Monday, August 8, 2011

dpkg - non super user - path limitation

Dpkg is the [ command line ] tool for adding / removing packages in Debian and derivatives.


Running dpkg as ordinary user - why would you?

This for me is just about historical working style.

Sometimes I will be doing preparatory work for system changes as a regular user, and just paste my final command into a root terminal

It should not be too hard to leave this behind, but I document it here for posterity and to aid questions by other Debian users.


The complaint above appears because executables such as /sbin/ldconfig are (on some systems) not in the path of a regular user.

Some folks think it right that /sbin/ is not in the path of regular users.

In contrast a super user (root) might have a path that looks like:

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin


Adjusting your way of working (or not) - the options:

So you can just avoid trying to use dpkg as ordinary user, or choose one of the  options below:

  1. Setup sudo to allow a particular (non root) user to run dpkg
  2. Setup sudo to allow a particular (non root) user to run dpkg (passwordless)
  3. Alter $PATH to include /sbin and /usr/sbin
There are security risks involved in doing (2) or (3) above, so I would not recommend them personally.

If you are leaning towards (2), then perhaps a better way is to run 'sudo bash' or similar as a way of switching into a way of adding / removing packages.

Note: You might want to think carefully before making sudo calls passwordless

A good book on Unix / Linux security will cover things like $PATH settings and sudo.

If you are tempted to ignore my warning about security risks of (2) or (3), then you might want to browse such a book.

No comments: