[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#144571: dpkg-source invokes tar without --no-same-owner


for those interested, this is the relevant part from the tar manual:
Node: Attributes

     When writing an archive, `tar' writes the user id and user name
     separately.  If it can't find a user name (because the user id is
     not in /etc/passwd'), then it does not write one.  When restoring,
     and doing a `chmod' like when you use --same-permissions'
     (--preserve-permissions', -p'), it tries to look the name (if
     one was written) up in /etc/passwd'.  If it fails, then it uses
     the user id stored in the archive instead.

So those funny numbers are not random at all, they are from the tar file. 
Under these circumstances, tar's behaviour arguably makes sense, and the
only lesson to learn from is that you should never unpack a tarfile as root
without --no-same-owner if you are not sure that the user and group ids in
the tar file are what you want.  I wonder how many scripts out there
invoking tar to extract archives are careful enough about that?  It's a
pretty obscure point considering that tar reverts the default of
--no-same-owner to --same-owner for the superuser.


`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus@gnu.org

To UNSUBSCRIBE, email to debian-dpkg-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: