Is it possible to keep setgid bit when unzipping files as non-root user?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
2
down vote

favorite
1












I have a folder with the following permissions:



drwxrws--x+ 13 myuser www-data 4096 Mar 20 09:57 project-folder


In this folder I have an archive archive.zip with the following permissions:



-rw-rw----+ 1 myuser www-data 10260 Mar 20 09:56 archive.zip


When I unzipped archive by calling unzip archive.zip I got the following file listing:



drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 folder-from-archive


As we can see, the owner group is www-data as same for parent folder project-folder, but the folder-from-archive does not have the setgid bit (the s in the permissions string) and the content of this folder is not owned by group www-data:



-rw-rw----+ 1 myuser myuser 1083 May 5 2017 LICENSE
-rw-rw----+ 1 myuser myuser 2197 May 5 2017 README.md
-rw-rw----+ 1 myuser myuser 720 May 5 2017 autoload.php
-rw-rw----+ 1 myuser myuser 786 May 5 2017 composer.json
drwxrwx--x+ 3 myuser myuser 4096 May 5 2017 source


But when I tried unzipping this archive as root user the permissions and group owner (as well as the files in the folder) were correct:



drwxr-s--x+ 3 root www-data 4096 May 5 2017 folder-from-archive


Files in folder folder-from-archive:



-rw-r-----+ 1 root www-data 1083 May 5 2017 LICENSE
-rw-r-----+ 1 root www-data 2197 May 5 2017 README.md
-rw-r-----+ 1 root www-data 720 May 5 2017 autoload.php
-rw-r-----+ 1 root www-data 786 May 5 2017 composer.json
drwxr-s--x+ 3 root www-data 4096 May 5 2017 source


As we can see after unzipping by root user the folder inherited the setgid bit and set correct group www-data for itself and all containing files.



How to get the same behavior for the user myuser?






permissions root zip unzip acl







share|improve this question























  • Take a look at this question about preserving permissions.
    – daumie
    Mar 20 at 17:53














up vote
2
down vote

favorite
1












I have a folder with the following permissions:



drwxrws--x+ 13 myuser www-data 4096 Mar 20 09:57 project-folder


In this folder I have an archive archive.zip with the following permissions:



-rw-rw----+ 1 myuser www-data 10260 Mar 20 09:56 archive.zip


When I unzipped archive by calling unzip archive.zip I got the following file listing:



drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 folder-from-archive


As we can see, the owner group is www-data as same for parent folder project-folder, but the folder-from-archive does not have the setgid bit (the s in the permissions string) and the content of this folder is not owned by group www-data:



-rw-rw----+ 1 myuser myuser 1083 May 5 2017 LICENSE
-rw-rw----+ 1 myuser myuser 2197 May 5 2017 README.md
-rw-rw----+ 1 myuser myuser 720 May 5 2017 autoload.php
-rw-rw----+ 1 myuser myuser 786 May 5 2017 composer.json
drwxrwx--x+ 3 myuser myuser 4096 May 5 2017 source


But when I tried unzipping this archive as root user the permissions and group owner (as well as the files in the folder) were correct:



drwxr-s--x+ 3 root www-data 4096 May 5 2017 folder-from-archive


Files in folder folder-from-archive:



-rw-r-----+ 1 root www-data 1083 May 5 2017 LICENSE
-rw-r-----+ 1 root www-data 2197 May 5 2017 README.md
-rw-r-----+ 1 root www-data 720 May 5 2017 autoload.php
-rw-r-----+ 1 root www-data 786 May 5 2017 composer.json
drwxr-s--x+ 3 root www-data 4096 May 5 2017 source


As we can see after unzipping by root user the folder inherited the setgid bit and set correct group www-data for itself and all containing files.



