?
Solved

Installing Using RPM

Posted on 2003-03-23
15
Medium Priority
?
284 Views
Last Modified: 2013-11-13
I was trying to install a *.rpm file. I was logged in as my own name and it was giving me the following errors:

error: cannot get exclusive lock on /var/lib/rpm/Packages
error: cannot open Packages index using db3 - Operation not permitted (1)
error: cannot open Packages database in /var/lib/rpm

I read about the errors and it said you had to be logged in as root, so I logged in and the rpm installed fine.

Is there any way I can change my preferences so I can install files under my own name, and not have to go under root.


Thanks,
  J M M I S I T I
0
Comment
Question by:jmmisiti
  • 5
  • 4
  • 2
  • +4
15 Comments
 
LVL 17

Accepted Solution

by:
dorward earned 120 total points
ID: 8191586
Switching to root is generally the best idea, if you type "su" at the command prompt you can create a shell as root, but without having to log out and then in again.

Still, if you want to anyway (and I really advise that you stick to "su") you could try making "rpm" run as root no matter who runs it.

First find the rpm binary on your system by typing "which rpm". It will probably tell you something along the lines of /usr/bin/rpm

Then pick a group to give access too. All members of this group will be able to run the rpm program as if they were root, so you might want to create a new group and add yourself as the only member. Edit /etc/group and add a new line that looks like this:

groupName::number:member,nextMember

Note that the number must be unique.

e.g. rpmUsers::300:jmmisiti

(You will not become a member of that group until you log out and log back in again)

Then change the ownership of rpm to that group:

chown root.rpmUsers /usr/bin/rpm

Next, change the permissions so only members of "rpmUsers" and root can run rpm, but always as the owner (root).

chmod 4750 /usr/bin/rpm

0
 

Expert Comment

by:Slydder
ID: 8195340
A switch to root is the ONLY idea as the rpm DB is not writable by normal users. (unless you set up an rpm update user or some such).

chuck
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 8196030
your other option is to use sudo

check your /etc/sudoers file you will see something like:

root    ALL=(ALL) ALL

copy that line and put your username like

majorwoo    ALL=(ALL) ALL

now whenever majorwoo wants to do somethign that requires root, he just type sudo whatever - sudo standing for "SuperUserDO" or - do this as root.

[josh@woo josh]$ ls /root/
ls: /root/: Permission denied
[josh@woo josh]$ sudo ls /root/
1009a7md.zip     Desktop      install.log.syslog    NVIDIA_GLX-1.0-4191.i386.rpm
aflash.exe       doc-pak      mail                  NVIDIA_kernel-1.0-4191.src.rpm
anaconda-ks.cfg  install.log  nedit-5.3-1.i386.rpm  README
[josh@woo josh]$

when you do this, you are running the command as root:

[josh@woo josh]$ whoami
josh
[josh@woo josh]$ sudo whoami
root
[josh@woo josh]$
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Expert Comment

by:Slydder
ID: 8196088
Such a change is only advisable (well not even advisable) when there is 100% no chance of someone else logging in on the system as said user.

If you are to make use of sudo then do so correctly when the box in question has an outside connection.  Otherwise create an RPM admin account and assign the correct privilegs.

chuck
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 8196118
anybody you trust enough to administer RPM's is root really, because if not they could just make an rpm to install whatever they wanted...
0
 

Expert Comment

by:Slydder
ID: 8196150
Then why use sudo in such a fashion?  It's just one more security weakness that isn't really needed.

simply do su -c 'rpm -i package.rpm' and all is good.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 8196271
im not gonna start a flame war here (and we are getting way off topic) so this is the last I'm gonna say:

using su -c is great, except you have to pass out the root password - which means if you change it, you have to tell everyone and once you give it to them you have no way of telling what they did with it.

sudo can be configured to allow only certain commands to be run as opposed to all, if you prefer (and yes giving someone all sudo is a risk too) - but everything is a security risk, you have to balance security with practicality.

Personally i find sudo more secure/flexible then creating groups on each machine or setting things SUID - once you setup a proper sudo file you can copy it to all your machine if you so wish - but hey, this is me and my 57 machines, it's just what i think.

if you decide to go the sudo route, and something is not clear let me know (man sudo is great, but sometimes the examples are harder to follow then you want)

0
 

Expert Comment

by:Slydder
ID: 8196450
I totally agree.  However, that is not what you proposed and that is what I was commenting on.

done.

chuck
0
 

Expert Comment

by:fluid11
ID: 8219976
Just give the user access to run the /bin/rpm command in the /etc/sudoers file (like majorwoo said above)...

someuser ALL = /bin/rpm

ChrisP
0
 

Expert Comment

by:CleanupPing
ID: 9087632
jmmisiti:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 2

Expert Comment

by:TheWeakestLink
ID: 9289659
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
PAQ / No Refund ; Can't split 30points, good answers and the original questioner has stopped responding
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

TheWeakestLink
EE Cleanup Volunteer
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9290030
You can give dorward the points.  His answer was first and correct.
0
 
LVL 2

Expert Comment

by:TheWeakestLink
ID: 9294431
I'm happy either way.  The "rules" say that the PAQ / No refund is appropriate under these circumstances, but it's down to judgement.  

P.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9295562
correct, you've become quite the cleanup hound!
0
 

Expert Comment

by:YensidMod
ID: 9354890
Points to dorward.

Yensidmod
EE Moderator
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month12 days, 17 hours left to enroll

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question