5

Tar has several options to affect how file and directory ownership will be stored in that tar file. For example --numeric-owner, or --owner-map. These options directly affect how the tar file will be extracted, or what will be done on extraction assuming we run extraction as root.

  • Without options, tar will find corresponding group/user in current system and set the ownership to that group/user even if the uid/gid are different then they were when creating the archive.
  • With --numeric-owner, the extraction will always set uid/gid to the same as it was when we created the archive
  • With --owner-map, we can provide our own mapping for users/uids, but only when we are creating the archive. Using this option does nothing when extracting the archive.

These options are great, but I need to be able to affect what tar does with ownerships when extracting, at the time I am extracting the archive, not when I am creating the archive. The --owner-map seemed like a perfect solution to me, until I found it does nothing when it is provided when extracting.

So my question is: Is it somehow possible to control with what ownerships will tar extract the files and directories, at the time when we are extracting the archive?

I could not find anything relevant. As a solution I attempted to create chroot environment with /etc/passwd and /etc/group that would ensure the correct mapping, and then extract the tar archive under the chroot, but it did not work. I assume it is because the chroot still takes users and groups from host system somehow, but it feels like this could lead to a solution.

I would appreciate any kind of help or ideas, even if they are hacky (I think replacing /etc/passwd and /etc/group in the system I am extracting in would work, but that is not acceptable for me).

Improve this question

2 Answers 2

Reset to default
3

When extracting files as root, tar by default will use the original ownership.

You can override that using the --no-same-owner option (alternatively -o), to create files owned by the user who launched tar.

If you wish to extract as another user, you will need to become this user, using su, and extract with the --no-same-owner option.

Improve this answer
4
  • Yes, clearly. That does not help my issue at all though. Let me reiterate on what I wish to achieve. If I have 2 files in a tar file, one saved as user1, and second as user2 with their uids at time of archiving 900 and 901. And I have currently in my system user1 and user2 with uids 1000 and 1001, I wish to be able to somehow tell tar to not extract those two files with uids 1000 and 1001. Instead I wish those files to be extracted with uids 1100 and 1101 or even 1200 and 1201, depending on current situation.
    – psznm
    Commented May 4, 2023 at 20:46
  • Tar is not the tool for this. As you need to be root for this, you could use chown coupled with find -user userid.
    – harrymc
    Commented May 5, 2023 at 8:35
  • Tar seems like a perfect tool for this task, especially since tar already does it, by either specifying owner/group-map when archiving, or by reading users and groups from current system. It seems logical that tar would support owner-map and group-map also when extracting. The fact that it is not supported is a huge letdown. I did consider find with chown, but there would be maybe 50 users and 50 groups. Thus running it 100x for system with several gigabytes and 100 000 of files seems like not a good idea. Unless find could be made to do it all in one run somehow.
    – psznm
    Commented May 5, 2023 at 18:38
  • I think you're not finding this option on extraction because it might be considered as a security risk.
    – harrymc
    Commented May 5, 2023 at 18:41
2

After few more experiments with tar I realized that tar --numeric-owner takes effect not only when archiving, but also when extracting (unlike --owner-map and --group-map). Luckily for me, when extracting, I only need to be able to choose between IDs of original system, and IDs of current system. So when I need IDs from original system, I use --numeric-owner and when I need IDs from current system, I don't.

If anybody stumbles across similar issue. It seems like find could be used to change all the uids and gids in one pass. Thus it would probably prove to be efficient solution. For example. (could replace -name criteria with -user or -group criteria)

$ find . -name "a" -exec echo chown userA {} + -o -name "b" -exec echo chown userB {} +
chown userA ./a ./test2/a ./test3/a
chown userB ./b
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .