Pacman

Historical bug tracker for the Pacman package manager.

The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues

This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
Tasklist

FS#35376 - [pacman] Strategically poor to require sudo rights for rm rather than paccache.sh

Attached to Project: Pacman
Opened by John (graysky) - Monday, 20 May 2013, 10:39 GMT
Last edited by Dave Reisner (falconindy) - Monday, 20 May 2013, 12:32 GMT
Task Type Feature Request
Category Scripts & Tools
Status Closed
Assigned To No-one
Architecture All
Severity Medium
Priority Normal
Reported Version 4.1.1
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

If I understand the way paccache is working, a user running `paccache -vrk 2` does so and if candidate packages are found, the script will attempt to use /usr/bin/rm to remove them. The act of doing so requires the user to have sudo privilege escalation to /usr/bin/rm rather than on /usr/bin/paccache which can be a security risk if it is desired to grant the user the ability to only run /usr/bin/paccache but not /usr/bin/rm which could be accidentally or deliberately abused.

For example in /etc/sudoers one could grant user foo access to run paccache:
foo ALL=NOPASSWD:/usr/bin/paccache

That is very different from:
foo ALL=NOPASSWD:/usr/bin/rm

Apologies in advanace if I am missing something.
This task depends upon

Closed by  Dave Reisner (falconindy)
Monday, 20 May 2013, 12:32 GMT
Reason for closing:  Won't fix
Additional comments about closing:  Working as intended
Comment by Allan McRae (Allan) - Monday, 20 May 2013, 10:42 GMT
Just run paccache under sudo then..
Comment by John (graysky) - Monday, 20 May 2013, 10:56 GMT
Senior-moment I suppose; probably safe to close this one.

Loading...