restore tar archives with different uid?

Douglas B. Jones douglas at dekalb.UUCP
Tue Sep 4 05:26:53 AEST 1990 

In article <2932 at anasaz.UUCP> chad at anasaz.UUCP (Chad R. Larson) writes:
>In article <1740 at yenta.alb.nm.us> dt at yenta.alb.nm.us (David B. Thomas) writes:
>+---------------
>| Is there a way to restore a tar archive, but force all the files
>| thus created to be owned by you?
>+---------------
>Well, you don't tell which version of tar you are playing with (DOS? SysV?
>BSD?), but it sure sounds like a RTFM question to me.
>SysVr3.2 TAR(1) partial extract, speaking of key arguments:
>    "o" - Causes the extracted files to assume the owner and group ID
>	  of the user running the program rather than those on the
>	  archive tape.
>-- 
>Chad R. Larson          ...{mcdphx,asuvax}!anasaz!chad or chad at anasaz.UUCP
>Anasazi, Inc. - 7500 North Dreamy Draw Drive, Suite 120, Phoenix, Az 85020
>(602) 870-3330            "I read the news today, oh boy!"  -- John Lennon


Under Ultrix 3.0 , "o" means:
---------
     o         Suppress the normal directory information.  On
               output, tar normally places information specifying
               owner and modes of directories in the archive.
               Former versions of tar, when encountering this
               information will give error message of the form,

                    <name>/: cannot create

               tar will place information specifying owner and
               modes of directories in the archive.
---------

A better question than:
>+---------------
>| Is there a way to restore a tar archive, but force all the files
>| thus created to be owned by you?
>+---------------
might be to say: "Is there an option to set files to uids/gids that are
specified by the user. Of course if the user is Fred, he should not
be able to set his tar files to Joe or Joe's tar files to Fred. But,
"root" should be able to set them as wished. Personally, I think it
would be nice if tar and restore would allow for the setting of user
and group ids. Restore sets them according to what was dumped, but
in restoreing files the root person might want to set them to another
id. Many a time I have created a student id from quarters past, but
with a differecnt uid/gid number. Restore asked me do I want to set
uid and gid and I said yes. Even if the login name was the same, it
set the uid and gid of each file and directory to what came from tape,
which in many cases was another user current uid and/or gid numbers.

Anyway, from Chad's response, it appears the "o" (and maybe other
options as well) have different meanings.

One other point: the tape drive devices should not be open to the
general user. Tar/restore should be able to access them for the
general user, but have the appropriate security to prevent Joe from
getting Freds files.

Here on this system (Ultrix 3.0), I set the devices to:
crw-rw----  1 root     system    36,  12 Apr 13  1989 /dev/nrmt0h
crw-rw----  1 root     system    36,   4 Dec 20  1988 /dev/nrmt0l
crw-rw----  1 root     system    16,  12 Dec 20  1988 /dev/nrmt1h
crw-rw----  1 root     system    36,   8 Aug 31 14:30 /dev/rmt0h
crw-rw----  1 root     system    36,   0 Dec 20  1988 /dev/rmt0l
crw-rw----  1 root     system    16,   8 Feb 22  1990 /dev/rmt1h

This is a quick fix that only allows root and people in system (trusted
people) to have access to the drives. Since we are a small shop, the
only way a user gets/store stuff from/on tape is to ask a super-user
(only 3 of us). So, I have not bothered to check tar/restore/dump out
for more security. Once the security measures wanted were defined, I
imagine the codeing would not be a major undertaking....

Above, I said "tape drive devices". This should also apply to other
devices that exist now days. Notice how the disk drives are set up.
(partial listing from /dev).
brw-------  1 root     system     9,   0 Oct 16  1989 /dev/ra0a
brw-------  1 root     system     9,   1 Dec 20  1988 /dev/ra0b
crw-------  1 root     system     9,   6 Aug 30 22:01 /dev/rra0g
brw-------  1 root     system     9,   8 Feb  7  1990 /dev/ra1a
brw-------  1 root     system     9,  14 Dec 20  1988 /dev/ra1g
brw-------  1 root     system     9,  15 Dec 20  1988 /dev/ra1h
crw-------  1 root     system     9,   0 Dec 20  1988 /dev/rra0a
crw-------  1 root     system     9,   1 Aug 30 22:09 /dev/rra0b
crw-------  1 root     system     9,   6 Aug 30 22:01 /dev/rra0g
crw-------  1 root     system     9,   8 Aug 30 22:08 /dev/rra1a
crw-------  1 root     system     9,  14 Aug 30 22:09 /dev/rra1g
crw-------  1 root     system     9,  15 Aug 30 22:08 /dev/rra1h

Improved security here would help move Ultrix (U*X) more into the
commercial world.... Maybe some U*X have already addressed this....

Douglas

-- 
Doulas B. Jones					douglas at dekalb
Academic Computer Center		or	gatech!dekalb!douglas
DeKalb College
555 N. Indian Creek Drive/Clarkston, Ga. 30021  (404) 299-4233

More information about the Comp.unix.wizards mailing list