How to get the same behavior for the user myuser?






permissions root zip unzip acl







share|improve this question























  • Take a look at this question about preserving permissions.
    – daumie
    Mar 20 at 17:53












up vote
2
down vote

favorite
1









up vote
2
down vote

favorite
1






1





I have a folder with the following permissions:



drwxrws--x+ 13 myuser www-data 4096 Mar 20 09:57 project-folder


In this folder I have an archive archive.zip with the following permissions:



-rw-rw----+ 1 myuser www-data 10260 Mar 20 09:56 archive.zip


When I unzipped archive by calling unzip archive.zip I got the following file listing:



drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 folder-from-archive


As we can see, the owner group is www-data as same for parent folder project-folder, but the folder-from-archive does not have the setgid bit (the s in the permissions string) and the content of this folder is not owned by group www-data:



-rw-rw----+ 1 myuser myuser 1083 May 5 2017 LICENSE
-rw-rw----+ 1 myuser myuser 2197 May 5 2017 README.md
-rw-rw----+ 1 myuser myuser 720 May 5 2017 autoload.php
-rw-rw----+ 1 myuser myuser 786 May 5 2017 composer.json
drwxrwx--x+ 3 myuser myuser 4096 May 5 2017 source


But when I tried unzipping this archive as root user the permissions and group owner (as well as the files in the folder) were correct:



drwxr-s--x+ 3 root www-data 4096 May 5 2017 folder-from-archive


Files in folder folder-from-archive:



-rw-r-----+ 1 root www-data 1083 May 5 2017 LICENSE
-rw-r-----+ 1 root www-data 2197 May 5 2017 README.md
-rw-r-----+ 1 root www-data 720 May 5 2017 autoload.php
-rw-r-----+ 1 root www-data 786 May 5 2017 composer.json
drwxr-s--x+ 3 root www-data 4096 May 5 2017 source


As we can see after unzipping by root user the folder inherited the setgid bit and set correct group www-data for itself and all containing files.



How to get the same behavior for the user myuser?






permissions root zip unzip acl







share|improve this question















I have a folder with the following permissions:



drwxrws--x+ 13 myuser www-data 4096 Mar 20 09:57 project-folder


In this folder I have an archive archive.zip with the following permissions:



-rw-rw----+ 1 myuser www-data 10260 Mar 20 09:56 archive.zip


When I unzipped archive by calling unzip archive.zip I got the following file listing:



drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 folder-from-archive


As we can see, the owner group is www-data as same for parent folder project-folder, but the folder-from-archive does not have the setgid bit (the s in the permissions string) and the content of this folder is not owned by group www-data:



-rw-rw----+ 1 myuser myuser 1083 May 5 2017 LICENSE
-rw-rw----+ 1 myuser myuser 2197 May 5 2017 README.md
-rw-rw----+ 1 myuser myuser 720 May 5 2017 autoload.php
-rw-rw----+ 1 myuser myuser 786 May 5 2017 composer.json
drwxrwx--x+ 3 myuser myuser 4096 May 5 2017 source


But when I tried unzipping this archive as root user the permissions and group owner (as well as the files in the folder) were correct:



drwxr-s--x+ 3 root www-data 4096 May 5 2017 folder-from-archive


Files in folder folder-from-archive:



-rw-r-----+ 1 root www-data 1083 May 5 2017 LICENSE
-rw-r-----+ 1 root www-data 2197 May 5 2017 README.md
-rw-r-----+ 1 root www-data 720 May 5 2017 autoload.php
-rw-r-----+ 1 root www-data 786 May 5 2017 composer.json
drwxr-s--x+ 3 root www-data 4096 May 5 2017 source


As we can see after unzipping by root user the folder inherited the setgid bit and set correct group www-data for itself and all containing files.



How to get the same behavior for the user myuser?






permissions root zip unzip acl




permissions root zip unzip acl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 20 at 10:55









Zanna

48.1k13119228




48.1k13119228










asked Mar 20 at 10:40









koninka

111




111











  • Take a look at this question about preserving permissions.
    – daumie
    Mar 20 at 17:53
















  • Take a look at this question about preserving permissions.
    – daumie
    Mar 20 at 17:53















Take a look at this question about preserving permissions.
– daumie
Mar 20 at 17:53




Take a look at this question about preserving permissions.
– daumie
Mar 20 at 17:53










1 Answer
1






active

oldest

votes

















up vote
0
down vote













That behavior was default but later it began to be considered as security issue (CVE-2005-0602).



unzip --help shows argument that should help: -K keep setuid/setgid/tacky permissions.
Therefore command should be unzip -K archive.zip.






