Is it normal for rpm-ostree command tonot require sudo/super user privileges to run?

Fedora 36 Silverblue
Gnome 42.4

I can run rpm-ostree install -A software-package without sudo prefix. Is that normal? Is it safe?

Used to the requirement of sudo dnf to work in the older systems.


This is normal and intended behavior. You can find some interesting reading regarding the decision over on GitHub (links below).

A point to mention though is that only admins with local access have this privilege. So if you are a standard non-admin user, you’ll be prompted to authenticate. And if you are an admin, but are accessing via SSH, you’ll be prompted to authenticate.

My interpretation of the reasoning is that if you’re an admin, you should have this ability on a workstation-type device. And if you are local, you have the ability to choose a previous deployment at reboot to rollback changes if anything breaks.

There may have also been the argument that running rpm-ostree install doesn’t affect the running system, since the changes aren’t committed until reboot. But now with the stability of the “apply-live” flag in rpm-ostree, that has changed somewhat; I’m not sure if that makes it worth revisiting or not.

1 Like