Bug 13406

Summary: The uid and gid of the soft link is changed after decompressing with the busybox tar
Product: Busybox Reporter: xiechengliang <xiechengliang1>
Component: OtherAssignee: unassigned
Status: NEW ---    
Severity: normal CC: busybox-cvs
Priority: P5    
Version: 1.31.x   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Host: Target:
Build:

Description xiechengliang 2020-12-23 06:39:26 UTC 
Soft links created by ordinary users, after being compressed, the root user uses the busybox tar to decompress, and the owner of the soft link will become root. 
It is expected that the owner of the soft link will remain unchanged after decompression. Is this a bug?

eg.
$ ls -l
drwx------    2 test     test             0 Jan  7 16:21 test
lrwxrwxrwx    1 test     test            12 Jan  7 16:21 test_link -> test/test.sh

$ busybox tar czf test.tar.gz test test_link

$ mkdir result; cd result

# Unzip with the root user, the owner of the soft link becomes root
$busybox tar xzf ../test.tar.gz
drwx------    2 test     test             0 Jan  7 16:25 test
lrwxrwxrwx    1 root     root            12 Jan  7 16:25 test_link -> test/test.sh
Comment 1 alt.j2-4o4s2yon 2021-01-27 22:04:29 UTC 
gnu tar defaults to recreate UIDs stored in tarballs by calling chown when the tarball is extracted as root. this is a super annoying default as it breaks usage in sandboxes like ones using unshare (if the chown() syscall fails, tar returns with failure status).
additionally in the internet age 99% of the tarballs the average person extracts are created by other people on the net, and you certainly don't want to have files with random UIDs that don't even have associated users on your box splattered around your fs.
on gnu tar, one has to pass --no-same-owner to get rid of this utterly annoying default.

i'm glad busybox does it the right way.

arguably it might make sense for use cases like xie's if there would be a flag that's equivalent to --same-owner for GNU tar.