share|improve this answer




















  • I know about this option, but it does not work. I've already tried this by myuser unzip -K archive.zip, this is output ls -l command `drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 project-folder. So, there is no setgid permissions. But why it's working for root without this option?
    – koninka
    Mar 20 at 12:42











  • I think -K is default for root user. Anyway it works for me: paste.ubuntu.com/p/WZMMJcxMgq
    – mati865
    Mar 21 at 13:57











  • Your example is incorrect. You should have different user owner and group owner, also u have to have setgid bit on the root folder (chmod g+s folder) and inherit it after unzip (the goal is inherit owner group of root folder, owner group is different for the owner user, and unzipped dir also should have setgid bit.
    – koninka
    Mar 22 at 1:47










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1017581%2fis-it-possible-to-keep-setgid-bit-when-unzipping-files-as-non-root-user%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote













That behavior was default but later it began to be considered as security issue (CVE-2005-0602).



unzip --help shows argument that should help: -K keep setuid/setgid/tacky permissions.
Therefore command should be unzip -K archive.zip.






share|improve this answer




















  • I know about this option, but it does not work. I've already tried this by myuser unzip -K archive.zip, this is output ls -l command `drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 project-folder. So, there is no setgid permissions. But why it's working for root without this option?
    – koninka
    Mar 20 at 12:42











  • I think -K is default for root user. Anyway it works for me: paste.ubuntu.com/p/WZMMJcxMgq
    – mati865
    Mar 21 at 13:57











  • Your example is incorrect. You should have different user owner and group owner, also u have to have setgid bit on the root folder (chmod g+s folder) and inherit it after unzip (the goal is inherit owner group of root folder, owner group is different for the owner user, and unzipped dir also should have setgid bit.
    – koninka
    Mar 22 at 1:47














up vote
0
down vote













That behavior was default but later it began to be considered as security issue (CVE-2005-0602).



unzip --help shows argument that should help: -K keep setuid/setgid/tacky permissions.
Therefore command should be unzip -K archive.zip.






share|improve this answer




















  • I know about this option, but it does not work. I've already tried this by myuser unzip -K archive.zip, this is output ls -l command `drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 project-folder. So, there is no setgid permissions. But why it's working for root without this option?
    – koninka
    Mar 20 at 12:42











  • I think -K is default for root user. Anyway it works for me: paste.ubuntu.com/p/WZMMJcxMgq
    – mati865
    Mar 21 at 13:57











  • Your example is incorrect. You should have different user owner and group owner, also u have to have setgid bit on the root folder (chmod g+s folder) and inherit it after unzip (the goal is inherit owner group of root folder, owner group is different for the owner user, and unzipped dir also should have setgid bit.
    – koninka
    Mar 22 at 1:47












up vote
0
down vote










up vote
0
down vote









That behavior was default but later it began to be considered as security issue (CVE-2005-0602).



unzip --help shows argument that should help: -K keep setuid/setgid/tacky permissions.
Therefore command should be unzip -K archive.zip.






share|improve this answer












That behavior was default but later it began to be considered as security issue (CVE-2005-0602).



unzip --help shows argument that should help: -K keep setuid/setgid/tacky permissions.
Therefore command should be unzip -K archive.zip.







share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 20 at 11:49









mati865

11




11











  • I know about this option, but it does not work. I've already tried this by myuser unzip -K archive.zip, this is output ls -l command `drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 project-folder. So, there is no setgid permissions. But why it's working for root without this option?
    – koninka
    Mar 20 at 12:42











  • I think -K is default for root user. Anyway it works for me: paste.ubuntu.com/p/WZMMJcxMgq
    – mati865
    Mar 21 at 13:57











  • Your example is incorrect. You should have different user owner and group owner, also u have to have setgid bit on the root folder (chmod g+s folder) and inherit it after unzip (the goal is inherit owner group of root folder, owner group is different for the owner user, and unzipped dir also should have setgid bit.
    – koninka
    Mar 22 at 1:47
















  • I know about this option, but it does not work. I've already tried this by myuser unzip -K archive.zip, this is output ls -l command `drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 project-folder. So, there is no setgid permissions. But why it's working for root without this option?
    – koninka
    Mar 20 at 12:42











