[Yum-devel] "bug" in yum-security

Sat, 14 Apr 2012 15:32:31 -0700 

Hi.

I found some problem in the yum security plugin.
What I do is running the nagios/icinga check_yum plugin periodically as non-root (!) user. That the system is not cluttered with repository caches and because a simply yum check-update quite some time I run yum makecache periodically as root (!) via cron (every hour). 

Now check_yum invokes yum like the following:
/usr/bin/yum --security check-update -C

Which leads as non-root user to the following output and error:
$ /usr/bin/yum --security check-update -C
Loaded plugins: changelog, downloadonly, fastestmirror, keys, priorities, protectbase, ps, security, verify 
102 packages excluded due to repository priority protections
0 packages excluded due to repository protections
Limiting package lists to security relevant ones
[Errno 13] Permission denied: '/var/cache/yum/x86_64/6.2/epel/gen/updateinfo.xml' 
$

Strace shows the following:
$ strace -e trace=open /usr/bin/yum --security check-update -C 2>&1 | grep EACCES 
open("DB_CONFIG", O_RDONLY)             = -1 EACCES (Permission denied)
open("DB_CONFIG", O_RDONLY)             = -1 EACCES (Permission denied)
open("DB_CONFIG", O_RDONLY)             = -1 EACCES (Permission denied)
open("/var/cache/yum/x86_64/6.2/epel/20ea7be5624822f05d7cf61426ffcaf71f2104a5905ccc4880495741ab02a801-primary.sqlite", O_RDWR|O_CREAT, 0644) = -1 EACCES (Permission denied) open("/var/cache/yum/x86_64/6.2/sl/primary.sqlite", O_RDWR|O_CREAT, 0644) = -1 EACCES (Permission denied) open("/var/cache/yum/x86_64/6.2/sl-security/primary.sqlite", O_RDWR|O_CREAT, 0644) = -1 EACCES (Permission denied) open("/var/cache/yum/x86_64/6.2/epel/gen/updateinfo.xml", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 EACCES (Permission denied) 
$

All these files are root owned and -rw-r--r--.


When I then run
/usr/bin/yum --security check-update -C
as root, and after wards again as non-root user, it works for the non-root user (even though the permissions haven't changed. No idea why. 


Any ideas?
Please CC me, as I'm going to unsubscribe from the lists again. I tried to report this as bug in trac, but apparently one needs special rights for reporting tickets and an account is not enough... o.O Strange because you advertise the reporting at many places in the FAQ/etc. 


Cheers,
Chris.
_______________________________________________
Yum-devel mailing list
Yum-devel@lists.baseurl.org
http://lists.baseurl.org/mailman/listinfo/yum-devel

Reply via email to