Quote:
Dave_L wrote:
Files in a .tar.gz always have permissions. When extracting the contents of a .tar.gz, I think it works like this:
If the current user is root, the permissions are preserved. If the current user is not root, the permissions are overridden by the umask setting. tar has options for modifying this behavior.
Of course, this only applies to Linux.
Im am going to go back and check this tonight to confirm what you said. I cannot remember if I checked both ways on upload and when uncompressing the archive. Meaning as root and as account holder.
If this rings true then the only thing needed would be to update docs. For us newbies... Should be something to the effect never use root to upload or uncompress the archive.
Which looking back now might be something every server admin knows anyway. But doesn't cover us back yarders we learn by mistakes...
Thanks for the post and the idea...
Can this topic be moved to the server security forum? I think it might be better in that section. Which I did not see when starting this topic.
This Post was from: https://www.impresscms.org/iforum/viewtopic.php?topic_id=1045&post_id=9389