  • I think -K is default for root user. Anyway it works for me: paste.ubuntu.com/p/WZMMJcxMgq
    – mati865
    Mar 21 at 13:57











  • Your example is incorrect. You should have different user owner and group owner, also u have to have setgid bit on the root folder (chmod g+s folder) and inherit it after unzip (the goal is inherit owner group of root folder, owner group is different for the owner user, and unzipped dir also should have setgid bit.
    – koninka
    Mar 22 at 1:47















I know about this option, but it does not work. I've already tried this by myuser unzip -K archive.zip, this is output ls -l command `drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 project-folder. So, there is no setgid permissions. But why it's working for root without this option?
– koninka
Mar 20 at 12:42





I know about this option, but it does not work. I've already tried this by myuser unzip -K archive.zip, this is output ls -l command `drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 project-folder. So, there is no setgid permissions. But why it's working for root without this option?
– koninka
Mar 20 at 12:42













I think -K is default for root user. Anyway it works for me: paste.ubuntu.com/p/WZMMJcxMgq
– mati865
Mar 21 at 13:57





I think -K is default for root user. Anyway it works for me: paste.ubuntu.com/p/WZMMJcxMgq
– mati865
Mar 21 at 13:57













Your example is incorrect. You should have different user owner and group owner, also u have to have setgid bit on the root folder (chmod g+s folder) and inherit it after unzip (the goal is inherit owner group of root folder, owner group is different for the owner user, and unzipped dir also should have setgid bit.
– koninka
Mar 22 at 1:47




Your example is incorrect. You should have different user owner and group owner, also u have to have setgid bit on the root folder (chmod g+s folder) and inherit it after unzip (the goal is inherit owner group of root folder, owner group is different for the owner user, and unzipped dir also should have setgid bit.
– koninka
Mar 22 at 1:47

















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1017581%2fis-it-possible-to-keep-setgid-bit-when-unzipping-files-as-non-root-user%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

pylint3 and pip3 broken

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have tried sudo apt remove --purge on various packages. I get the same when I reinstall. I have also tried reinstall using aptitude. This does not work. My current workaround is to run pylint3 as root, which works, but is bad practice. pip3 $ pip3 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/_vendor/__init__.py", line 33, in vendored __import__(vendored_name, globals(), locals(), level=0) ImportError: No module named 'pip._vendor.pkg_resources' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/pip3", line 9, in <module> from pip import main File "/usr/lib/python3/dist-packages/pip/__init__.py", line 13, in <module> from pip.exceptions import InstallationError, CommandError, PipError File "/usr/lib/python3/dist-packages/pip/exceptions.py", line 6, ...
Read more

Missing snmpget and snmpwalk

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried to install it with: apt-get install net-snmp-utils but I have error message: Unable to locate package. I have also check what from SNMP is preinstalled and there is: libsnmp-base libsnmp30:amd64 snmp-mibs-downloader snmpd snmptrapd snmptrapfmt How can I install snmpget and snmpwalk ? snmp zabbix share | improve this question edited Jan 29 at 10:10 Yaron 8,552 7 18 38 asked Jan 29 at 9:51 Alfista 1 apt install snmp perhaps ? If named differently - apt cache snmp – fugitive Jan 29 at 10:00 add a comment  |  up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried...
Read more

How to enroll fingerprints to Ubuntu 17.10 with VFS491

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I decided to switch from Windows to Ubuntu 17.10, I meet it like 8 years ago and I didn't decided to switch until now (haha). Well, my actual device is an HP Probook 4540s with a Validity fingerprint sensor (VFS491). The fingerprint sensor worked fine on Windows but I can't get it to work in Ubuntu. The device is recognized as 138a:003d but is not detected as a fingerprint scanner by some apps like Fingerprint GUI. I want to use the fingerprint scanner to log in into my user account in Ubuntu but it doesn't supports fingerprints without special software and the drivers of the fingerprint scanner are available for Windows but not for any Linux distribution. I found something on GitHub (https://github.com/eekpie/libfprint) about the integration of the VFS491 in libfprint and I think it can help but I don't know what to do with it, so that's why I need the help of the community to do it since I am...
Read more