unarchive: Option to not preserve ownership
Closed this issue · 6 comments
Issue Type: Feature idea
tar's default behaviour is to preserve ownership from the archive when run as root, but this not always desirable. It would be great if the --no-same-owner flag was usable within the unarchive module (it's a bit awkward to implement because you probably need to change the default when running as root and non-root).
Not supporting this is arguably a security issue, if the archive is being unpacked on a different machine; it could mean that users were granted write access they shouldn't have.
@jmdh So you would like to see a no_same_owner=False/True option which would then pass that flag, and default to False if not set?
I think what I was thinking back in May was that it should default to passing that flag (and maybe the ansible option should then be named in the inverse sense - ie preserve_owner=true) because that seems like a safer default. However that's probably too intrusive, in which case your suggestion is good·
I'm not sure why I thought the invocation needed to depend on whether running as root. --no-same-owner seems to be a no-op when running as non-root (ie tar doesn't complain about an option which can't have any effect).
Thanks!
@pileofrogs What do you think about the above?
I think I should implement an extra_options option. Lots of folks are asking for more options to be supported and I think I should do an extra options option. See #2037 for some discussion. If there's a lot of interest in no-same-owner specifically and there is similar behavior across unarchive tools (zip & tar), we should add that as a specific option.