From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461) Description of problem: upgrade to RPM version 4.0.4 now allows non root user to perform an rpm -qa Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: user@localhost 0 ~ $ id uid=500(user) gid=500(user) groups=500(user) user@localhost 0 ~ $ which rpm /bin/rpm user@localhost 0 ~ $ ls -al /bin/rpm -rwxr-xr-x 1 rpm rpm 1737960 Feb 16 02:31 /bin/rpm user@localhost 1 ~ $ rpm -v RPM version 4.0.4 Copyright (C) 1998-2000 - Red Hat, Inc. This program may be freely redistributed under the terms of the GNU GPL Usage: rpm {--help} rpm {--version} user@localhost 0 ~ $ rpm -qa filesystem-2.1.6-2 bzip2-libs-1.0.1-4 cracklib-2.7-12 db2-2.4.14-7 gdbm-1.8.0-10 hdparm-4.1-2 mktemp-1.5-11 parted-1.4.16-8 <etc...> Actual Results: installed rpm list is returned. Expected Results: error: cannot open Packages index using db3 - Permission denied (13) (or equivalent) Additional info:
rpm has always permitted non-root readonly database opens with rpm -qa. If you *really* want to prohibit non-root queries, then do chmod go-r /var/lib/rpm/*