| Summary: | RFE: ability to run repoquery as non-privileged user | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Mike Khusid <mkhusid> | |
| Component: | yum-utils | Assignee: | Packaging Maintenance Team <packaging-team-maint> | |
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.2 | CC: | dmach, ffesti, jofernan, mmatsuya, packaging-team-maint, tcallawa, vmukhame | |
| Target Milestone: | rc | Keywords: | FutureFeature | |
| Target Release: | 7.1 | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Enhancement | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 690904 (view as bug list) | Environment: | ||
| Last Closed: | 2018-09-24 10:34:40 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 750638 | |||
you will need to give unprivileged users access to the certs/keys. which seems like a bad idea. However if you want to you can setfacl on them to give certain users access and yum should work just fine. (In reply to comment #1) > you will need to give unprivileged users access to the certs/keys. > > which seems like a bad idea. I agree with that statement wholeheartedly given the current implementation. Therefore, I challenge you to come with an alternative that allows repoquery/yum search/yum info commands to run without requiring access to the certs/keys. RHEL7 time-frame is fine for resolution of this RFE. Here is another example of failing functionality. The latter result is inconsistent (wrt permissions) with ability to generate the same output using "rpm -qi".
# yum info yum
Loaded plugins: auto-update-debuginfo, product-id, refresh-packagekit, security,
: subscription-manager
Updating Red Hat repositories.
INFO:rhsm-app.repolib:repos updated: 423
rhel-6-workstation-beta-rpms | 3.7 kB 00:00
Installed Packages
Name : yum
Arch : noarch
Version : 3.2.29
Release : 7.el6
Size : 4.4 M
Repo : installed
From repo : rhel-beta
Summary : RPM package installer/updater/manager
URL : http://yum.baseurl.org/
License : GPLv2+
Description : Yum is a utility that can check for and automatically download and
: install updated RPM packages. Dependencies are obtained and
: downloaded automatically, prompting the user for permission as
: necessary.
$ yum info yum
Plugin "product-id" can't be imported
Plugin "subscription-manager" can't be imported
Loaded plugins: auto-update-debuginfo, refresh-packagekit, security
https://cdn.redhat.com/content/beta/rhel/workstation/6/6Workstation/x86_64/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-workstation-beta-rpms. Please verify its path and try again
$ rpm -qi yum
Name : yum Relocations: (not relocatable)
Version : 3.2.29 Vendor: Red Hat, Inc.
Release : 7.el6 Build Date: Tue 22 Feb 2011 04:41:14 PM EST
Install Date: Wed 23 Mar 2011 12:08:08 PM EDT Build Host: s390-003.build.bos.redhat.com
Group : System Environment/Base Source RPM: yum-3.2.29-7.el6.src.rpm
Size : 4635114 License: GPLv2+
Signature : RSA/8, Thu 24 Feb 2011 10:37:10 AM EST, Key ID 938a80caf21541eb
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL : http://yum.baseurl.org/
Summary : RPM package installer/updater/manager
Description :
Yum is a utility that can check for and automatically download and
install updated RPM packages. Dependencies are obtained and downloaded
automatically, prompting the user for permission as necessary.
(In reply to comment #3) > Here is another example of failing functionality. The latter result is > inconsistent (wrt permissions) with ability to generate the same output using > "rpm -qi". > rpm -qi hits installed pkgs only yum info yum hits installed and repo pkgs repoquery --installed -qi yum hits installed pkgs only. and this is explained as such throughout. (In reply to comment #3) > Here is another example of failing functionality. The latter result is > inconsistent (wrt permissions) with ability to generate the same output using > "rpm -qi". > rpm -qi hits installed pkgs only yum info yum hits installed and repo pkgs repoquery --installed -qi yum hits installed pkgs only. and this is explained as such throughout. Development Management has reviewed and declined this request. You may appeal this decision by reopening this request. |
Some read-only commands, such as repoquery, are not usable by an unprivileged user. The problems occurs only with protected repositories. The desired functionality for yum is to allow access to these commands for unprivileged users. This RFE will reduce inconvenience of using RHEL vs CentOS. RHEL5 examples (registered via rhn_register) # yum search firefox Loaded plugins: rhnplugin, security =============================== Matched: firefox =============================== firefox.i386 : Mozilla Firefox Web browser. firefox.x86_64 : Mozilla Firefox Web browser. firefox-devel.i386 : Development files for Firefox firefox-devel.x86_64 : Development files for Firefox $ yum search firefox Loaded plugins: rhnplugin, security *Note* Red Hat Network repositories are not listed below. You must run this command as root to access RHN repositories. Warning: No matches found for: firefox No Matches found RHEL6.1 examples (registered via subscription manager) # yum search firefox Loaded plugins: auto-update-debuginfo, product-id, refresh-packagekit, security, : subscription-manager Updating Red Hat repositories. INFO:rhsm-app.repolib:repos updated: 423 rhel-6-workstation-beta-rpms | 3.7 kB 00:00 ============================= N/S Matched: firefox ============================= firefox.i686 : Mozilla Firefox Web browser firefox.x86_64 : Mozilla Firefox Web browser firefox-debuginfo.i686 : Debug information for package firefox firefox-debuginfo.x86_64 : Debug information for package firefox redhat-internal-firefox32.noarch : A wrapper package for the 32-bit version of : firefox and java oraclefixui.x86_64 : GreaseMonkey script for firefox 3.0 Name and summary matches only, use "search all" for everything. $ yum search firefox Plugin "product-id" can't be imported Plugin "subscription-manager" can't be imported Loaded plugins: auto-update-debuginfo, refresh-packagekit, security https://cdn.redhat.com/content/beta/rhel/workstation/6/6Workstation/x86_64/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)" Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-workstation-beta-rpms. Please verify its path and try again # repoquery firefox firefox-0:3.6.15-2.el6_0.i686 firefox-0:3.6.15-2.el6_0.x86_64 $ repoquery firefox Could not match packages: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-workstation-beta-rpms. Please verify its path and try again