[Bug 1945202] [NEW] Tar changes folder ownership when run under root

Zsolt Ero 1945202 at bugs.launchpad.net
Mon Sep 27 13:01:17 UTC 2021 

Public bug reported:

I got locked out of my server via SSH, simply by extracting a tar file.
No matter how crazy it sounds, it is reproducible.

1. login as root
2. wget https://github.com/aristocratos/btop/releases/download/v1.0.9/btop-1.0.9-linux-x86_64.tbz`
3. tar -xjvf btop-1.0.9-linux-x86_64.tbz`

At this point the /root folder has ownership of user:user (1000:1000)
and the root is locked out from SSH login. I had to fix the server via
KVM.

auth.log contained the following:
"Authentication refused: bad ownership or modes for directory /root"

This seems to be a bug in tar, as the above behaviour doesn't happen when logged in under any non-root user.
With non-root users the directory does not change ownership. 
With root user, no matter where I extract the tar file, the directory changes ownership.

---

lsb_release -rd
Description:	Ubuntu 18.04.6 LTS
Release:	18.04

apt-cache policy tar
tar:
  Installed: 1.29b-2ubuntu0.2
  Candidate: 1.29b-2ubuntu0.2

** Affects: tar (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1945202

Title:
  Tar changes folder ownership when run under root

Status in tar package in Ubuntu:
  New

Bug description:
  I got locked out of my server via SSH, simply by extracting a tar
  file. No matter how crazy it sounds, it is reproducible.

  1. login as root
  2. wget https://github.com/aristocratos/btop/releases/download/v1.0.9/btop-1.0.9-linux-x86_64.tbz`
  3. tar -xjvf btop-1.0.9-linux-x86_64.tbz`

  At this point the /root folder has ownership of user:user (1000:1000)
  and the root is locked out from SSH login. I had to fix the server via
  KVM.

  auth.log contained the following:
  "Authentication refused: bad ownership or modes for directory /root"

  This seems to be a bug in tar, as the above behaviour doesn't happen when logged in under any non-root user.
  With non-root users the directory does not change ownership. 
  With root user, no matter where I extract the tar file, the directory changes ownership.

  ---

  lsb_release -rd
  Description:	Ubuntu 18.04.6 LTS
  Release:	18.04

  apt-cache policy tar
  tar:
    Installed: 1.29b-2ubuntu0.2
    Candidate: 1.29b-2ubuntu0.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1945202/+subscriptions

More information about the foundations-bugs mailing list