right?

It must be possible to do what I want?
 
Old 01-31-2017, 06:00 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,185

Rep: Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377
Did you look at:
Code:
       --no-same-permissions
              apply the user's umask when extracting permissions from the archive (default for ordinary
              users)
Alternatively you could try (untested!) after the extract.

Code:
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
 
Old 01-31-2017, 06:17 AM   #3
elija
Member
 
Registered: Jul 2008
Location: The garden of England. Technically, the compost heap.
Distribution: openSUSE Tumbleweed
Posts: 60

Original Poster
Rep: Reputation: 21
Yeah I thought that would be obvious, but following an interesting reddit topic, I started to have a look around while actually paying attention.
  • Create a script called evil-script and set the permissions to 0755
  • Use the tar command with the -p flag to archive the file
  • Send the file to my unsuspecting victim (my other computer)

No matter what I do, I can't extract evil-script with permissions other than 0755. My umask is 0022 so tar appears to mask file permissions from 0777 rather than 0666
 
Old 01-31-2017, 06:26 AM   #4
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,505

Rep: Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548
Have you tried:
Code:
     --no-same-owner
     --no-same-permissions
-p is used only during extraction, it does not have any effect during creation of the tar file (as far as I know it).

Last edited by pan64; 01-31-2017 at 06:33 AM.
 
Old 01-31-2017, 06:35 AM   #5
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,185

Rep: Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377
umask is a MASK, setting it to 0022 will only mask the WRITE permissions. If you wish to remove write and execute from world & group you'll need umask 0033.

In the following the file test/test.sh was "755" when added to the tarball:
Code:
# umask 0022;tar -zxv --no-same-permissions -f test.tgz;ls -l test/test.sh
-rwxr-xr-x 1 root root 24 Jan 31 12:21 test/test.sh

# umask 0033;tar -zxv --no-same-permissions -f test.tgz;ls -l test/test.sh
-rwxr--r-- 1 root root 24 Jan 31 12:21 test/test.sh

# umask 0133;tar -zxv --no-same-permissions -f test.tgz;ls -l test/test.sh
-rw-r--r-- 1 root root 24 Jan 31 12:21 test/test.sh
 
Old 01-31-2017, 06:35 AM   #6
elija
Member
 
Registered: Jul 2008
Location: The garden of England. Technically, the compost heap.
Distribution: openSUSE Tumbleweed
Posts: 60

Original Poster
Rep: Reputation: 21
Yes. I've just tried both.

Interestingly, if I set my umask to 0033 it does extract with the execute bit off for groups and other, setting it to 0333 turns it off for me which seems to confirm that tar masks off 0777. Changing the umask to 0333 messes up folders though as execute is needed to list the contents.

Ultimately, my goal is to disallow the execute bit on files by default, to protect myself from inattention and accidentally running a dodgy script. The find commands in your original reply could be modified to work in my use case, but I was hoping tar had the capability.
 
Old 01-31-2017, 06:37 AM   #7
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,185

Rep: Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377Reputation: 1377
lol, looks like we were typing our replies at the same time
 
Old 01-31-2017, 06:40 AM   #8
elija
Member
 
Registered: Jul 2008
Location: The garden of England. Technically, the compost heap.
Distribution: openSUSE Tumbleweed
Posts: 60

Original Poster
Rep: Reputation: 21
files are masked from 666 therefore creating a file with a umask 022 gives the permissions -rw-r--r--

Code:
$ umask
0022
$ touch file
$ ls
total 0
-rw-r--r-- 1 richard users 0 31.01.2017 12:36 file
Directories are masked from 777 as the execute bit is needed to list the contents. tar seems to mask files from 777.
 
Old 01-31-2017, 06:44 AM   #9
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,505

Rep: Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548
tar does not mask anything, it is the default umask and filesystem write behaviour. You can try it with touch, cp and other commands too.
see man umask or here: https://en.wikipedia.org/wiki/Umask about details.
Remember, you cannot have different umask settings for files and directories.
 
Old 01-31-2017, 06:52 AM   #10
elija
Member
 
Registered: Jul 2008
Location: The garden of England. Technically, the compost heap.
Distribution: openSUSE Tumbleweed
Posts: 60

Original Poster
Rep: Reputation: 21
Quote:
Originally Posted by pan64 View Post
tar does not mask anything, it is the default umask and filesystem write behaviour. You can try it with touch, cp and other commands too.
see man umask or here: https://en.wikipedia.org/wiki/Umask about details.
Remember, you cannot have different umask settings for files and directories.
It is not the default behaviour.

Creating a file using touch will mask from 0666 giving correct permissions of 0644 with a umask of 0022. Using tar, with a umask of 0022, files are given the permissions of 0755. Creating a directory using mkdir will mask from 0777 giving correct permissions of 0755 with a umask of 0022. In this case, tar gives the expected the permissions of 0755.

The difference in behaviour implies that there is some masking or permission mangling going on within tar. Try it, it's a bit freaky.
 
Old 01-31-2017, 07:19 AM   #11
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,505

Rep: Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548
it is the default behaviour. and it is not related to tar itself. The only thing what tar tries to do is to apply the original attributes, which is ruled by the flags mentioned before and the umask value actually set.
based on the man page of umask:
Code:
The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories.
Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2).
Tar tries to set mode (according to the command line flags). The default mode (if not specified) is 0666 for files and 0777 for directories. That's all.
 
Old 01-31-2017, 07:28 AM   #12
elija
Member
 
Registered: Jul 2008
Location: The garden of England. Technically, the compost heap.
Distribution: openSUSE Tumbleweed
Posts: 60

Original Poster
Rep: Reputation: 21
Quote:
Originally Posted by pan64 View Post
Tar tries to set mode (according to the command line flags). The default mode (if not specified) is 0666 for files and 0777 for directories. That's all.
So then, why does touch create files with 0644 and tar with 0755 using the same umask? This is observable and replicable behaviour.

Last edited by elija; 01-31-2017 at 07:30 AM.
 
Old 01-31-2017, 07:37 AM   #13
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,505

Rep: Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548Reputation: 5548
because all the files and dirs have permissions set inside the tar archive which will be passed to open as mode (depends on command line flags). touch can only use the default 666 mode.
 
Old 01-31-2017, 07:55 AM   #14
elija
Member
 
Registered: Jul 2008
Location: The garden of England. Technically, the compost heap.
Distribution: openSUSE Tumbleweed
Posts: 60

Original Poster
Rep: Reputation: 21
Quote:
Originally Posted by pan64 View Post
because all the files and dirs have permissions set inside the tar archive which will be passed to open as mode (depends on command line flags). touch can only use the default 666 mode.
I think we're on the same page:

Regardless of how it's actually handled under the hood, my experimentation has shown that is behaving as though there is a base permission of 777. This analogy may be a red herring and causing confusion.

In the tar is a file with permissions 0755. The archive has been created using the -p flag.
Extracting this file creates a file on the file system with permissions 0755. This is tars default behaviour.

In my case, this is fine when the archive is trusted, but in > 90% they won't be considered trustworthy, so I am trying to find a way to over-ride the extraction to make the file have my default file system permissions of 0644.

I thought that the default behaviour (--no-same-permissions ) did that but no. So I figured that one of the flags, -p, , --same-permissions and --preserve-permissions would achieve that but no matter what I use, the file is extracted with file system permissions of 0755.

I'm not sure if I am being clear here?

Last edited by elija; 01-31-2017 at 07:58 AM. Reason: Organisation
 
Old 01-31-2017, 09:08 AM   #15
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,547

Rep: Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082Reputation: 2082
tar always works from the permissions that were recorded for the file in the archive. There is no other "base permission". The "-p" option simply controls whether the current umask is used when setting the permissions for the extracted file. Using "-p" tells tar to disregard the umask and attempt to set the permissions exactly as recorded. Without "-p", the current umask can subtract permissions from the recorded set.

Most programs that create files ask for 0666 permissions and let the current umask determine which of those remain. For directories and files generated by compilers and intended to be executable, programs typically ask for 0777 permissions and let umask subtract from that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tar: --no-same-permissions does not work stateless Linux - Software 1 12-31-2013 06:51 PM
tar not preserving permissions? BassKozz Linux - Newbie 6 06-03-2009 12:36 PM
BackUp & Restore with TAR (.tar / .tar.gz / .tar.bz2 / tar.Z) asgarcymed Linux - General 5 12-31-2006 02:53 AM
Tar permissions exvor Linux - Software 5 05-31-2005 02:54 PM
tar with permissions alaios Linux - General 2 09-23-2004 04:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration