using rpms for non-root installs
Kevin Kofler
kevin.kofler at chello.at
Mon Feb 4 07:01:44 UTC 2013
Mátyás Selmeci wrote:
> This may be a long shot, but I am interested in repackaging some
> RPMs (for example, some of the Globus packages in EPEL, as well as
> grid software that my group builds) such that the software in them
> may be installed by unprivileged users, or into a non-standard
> location such as an NFS share. I'd like to use existing RPMs,
> preferably binaries, as a starting point to avoid duplicating work.
> (Naturally a lot of post-install scripting would be needed to fix
> binaries such that they'd work with the path they were installed
> into).
For the "unprivileged users" part, it is possible for the admin to give out
the org.freedesktop.packagekit.package-install PolicyKit permission, then
users can install (but not remove) trusted packages (packages signed with
GPG keys already known to the system) systemwide using gnome-packagekit or
Apper. But of course, there are drawbacks to that, which is why it's not the
default (in fact, it had been the default for a short moment in Fedora 12
and got dropped due to user uproar), and so admins will generally not enable
that, unfortunately. :-( In addition, it also only works for third-party
repositories if the admin imported the key for them, and at that point he
might as well install the packages, too. (There's also an
org.freedesktop.packagekit.package-install-untrusted permission, but as an
admin, you'd have to be insane to give that permission to your users, it's
essentially the same as giving them root access, because they can craft any
package running any arbitrary code and install it with that permission.) So
in your case, it's not all that helpful, unfortunately. But I still wanted
to point out the possibility.
Kevin Kofler
More information about the devel
mailing list