Re: [Bug-tar] [PATCH] add a numeric offset option for uid and gid manipulations
On 03/12/2013 11:03 PM, Paul Eggert wrote: > On 03/12/13 11:43, Glauber Costa wrote: >> If you are extracting an archive that contains a distribution image with >> a particular user, there is no guarantee that such user exists in the >> host system. Much less that it has an equal user id. > > Sure, but that's the way that 'tar' has always worked. > What I'm not understanding is what is new here. > > If the tar archive says that the file F is > owned by a user with name 'root' and user ID 0, > and if you run 'tar x' in an environment where the > user named 'root' has ID 1, then tar normally > will extract into a file owned by 'root' with > user ID 1. Isn't that's what you want here? > Except that we might be extracting the actual environment, which is usually what we're doing at tar extract time of the distribution image. There is not yet anything to do that mapping. The only option becomes to create a separate user namespace just to extract the file, which means always having a helper script for situations like that. At this point, I personally think it is a lot easier to just augment the tooling with such capability.
Re: [Bug-tar] [PATCH] add a numeric offset option for uid and gid manipulations
On 03/12/13 13:12, Glauber Costa wrote: > The only option becomes to create a separate user namespace just to > extract the file, which means always having a helper script for > situations like that. At this point, I personally think it is a lot > easier to just augment the tooling with such capability. If you write a helper script, it should work with any application without having to change the helper script or the application. The application could be any program that maps user names to user IDs: GNU Tar, some other tar implementation, cpio, stat, etc. If you modify GNU Tar, that works only for GNU Tar.
Re: [Bug-tar] [PATCH] add a numeric offset option for uid and gid manipulations
On 03/12/2013 08:12 PM, Paul Eggert wrote: > On 03/12/13 02:03, Glauber Costa wrote: >> With that, it is extremely useful when unpacking tar archives, to be >> able to add that offset to the end result. Specifying a user won't help, >> since the tar archive can have many > > Sorry, I'm not following this part. Why can't you extract the > tar image in a context where the mapping is already in place? > If user "foo" is host user ID 4000, for example, and you're running > in an environment where uid 0 maps to 1, then presumably > user "foo" is namespace user 14000, which is what you want, no? > You can - if it is a single user that owns all the files in the archive. However, user namespaces provides a 1:1 mapping of a whole range. In the particular context I am interested, we distribute full distribution images. Most files are owned by root, and we would have a 0 -> x mapping. But a lot of others are owned by all the other users in the system (sshd, ntp, apache, etc). So you would have to map 0 -> x, 1 -> x + 1, 2 -> x + 2, etc, for all the available range. The option I am proposing sums an offset, therefore it will map correctly the whole range.
Re: [Bug-tar] [PATCH] add a numeric offset option for uid and gid manipulations
On 03/12/13 11:43, Glauber Costa wrote: > If you are extracting an archive that contains a distribution image with > a particular user, there is no guarantee that such user exists in the > host system. Much less that it has an equal user id. Sure, but that's the way that 'tar' has always worked. What I'm not understanding is what is new here. If the tar archive says that the file F is owned by a user with name 'root' and user ID 0, and if you run 'tar x' in an environment where the user named 'root' has ID 1, then tar normally will extract into a file owned by 'root' with user ID 1. Isn't that's what you want here?
Re: [Bug-tar] [PATCH] add a numeric offset option for uid and gid manipulations
On 03/12/2013 10:17 PM, Joerg Schilling wrote: > Paul Eggert wrote: > >> On 03/12/13 02:03, Glauber Costa wrote: >>> With that, it is extremely useful when unpacking tar archives, to be >>> able to add that offset to the end result. Specifying a user won't help, >>> since the tar archive can have many >> >> Sorry, I'm not following this part. Why can't you extract the >> tar image in a context where the mapping is already in place? >> If user "foo" is host user ID 4000, for example, and you're running >> in an environment where uid 0 maps to 1, then presumably >> user "foo" is namespace user 14000, which is what you want, no? > > Also, TAR should map by name rather then by uid in the first attempt. > I am not sure what exactly you mean here. In my proposed implementation, I documented this option to imply numeric offset. This is precisely because only numeric UIDs matter. If you are extracting an archive that contains a distribution image with a particular user, there is no guarantee that such user exists in the host system. Much less that it has an equal user id.
Re: [Bug-tar] [PATCH] add a numeric offset option for uid and gid manipulations
Paul Eggert wrote: > On 03/12/13 02:03, Glauber Costa wrote: > > With that, it is extremely useful when unpacking tar archives, to be > > able to add that offset to the end result. Specifying a user won't help, > > since the tar archive can have many > > Sorry, I'm not following this part. Why can't you extract the > tar image in a context where the mapping is already in place? > If user "foo" is host user ID 4000, for example, and you're running > in an environment where uid 0 maps to 1, then presumably > user "foo" is namespace user 14000, which is what you want, no? Also, TAR should map by name rather then by uid in the first attempt. Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [Bug-tar] [PATCH] add a numeric offset option for uid and gid manipulations
On 03/12/13 02:03, Glauber Costa wrote: > With that, it is extremely useful when unpacking tar archives, to be > able to add that offset to the end result. Specifying a user won't help, > since the tar archive can have many Sorry, I'm not following this part. Why can't you extract the tar image in a context where the mapping is already in place? If user "foo" is host user ID 4000, for example, and you're running in an environment where uid 0 maps to 1, then presumably user "foo" is namespace user 14000, which is what you want, no?