I have a folder with the following permissions:
drwxrws--x+ 13 myuser www-data 4096 Mar 20 09:57 project-folder
In this folder I have an archive archive.zip
with the following permissions:
-rw-rw----+ 1 myuser www-data 10260 Mar 20 09:56 archive.zip
When I unzipped archive by calling unzip archive.zip
I got the following file listing:
drwxrwx--x+ 3 myuser www-data 4096 May 5 2017 folder-from-archive
As we can see, the owner group is www-data
as same for parent folder project-folder
, but the folder-from-archive
does not have the setgid bit (the s
in the permissions string) and the content of this folder is not owned by group www-data
:
-rw-rw----+ 1 myuser myuser 1083 May 5 2017 LICENSE
-rw-rw----+ 1 myuser myuser 2197 May 5 2017 README.md
-rw-rw----+ 1 myuser myuser 720 May 5 2017 autoload.php
-rw-rw----+ 1 myuser myuser 786 May 5 2017 composer.json
drwxrwx--x+ 3 myuser myuser 4096 May 5 2017 source
But when I tried unzipping this archive as root user the permissions and group owner (as well as the files in the folder) were correct:
drwxr-s--x+ 3 root www-data 4096 May 5 2017 folder-from-archive
Files in folder folder-from-archive
:
-rw-r-----+ 1 root www-data 1083 May 5 2017 LICENSE
-rw-r-----+ 1 root www-data 2197 May 5 2017 README.md
-rw-r-----+ 1 root www-data 720 May 5 2017 autoload.php
-rw-r-----+ 1 root www-data 786 May 5 2017 composer.json
drwxr-s--x+ 3 root www-data 4096 May 5 2017 source
As we can see after unzipping by root user the folder inherited the setgid bit and set correct group www-data
for itself and all containing files.
How to get the same behavior for the user myuser
?
That behavior was default but later it began to be considered as security issue (CVE-2005-0602).
unzip --help
shows argument that should help:-K keep setuid/setgid/tacky permissions
. Therefore command should beunzip -K archive.zip
.