Alan Curry wrote: > Jim Meyering writes: >> >> Gilles Espinasse wrote: >> ... >> >> [chroot-i486] root:/$ umask >> >> 0022 >> >> [chroot-i486] root:/$ rm -rf /usr/src/coreutils* >> >> [chroot-i486] root:/$ cd /usr/src >> >> [chroot-i486] root:/usr/src$ tar xf cache/coreutils-8.1.tar.gz >> >> [chroot-i486] root:/usr/src$ ls -ld /usr /usr/src /usr/src/coreutils-8.1 >> ... >> >> drwxrwxrwx 13 root root 4096 Nov 18 18:55 /usr/src/coreutils-8.1 >> >> >> >> don't know why >> > >> > Just the side effect of using tar as root >> > --no-same-permissions let umask be applied >> >> Thanks for explaining. >> That's another good reason to do less as root. > > So was the drwxrwxrwx in the tarball put there to teach a lesson to those > who trust a tarball to have sane permissions? Or is it a bug?
On one hand, you can also think of it as a LART for anyone who builds from source as root ;-) I think the motivation was to avoid imposing restrictions. With relaxed permissions, the umask of the unpacker completely determines the permissions. If the distribution-tarball-creator were to choose stricter permissions, say prohibiting group/other write access, that would make it harder for people who use 002 and want all directories to be group-writable. That said, I'd have no objection to applying "chmod 755" (rather than a+rwx) to the directories that go into the tarball. FYI, those permissions were set via the Automake-generated "make dist" rule, so every automake-using package has created distribution tarballs that way for at least 10 years.
