0

Cannot extract tar archive as www-data user, I get a Cannot open: Permission denied error :

$ mkdir $HOME/tmp
$ sudo chown www-data $HOME/tmp
$ ll -d $HOME/tmp
drwxrwxr-x 2 www-data administrateur 4096 2022-11-10 09:43:14 /home/administrateur/tmp/
$ ll $HOME/glpi-10.0.3.tar
-rwxrwxrwx 1 administrateur administrateur 216893440 2022-09-14 14:28:21 glpi-10.0.3.tar*
$ sudo -u www-data tar -C $HOME/tmp/ -xf $HOME/glpi-10.0.3.tar
tar: /home/administrateur/glpi-10.0.3.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now
$

EDIT0: Thanks to @Sotto-Voce, the answer is confirmed by this command :

$ sudo -u www-data test -r $HOME/glpi-10.0.3.tar
$ echo $?
1
$ sudo -u www-data test -r /tmp/glpi-10.0.3.tar
$ echo $?
0
SebMa
  • 2,149
  • 1
    Does the user www-data have permission to read the home directory for the user administrateur? – Sotto Voce Nov 10 '22 at 08:59
  • 2
    read, but more importantly "execute", which for directories means "access". What is the output of ls -ld /home/administrateur? – Kamil Maciorowski Nov 10 '22 at 09:04
  • @kamil-maciorowski You're right, www-data can't read my home dir : drwxr-x--- 11 administrateur administrateur 4096 Nov 10 10:02 /home/administrateur/ – SebMa Nov 10 '22 at 09:07
  • 1
    @KamilMaciorowski in this question's scenario, execute permissions can substitute for missing read permissions on a directory, but execute isn't more important than read. Execute is more of an alternative to read. – Sotto Voce Nov 10 '22 at 09:13

1 Answers1

2

Just don't extract as www-data. As you see, that user has no access to the place you want to extract into, so the operation fails. Instead of trying to extract as a specific user, either extract directly into wherever you want to finally store this (presumably it is not supposed to live in ~/tmp) or extract as your regular user and then chown the files:

$ tar -C "$HOME"/tmp/ -xf "$HOME"/glpi-10.0.3.tar
$ sudo -R chown www-data "$HOME"/tmp/
terdon
  • 242,166