Red Hat Bugzilla – Bug 1299824
DNF does download packages, but does not install them
Last modified: 2016-01-19 11:29:16 EST
Description of problem:
ANY USER on a system can enter "dnf update" and dnf will fetch the packages,
download them, but does not install them; out of security reasons as the user isn't root.
Instead of downloading them first and repelling the user afterwards,
downloading should not be allowed in the first place, like yum did it.
In consequence, a user can use dnf to fill the system partition with packages.
With a small system partition size, this can be a problem for the system.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. login as user A != root
2. dnf update
3. the rest is selfexplaining
tons of downloaded packages
early abort out of security reasons.
dnf makecache works also as != ROOT..
dnf uses different cache directories for nonroot users inside /tmp and also downloads packages into these directories. You may find useful the noroot plugin from dnf-plugins-core.