Why does rpm-ostree command not require super user privileges?

keffin · November 24, 2022, 2:49pm

Fedora 36 Silverblue
Gnome Shell 42.2

I don’t need sudo to run rpm-ostree on my system. Is that normal and safe?

Feels like it can wreak a lot of havoc. Used to doing sudo dnf

Best,
k.

g3tchoo · November 24, 2022, 8:42pm

it uses a polkit policy that allows administrators (which by default is anyone in the wheel group) to run it without super user privileges. if you have a second user that isn’t in the wheel group, it would require sudo

if you don’t like this behavior, you could override it in /etc/polkit-1/rules.d/org.projectatomic.rpmostree1.rules

ditherwither · November 25, 2022, 2:43pm

Is there a way to configure it so that updating doesn’t need sudo access but layering does?

siosm · December 2, 2022, 9:47am

Yes. Take a look at /usr/share/polkit-1/rules.d/org.projectatomic.rpmostree1.rules. Copy it in /etc/... to override it to your liking.

boredsquirrel · October 6, 2023, 3:22pm

I would like to ALSO grant regular users of any kind to perform rpm-ostree upgrades.

If I create such a polkit file in /etc, will it override the /usr one and disable the wheel allowance?

Topic		Replies	Views
Is it normal for rpm-ostree command tonot require sudo/super user privileges to run? Ask Fedora f36 , wayland , gnome , silverblue	1	1047	November 24, 2022
Shouldn't sudoers be required to enter a password or use sudo to install layered packages with "rpm-ostree install"? Project Discussion silverblue-team	7	1279	October 27, 2023
Setup never prompted for root password; able to rpm-ostree without password prompts Ask Fedora silverblue	5	926	April 13, 2023
Hardened rpm-ostree polkit rule. Is anything missing? Project Discussion silverblue-team , kinoite-team	0	241	January 2, 2024
Rpm-ostree permissions lost after adding kerberos packages Project Discussion silverblue-team	1	581	February 11, 2021

Why does rpm-ostree command not require super user privileges?

Related topics