root+tar's '--same-owner --preserve' options

Kevin Day thekevinday at gmail.com
Tue Mar 11 13:03:54 PDT 2008


On Tue, Mar 11, 2008 at 5:58 AM, Robert Connolly
<robert at linuxfromscratch.org> wrote:
>
> On Tuesday March 11 2008 05:48:52 am marty wrote:
>  > > The first mistake would be that the scripts are run as root.
>  > > If they must be run as root, then you probably should be checking
>  > > their functionality anyway.
>  > > In which case, you can add the -p as your checking.
>  > > Otherwise letting some scripts run as root without even questioning
>  > > it...well I think people joined this mailing list to get away from
>  > > such bad practices and not turn a blind eye to them.
>  >
>  > Actually, the first mistake would be typing with your brain turned off.
>  > 'WHO' other than root can restore a backup or do anything else to a root
>  > filesystem? I would not need to question the cron scripts I use to do
>  > backups, nor the functionality of Amanda or other backup programs used in
>  > good practice. Tar is old and a has dozens of dependent programs that will
>  > not work with this "new and improved" version. That patch is well meaning,
>  > but misconceived IMO.
>  >
>  > Marty B.
>
>  According to my quick checking, Busybox and bsd Tar do not preserve
>  permissions or ownership by default for root. Solaris and GNU Tar do.
>  Packages shouldn't depend on either behavior, and should use options
>  explicitly.
>
>  robert
>
> --

If adding the commands to the individual tar command is not an option,
then write a wrapper:

#!/bin/sh
tar(){
 $(which tar) --numeric-owner --preserve --xattrs --selinux $@
}

Once this tar command is exported or processed by the script, every
call to tar will be overridden by this function call.
tar itself cannot be used because bash will think this should be
recursive and become an infinite loop.

In this example, I had to use 'which' over 'type -p' because 'type -p'
is a bash command which will interpret the above hack as the function
and fail to lookup the actual path for tar.

All of those options should guarantee a safe backup and you will have
to put forth the least effort, aside from not applying the said patch.

-- 
Kevin Day



More information about the hlfs-dev mailing list