how to 'rip apart' a rpm.

[Tom H]

On Mon, May 17, 2010 at 10:30 PM, Gene Heskett <gene.heskett at verizon.net> wrote:
> On Monday 17 May 2010, Rick Stevens wrote:
>>On 05/17/2010 02:12 PM, Gene Heskett wrote:
>>>
>>> Clarify here: I can do all that as the user.  What I can't do, until
>>> somebody decides to fix mkinitrd, is to run it as the user.  That is my
>>> specific bitch.  And I think its perfectly valid.  mkinitrd simply will
>>> not run for anybody but root.
>>
>>And this is a bad thing?  I, for one, don't want some low-level user
>>installing a kernel on my machines.  I don't want them installing
>>ANYTHING that's global.
>>
> Repeat after me Rick:  "I am the only user of this machine". And that will
> likely continue until such time as I fall over for the last time.

Even if your use-case encompassed 100% of fedora users, there wouldn't
be any reason for violating the principle of least/minimal privilege
and giving a non-root user unnecessary rights. It is up to you to
modify your settings to allow one or more users to perform a command
without being root.


>>When you get to the point where you're installing something that will
>>affect all the users on the machine or the operation of the machine
>>itself, only an administrator (e.g. "root") should be permitted to do
>>so.  This is the whole point of system security and tools such as "su"
>>and "sudo".
>
> I am moderately aware that rpms _should_ be installed as root, however this
> machine has mdv-2010-x64 on it at the moment, and its software updater has,
> in the last 6 weeks, probably updated 2Gb of software on this machine without
> even asking me for my user passwd. OTOH, I have had to use root to install
> another 2 or 3G of stuff.

"Mandriva does it" isn't a good enough reason to allow a non-root user
to install software. Mandriva has probably adopted a model similar to
the one that was adopted and quickly dumped by F12, IIRC.