How to copy folder in UNIX with different owners and permissions to preserve it all in target location?

huangapple go评论110阅读模式
英文:

How to copy folder in UNIX with different owners and permissions to preserve it all in target location?

问题

我需要从a复制文件夹到b。
该文件夹由user1拥有,并且包含user1和user2拥有的文件夹和文件,位于不同位置。

我需要复制它并保留所有权和权限(所有权更重要)。

我没有root权限,但我可以使用这两个用户登录。

cp -a和copy -p都没有帮助,无论如何复制,它都会获得我登录的用户的所有权。

谢谢您的帮助。

英文:

I need to copy folder from a to b.
The folder owned by user1 and have folders and files owned by both user1 and user2 inside of it in different locations.

I need to copy it and preserve the ownership and permissions (ownership more important).

I don't have root permissions, I can login with both users.

cp -a and copy -p didn't help, when I copy in any way it will get the ownership of which user I'm log in with.

Thank you for helping.

答案1

得分: 0

a下有一个文件a/x/y,不属于你(user1),而是属于user2

你试图创建a的副本b,以使b/x/y属于user2。这意味着你试图代表其他人创建文件,这是一个安全问题。

如果你没有根权限,操作系统将阻止你这样做。如评论中所提到的,tar是最接近的方法 - 它是一个存档工具,会记住权限,因此当你有权限代表user2创建文件时,它会记住这些文件的权限。

如果你想知道为什么代表其他人创建文件是一个安全问题,这里有两个例子:

  1. 管理员设置了每个用户的磁盘配额。每个用户都有N GB的磁盘空间。user1通过循环重建文件a/x/y,并使用不同的文件名,例如b/x/y1b/x/y2,直到user2的配额用完。然后,user1,拥有目录bb/x,运行chmod go-rwx b/x,使得user2甚至无法访问目录b/x以删除这些文件。user2现在无法写入任何内容到磁盘。
  2. user1编写了一个类似于su的程序,将其UID更改为root,并运行/bin/bash。它以root用户的名义创建了一个副本,模式为r-s(读、写、设置UID),这意味着该程序将成功地将其UID更改为root。成功获取了root shell。
英文:

Let's say under a there's some file a/x/y that does not belong to you, user1, but rather belongs to user2.

You are trying to create a copy of a, b, such that b/x/y belongs to user2. Meaning, you are trying to create a file on someone else's behalf, and that is a security problem.

The OS will prevent you from doing that if you don't have root permissions. As mentioned in the comments, tar is the closest you can get - an archive that will remember the permissions such that when you do have permissions to create files on behalf of user2, it will remember what files they are.

If you're wondering why it's a security problem to create files on someone else's behalf, here's just 2 examples:

  1. Admin sets per-user quotas. Every user gets N GB of disk space. user1 recreates the file a/x/y, under different file names, b/x/y1, b/x/y2, ..., on behalf of user2, in a loop, until the quota for user2 is exhausted. user1, who owns the directories b and b/x then runs chmod go-rwx b/x such that user2 can't even access the directory b/x to delete these files. user2 now can't write anything to disk.
  2. user1 writes a program like su that changes its UID to root and runs /bin/bash. it creates a copy of it on behalf of (i.e. owned by) the root user, with mode r-s (read, write, setuid), which means that the program will succeed in changing its UID to root. Root shell achieved.

huangapple
  • 本文由 发表于 2023年5月21日 18:51:07
  • 转载请务必保留本文链接:https://go.coder-hub.com/76299494.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定