Package Manager Denies Permission to Install

Kam Leo kam.leo at gmail.com
Mon Jan 19 18:16:31 UTC 2009


On Mon, Jan 19, 2009 at 9:52 AM, Kam Leo <kam.leo at gmail.com> wrote:
> On Mon, Jan 19, 2009 at 9:27 AM, Richard Hughes <hughsient at gmail.com> wrote:
>> On Mon, 2009-01-19 at 10:03 -0500, R. G. Newbury wrote:
>>> Clicking on the link gave the usual 'what do you want to do' message.
>>> Clicking install raised a warning about installing as root. I clicked
>>> continue....and got a message that I 'didn't have permission to
>>> continue' (or words to that effect) and my system, having assumed
>>> god-like powers refused to let me install the file!
>>
>> Logging in as root is like walking around with a loaded shotgun in your
>> belt with no safety latch. You can't install packages as the root user
>> as it's simply not secure. Just use a normal user login.
>>
>>> WTF??? Does anyone know where this little bit of insanity is stored
>>> and how to remove it?
>>
>> It's called PackageKit, and it's not insane. If you're running gtk+ as
>> root, you're already insecure.
>>
>> Richard.
>
> Regardless of the security rant, the default settings for yum should
> have enabled the Everything repository. Just use yum  to install the
> package. As a bonus yum will also add any dependencies you might have
> missed. Add/Remove Software from the GUI should also be able to do the
> same.
>

Just another thought, the security rant is pointless. A user can just
as easily copy the file's URL, open a terminal, and install the
package using rpm. What's the difference whether the package got
installed by root or via "su"? If the package has malicious content
you're hosed. Trust begins with whomever is given root/superuser
privileges and the site hosting the packages.




More information about the users mailing list