Bug 737631

Summary: poor message on unprivileged invocation
Product: [Fedora] Fedora Reporter: Frank Ch. Eigler <fche>
Component: rpmAssignee: Panu Matilainen <pmatilai>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: ffesti, jnovy, pmatilai
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-15 05:42:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Frank Ch. Eigler 2011-09-12 18:44:27 UTC
When a lowly peon pretends to the throne by running a command such as 

% id
uid=9999(simple_nobody) groups=100(users) [...]
% rpm -e kernel

rpm responds to the obvious insult with the cryptic

 error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Permission denied)

which is a roundabout way of saying "You need to be root to perform such rpm
operations.".  Please consider teaching rpm some noblesse oblige and giving
a more informative message.

Comment 1 Panu Matilainen 2011-09-13 07:32:20 UTC
Rpm goes to quite some lengths to avoid making assumptions about root, it just needs sufficient filesystem (and/or other, depending on the operation in question) privileges. 

While of course by default obviously many things like installing and removing packages from system does require root /in practise/, it's entirely possible to set up things in a way that allows eg non-root write-access to the system rpmdb. Not to mention other cases like operating on an rpmdb in an alternative path, installing files to paths where you have write permission. A simplistic message saying "you need to be root" would be just wrong.

The current message tells you quite exactly what rpm is trying to do and what the problem is (insufficient permissions), just as much as this does:

[pmatilai@localhost ~]$ touch /var/lib/rpm/foo
touch: cannot touch `/var/lib/rpm/foo': Permission denied

Comment 2 Frank Ch. Eigler 2011-09-14 14:55:04 UTC
"of course by default obviously many things like installing and removing packages from system does require root /in practise/"

This alone should be enough to justify improving the text.

"Not to mention other cases like operating on an rpmdb in an alternative path, installing files to paths where you have write permission."

If one has permissions already, there will be no error message, and this bug report does not apply.

If some permissions are missing, if you don't like the obvious heuristic that it
should suggest root, then rpm could fstat the files in dispute, and say that one
needs <OWNER> or <GROUP> privileges to do this.  In practice, this will say 
"root".

Comment 3 Panu Matilainen 2011-09-15 05:42:00 UTC
Sorry but not worth the trouble, really. This message was already once revised to give the failure reason (whether permission denied or something else), and for a low-level system tool such as rpm, "permission denied" says all there is to say about it: higher privileges are needed to perform this operation. Use a higher level tool to get more hand-holding than that: yum (which Fedora users are recommended to use for package management needs anyway) will happily tell you "you need to be root to perform this command" as it doesn't even try to deal with the other scenarios where the answer is not as simple as that.

Now lets leave this closed, please.