[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Running Smart Package manager as non-root



Chris Kottaridis wrote:
> How do I get smart to manage it's RPMs in a different DB then the system
> wide one and also get it to load all RPMs into a predetermined
> directory, other then "/",  and do all of this as a normal, non-root,
> user ?

This is not supported, Fedora RPMs are not relocatable (with possibly a
small number of exceptions, but the general rule is that they aren't), see:
https://fedoraproject.org/wiki/Packaging:Guidelines#Relocatable_packages

The reason is that most upstream projects don't support it, so relocatable
packages usually don't work properly.

Only root can install software.

That said, if you use PackageKit (either gnome-packagekit or kpackagekit)
instead of smart, you can give users permissions to install signed packages
from the official repositories (or any other repositories you configure):
either authenticate them once with the root password or explicitly grant
that user the org.freedesktop.packagekit.system-update permission
(according to the documentation, in PackageKit 0.4, there'll be a separate
org.freedesktop.packagekit.install) in polkit-gnome-authorization
(Settings / Authorizations in the menu). How this works is that the
packagekitd daemon runs in the background as suid root, but will check with
PolicyKit whether the given user is allowed to perform certain package
actions, so the user will be able to do only the actions you grant him/her,
not have full root privileges. The package will internally be installed as
root, but the user cannot do anything as root other than installing or
upgrading packages. This is the proper solution to your problem.

        Kevin Kofler


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]