- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: UNZIP does not honor default protection ACL (a...
Operating System - OpenVMS
1752679
Members
5712
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2009 07:41 AM
тАО08-19-2009 07:41 AM
Hoping Mr. Schweda can give me some insight on this problem...
A very old version of UNZIP honored the default protection ACL on the default directory. I installed a newer version and it doesn't seem to honor the ACL anymore. This behavior may have changed a while back (not just in the current version) since the old version we were running was from 1994.
Attached is a log file of my experiment. I even changed the default protection ACL just to make sure the old version was really using the ACL and it did. The new version seems to ignore it. Please let me know if I'm missing something completely. I'm known to do that.
A very old version of UNZIP honored the default protection ACL on the default directory. I installed a newer version and it doesn't seem to honor the ACL anymore. This behavior may have changed a while back (not just in the current version) since the old version we were running was from 1994.
Attached is a log file of my experiment. I even changed the default protection ACL just to make sure the old version was really using the ACL and it did. The new version seems to ignore it. Please let me know if I'm missing something completely. I'm known to do that.
Solved! Go to Solution.
7 REPLIES 7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2009 08:22 AM
тАО08-19-2009 08:22 AM
Re: UNZIP does not honor default protection ACL (a very old version does)
> UnZip: Zipfile Extract v5.0 of 21 August 1992; [...]
Yow. Was I even _born_ in 1992? (I suppose
so, but I wasn't looking at Info-ZIP code
until about '04. I don't have anything older
than 5.51 around here.)
alp $ unzip6l -h
[...]
-X restore owner/ACL protection info -V retain VMS version numbers
[...]
By default, UnZip (6.0) does not restore
owner or ACL data. Perhaps a seriously old
version did. If "unzip -X" fails to satisfy,
then please re-complain.
Yow. Was I even _born_ in 1992? (I suppose
so, but I wasn't looking at Info-ZIP code
until about '04. I don't have anything older
than 5.51 around here.)
alp $ unzip6l -h
[...]
-X restore owner/ACL protection info -V retain VMS version numbers
[...]
By default, UnZip (6.0) does not restore
owner or ACL data. Perhaps a seriously old
version did. If "unzip -X" fails to satisfy,
then please re-complain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2009 08:41 AM
тАО08-19-2009 08:41 AM
Re: UNZIP does not honor default protection ACL (a very old version does)
Perhaps the real complaint is now sinking
into my (feeble) brain.
I don't know what the old one did, but when a
modern UnZip extracts a file, it will create
the thing, and then set its protections
according to the archived protection info.
If the OS doesn't interfere, then I know of
nothing in the UnZip code which would care
what the local directory ACL might be.
As I was just explaining to an HP-UX user, we
have had some discussion recently about
adding some UnZip option(s) to allow better
permission/protection control when extracting
files, but so far it's only talk. "-X" does
allow a little control, but I know of no way
to stop UnZip from trying to restore the
original protections on an extracted file.
And, if it's now better at restoring those
original protections, then this must be an
improvement, no?
into my (feeble) brain.
I don't know what the old one did, but when a
modern UnZip extracts a file, it will create
the thing, and then set its protections
according to the archived protection info.
If the OS doesn't interfere, then I know of
nothing in the UnZip code which would care
what the local directory ACL might be.
As I was just explaining to an HP-UX user, we
have had some discussion recently about
adding some UnZip option(s) to allow better
permission/protection control when extracting
files, but so far it's only talk. "-X" does
allow a little control, but I know of no way
to stop UnZip from trying to restore the
original protections on an extracted file.
And, if it's now better at restoring those
original protections, then this must be an
improvement, no?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2009 09:52 AM
тАО08-19-2009 09:52 AM
Re: UNZIP does not honor default protection ACL (a very old version does)
I did test the -X switch and on both the old UnZip and new UnZip the results were the same whether I used -X or not. The old version uses the OS security settings, the new version applies the security settings from the zipped file. -X would seem to be the default behavior on the modern UnZip. Is there a way to negate this?
Thank you for your explanation thus far.
Thank you for your explanation thus far.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2009 06:17 PM
тАО08-19-2009 06:17 PM
Solution
> The old version uses the OS security
> settings, the new version applies the
> security settings from the zipped file.
Perhaps that 1992 UnZip didn't know how to
set the protection on an extracted file. Or,
if you're using a newer Zip (on VMS, with
"-V"), then the very old UnZip may understand
only the old "IM" extra field, not the modern
(1997?) "PK" extra field, used to store the
VMS attributes. (I don't see enough "zip -v"
info to know what made these archives.)
> -X would seem to be the default behavior on
> the modern UnZip.
Not exactly. With "-X", UnZip tries to
restore ownership and ACLs. By default, it
_always_ tries to restore the original SOGW
protections.
> Is there a way to negate this?
Not in UnZip 6.0. If you'd like to try
living dangerously, you could slap these onto
an UnZip 6.0 source kit:
http://antinode.info/ftp/info-zip/unzip60/minusx/unzip.c
http://antinode.info/ftp/info-zip/unzip60/minusx/unzvers.h
http://antinode.info/ftp/info-zip/unzip60/minusx/vms/vms.c
Re-build, and then use "--X" to inhibit the
setting of any original protection values.
Default: Restore SOGW protections.
-X: Restore SOGW protections, owner, ACLs.
--X: Restore no protections.
These changes are unofficial, not well
tested, VMS-only, and not at all documented,
and I will deny everything under oath.
If anything like this were to get into the
next UnZip version, then I'd expect different
(better) command-line options, perhaps with
separate control over ownership.
> settings, the new version applies the
> security settings from the zipped file.
Perhaps that 1992 UnZip didn't know how to
set the protection on an extracted file. Or,
if you're using a newer Zip (on VMS, with
"-V"), then the very old UnZip may understand
only the old "IM" extra field, not the modern
(1997?) "PK" extra field, used to store the
VMS attributes. (I don't see enough "zip -v"
info to know what made these archives.)
> -X would seem to be the default behavior on
> the modern UnZip.
Not exactly. With "-X", UnZip tries to
restore ownership and ACLs. By default, it
_always_ tries to restore the original SOGW
protections.
> Is there a way to negate this?
Not in UnZip 6.0. If you'd like to try
living dangerously, you could slap these onto
an UnZip 6.0 source kit:
http://antinode.info/ftp/info-zip/unzip60/minusx/unzip.c
http://antinode.info/ftp/info-zip/unzip60/minusx/unzvers.h
http://antinode.info/ftp/info-zip/unzip60/minusx/vms/vms.c
Re-build, and then use "--X" to inhibit the
setting of any original protection values.
Default: Restore SOGW protections.
-X: Restore SOGW protections, owner, ACLs.
--X: Restore no protections.
These changes are unofficial, not well
tested, VMS-only, and not at all documented,
and I will deny everything under oath.
If anything like this were to get into the
next UnZip version, then I'd expect different
(better) command-line options, perhaps with
separate control over ownership.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2009 03:14 AM
тАО08-20-2009 03:14 AM
Re: UNZIP does not honor default protection ACL (a very old version does)
Amongst other things I like about ZIP/UNZIP is platform-independency. The ability to handle platform speciialities in some way is (at least for me) a requirement. If my target system cannot handle ACL's that are stored on the source system, it renders the zipfile unusable.
I agree though, that handling should be consistent, or otherwise be documented.
I agree though, that handling should be consistent, or otherwise be documented.
Willem Grooters
OpenVMS Developer & System Manager
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2009 04:42 AM
тАО08-20-2009 04:42 AM
Re: UNZIP does not honor default protection ACL (a very old version does)
Steven, I built a beta UnZip with those source code changes you provided and...
...you're my hero!!!
Worked like a charm! I'll be doing more testing but it looks great so far.
Attached is the log of my test.
Thank you for your clarification on the "-X" and for the "--X" changes.
...you're my hero!!!
Worked like a charm! I'll be doing more testing but it looks great so far.
Attached is the log of my test.
Thank you for your clarification on the "-X" and for the "--X" changes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2009 07:21 AM
тАО08-20-2009 07:21 AM
Re: UNZIP does not honor default protection ACL (a very old version does)
> [...] If my target system cannot handle
> ACL's that are stored on the source system,
> it renders the zipfile unusable. [...]
So far, I believe that all ACL data are
archived in system-specific extra fields, so
UnZip will never try to use a foreign ACL.
(It's very good at ignoring mysterious extra
fields.)
There is some hope for a cross-UNIX(-like)
ACL storage scheme, but I'd expect ACL
restoration to remain optional and
non-default.
> ...you're my hero!!!
So, you'll be using DELETE /ERASE on that
fossilized UnZip 5.0?
> [...] more testing [...]
Good idea. Wake me when it catches fire.
I've restarted the feature discussion among
the Info-ZIP folks, so it's possible that
something similar will appear in a future
real UnZip kit. (Hold your breath.)
Annoyingly, there's corresponding code
(chmod()/chown(), or whatever) in other
system-specific modules, too, so, even
ignoring the command-line complications, it's
not a trivial change to make properly.
> ACL's that are stored on the source system,
> it renders the zipfile unusable. [...]
So far, I believe that all ACL data are
archived in system-specific extra fields, so
UnZip will never try to use a foreign ACL.
(It's very good at ignoring mysterious extra
fields.)
There is some hope for a cross-UNIX(-like)
ACL storage scheme, but I'd expect ACL
restoration to remain optional and
non-default.
> ...you're my hero!!!
So, you'll be using DELETE /ERASE on that
fossilized UnZip 5.0?
> [...] more testing [...]
Good idea. Wake me when it catches fire.
I've restarted the feature discussion among
the Info-ZIP folks, so it's possible that
something similar will appear in a future
real UnZip kit. (Hold your breath.)
Annoyingly, there's corresponding code
(chmod()/chown(), or whatever) in other
system-specific modules, too, so, even
ignoring the command-line complications, it's
not a trivial change to make properly.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP