Keep Tar original ownership

[Autosys]

Hi there!

I think I possibly know the answer to this question but wanted to ask it anyway.

Can I with a non-superuser extract a Tar file so that the result files will have the ownership as of before they were tarred, and not inherit the owner that is untarring the file?

I guess for security reasons the answer is no?

Cheers!

 

[Mike042]

You are correct, in my experience, the answer is no.

I hope that helps.

Mike

 

[SamBones]

Right, to create a file with another user as owner, you need to be root.

 

[Autosys]

Thanks for confirming Mike & Sam

 

[SamBones]

Just to give you the "why", it's a security issue. If you could make any file be owned by another user, you could create a suid script that runs as any user. This would aloow you to become any user.

Say I am logged on as [tt]joeuser[/tt], and if I could execute these commands...

cp /bin/ksh ./myksh
chmod 4755 ./myksh
chown root ./myksh
./myksh

...I would be [tt]root[/tt]. This makes a "suid root" shell. Anyone who runs it becomes [tt]root[/tt]. If I could do that for any other user, I could become any other user the same way.

As it is, the [tt]chown[/tt] in my example would fail, but the first two commands would work. This would create a copy of the Korn shell that if anyone runs it, they would become me, [tt]joeuser[/tt].

Hope this helps.