Someone at work encountered an interesting obstacle today. The problem was how to change ownership of files in transit to an NFS filesytem that squashed activity by user root. Solving it required a quirky shell one-liner that you may find interesting.
I’m going to change the names of all the people and machines involved, but here are the players:
samuel, the customer who needed work done
orion, a pseudo-user account associated with his project
collector, where the source data files live
analyser, where the data files need to be visible
filer, the NFS server
analyseris NFS-mounted from
The goal: Copy files readable by user samuel from host
analyser, changing their ownership to
User samuel has a full set of sudo rights on the host
The NFS export on
filer has the standard
So user root on
analyser is a completely unprivileged user in the
User samuel also has no direct login access to
filer, so the
operation can only happen from
So samuel can copy files from
enough if he retained ownership of them. His root privileges,
however, don’t allow him to change ownership of those files to
user orion, since root is unprivileged in that part of the filesystem.
To shorten a long story, here’s the scriptlet that ended up accomplishing his task:
# done on analyser (ssh collector tar -cC /source .) | sudo -u orion -s tar -xC /mnt/datastore
As-is, this operation relies on the GNU version of
tar. It could be
accomplished with a non-GNU version; the subshells would need to include
cd commands to make it work.
analyser, that input is piped to a tar command owned (thanks to
sudo) by user orion.
So the files owned (or at least readable by) user samuel on
end up on
analyser owned by user orion—and all done in one command