问题描述
在创建和提取压缩包时,-p 标志实际上保留了什么?\n它保留的是 rwx 权限吗?
当我创建一个由 root 拥有的 htdocs/ tarball 时,将其解压缩到我的本地计算机将所有权从 root 更改为我的用户。
最佳思路
所有权和权限是两个不同的东西。 -p 标志保留权限。在 *nix 系统上,普通用户不能将文件所有权更改为非他们自己的用户。
如 here 所述:
\\n
Only processes with an effective user ID equal to the user ID of the file or with appropriate privileges may change the ownership of a file. If _POSIX_CHOWN_RESTRICTED is in effect for path:
\\n
\\n
Changing the user ID is restricted to processes with appropriate privileges.
\\n
Changing the group ID is permitted to a process with an effective user ID equal to the user ID of the file, but without appropriate privileges, if and only if owner is equal to the file’s user ID or ( uid_t)-1 and group is equal either to the calling process’ effective group ID or to one of its supplementary group IDs.
\\n
\\n
@Gilles 在 this Unix & 中很好地解释了这背后的基本原理。 Linux 回答:
\\n
The reason for this restriction is that giving away a file to another\\n user can allow bad things to happen in uncommon, but still important\\n situations. For example:
\\n
\\n
- If a system has disk quotas enabled, Alice could create a world-writable file under a directory accessible only by her (so no\\n one else could access that world-writable directory), and then run\\n chown to make that file owned by another user Bill. The file would\\n then count under Bill’s disk quota even though only Alice can use the\\n file.
\\n
- If Alice gives away a file to Bill, there is no trace that Bill didn’t create that file. This can be a problem if the file contains\\n illegal or otherwise compromising data.
\\n
- Some programs require that their input file belongs to a particular user in order to authenticate a request (for example, the\\n file contains some instructions that the program will perform on\\n behalf of that user). This is usually not a secure design, because\\n even if Bill created a file containing syntactically correct\\n instructions, he might not have intended to execute them at this\\n particular time. Nonetheless, allowing Alice to create a file with\\n arbitrary content and have it taken as input from Bill can only make\\n things worse.
\\n
\\n
因此,即使您使用 tar 的 --same-owner 标志,您仍然需要将文件提取为 root 以保留所有权。该标志默认为 root 打开,所以你想要的是:
sudo tar xpf foo.tgz
次佳思路
还有 2 个有趣的 tar 选项:
--same-owner
try extracting files with the same ownership as exists in the ar‐
chive (default for superuser)
--no-same-owner
extract files as yourself (**default for ordinary users**)
第二个是默认值,因此您可以添加 --same-owner 来保存您的用户。您可能必须使用 sudo 来执行此操作。
除此之外:这仅适用于支持 POSIX 的系统。 Ubuntu 以外的操作系统可能没有这两个选项(它们不是标准的)。
第三种思路
要保留所有者以 root 身份运行或在提取时使用 –same-owner 标志和 -p 标志。