英文:
How to copy folder in UNIX with different owners and permissions to preserve it all in target location?
问题
我需要从a复制文件夹到b。
该文件夹由user1拥有,并且包含user1和user2拥有的文件夹和文件,位于不同位置。
我需要复制它并保留所有权和权限(所有权更重要)。
我没有root权限,但我可以使用这两个用户登录。
cp -a和copy -p都没有帮助,无论如何复制,它都会获得我登录的用户的所有权。
谢谢您的帮助。
英文:
I need to copy folder from a to b.
The folder owned by user1 and have folders and files owned by both user1 and user2 inside of it in different locations.
I need to copy it and preserve the ownership and permissions (ownership more important).
I don't have root permissions, I can login with both users.
cp -a and copy -p didn't help, when I copy in any way it will get the ownership of which user I'm log in with.
Thank you for helping.
答案1
得分: 0
在a
下有一个文件a/x/y
,不属于你(user1
),而是属于user2
。
你试图创建a
的副本b
,以使b/x/y
属于user2
。这意味着你试图代表其他人创建文件,这是一个安全问题。
如果你没有根权限,操作系统将阻止你这样做。如评论中所提到的,tar是最接近的方法 - 它是一个存档工具,会记住权限,因此当你有权限代表user2
创建文件时,它会记住这些文件的权限。
如果你想知道为什么代表其他人创建文件是一个安全问题,这里有两个例子:
- 管理员设置了每个用户的磁盘配额。每个用户都有N GB的磁盘空间。
user1
通过循环重建文件a/x/y
,并使用不同的文件名,例如b/x/y1
,b/x/y2
,直到user2
的配额用完。然后,user1
,拥有目录b
和b/x
,运行chmod go-rwx b/x
,使得user2
甚至无法访问目录b/x
以删除这些文件。user2
现在无法写入任何内容到磁盘。 user1
编写了一个类似于su
的程序,将其UID更改为root,并运行/bin/bash
。它以root用户的名义创建了一个副本,模式为r-s
(读、写、设置UID),这意味着该程序将成功地将其UID更改为root。成功获取了root shell。
英文:
Let's say under a
there's some file a/x/y
that does not belong to you, user1
, but rather belongs to user2
.
You are trying to create a copy of a
, b
, such that b/x/y
belongs to user2
. Meaning, you are trying to create a file on someone else's behalf, and that is a security problem.
The OS will prevent you from doing that if you don't have root permissions. As mentioned in the comments, tar is the closest you can get - an archive that will remember the permissions such that when you do have permissions to create files on behalf of user2
, it will remember what files they are.
If you're wondering why it's a security problem to create files on someone else's behalf, here's just 2 examples:
- Admin sets per-user quotas. Every user gets N GB of disk space.
user1
recreates the filea/x/y
, under different file names,b/x/y1
,b/x/y2
, ..., on behalf ofuser2
, in a loop, until the quota foruser2
is exhausted.user1
, who owns the directoriesb
andb/x
then runschmod go-rwx b/x
such thatuser2
can't even access the directoryb/x
to delete these files.user2
now can't write anything to disk. user1
writes a program likesu
that changes its UID to root and runs/bin/bash
. it creates a copy of it on behalf of (i.e. owned by) the root user, with moder-s
(read, write, setuid), which means that the program will succeed in changing its UID to root. Root shell achieved.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论