tar extracts archive with broken permissions

[bcoe]

We've noticed an occasional bug at npm during the analyzer's tar extraction step:

• tar files are extracted into the /tmp/npms-analyzer folder which has world readable permissions.
• occasionally a tar file extracts that changes the permissions, this results in a file being created that cannot be accessed by npms-analyzer.
• the analyzer, in turn, starts crashing.

This might be related to the settings --same-owner, and --preserve-permissions but it seems like these settings should be defaulting appropriately for a non-super user (our analyzer is run as ubuntu):

# npms-analyzer-consume node 0

description "rank packages based on several metrics"

start on started network-services
stop on stopping network-services
respawn
setuid ubuntu
setgid ubuntu

We do not currently use bsdtar, so one thought I had was perhaps switching to the default tar program that npms-analyzer looks for might solve the problem?

any thoughts, have you bumped into anything similar?

[satazor]

Could you provide the error message produced so I could search in kibana? Also do you know the particular package that causes this?