-3

The default package manager for mainstream Linux distros (deb/apt, yum/dnf, pacman, etc) do global-installation by default and require root. It seems better to install as user or group and not need root, because one would run less untrusted code as root (as Nix, Guix, Cargo, Pip, Gem, Cabal, Stack, CPAN).

To save space on shared systems, one could install packages to directory which is readable by users but writable by admins, but this doesn't have to be root, and it should still permit users to install their own packages.

Package that modify protected files like Grub or provide services would need to modify the root system, but everything else should be doable from user-side.

This question says that packages may assume they are installed to specific locations in the Filesystem Hierarchy, but I thought this could be fixed by setting $PATH, $LD_LIBRARY_PATH, and friends. And otherwise, why not just have a wrapper that runs the program in a chroot?

charmoniumQ
  • 245
  • 4
    "On shared systems, one could install packages to directory which is readable by users but writable by admins. Why not do this by default?" .... is this a serious question? You're quite literally asking why is X the default behaviour and then suggesting that X be the default behaviour. – muru Apr 06 '22 at 05:21
  • Is there an issue that you are trying to resolve where installing packages as non-root would be the solution? – Kusalananda Apr 06 '22 at 05:59
  • 1
    "This question says that packages may assume they are installed to specific locations in the Filesystem Hierarchy, but I thought this could be fixed by setting $PATH, $LD_LIBRARY_PATH, and friends." - No, not everything there could be fixed by them. Those will fix binaries running or being invoked from that user env The moment the binary is called from an application running from different env like root, it will not care about those env variables anymore. – Akash Apr 06 '22 at 08:11
  • @akash Could chroot help that case? – charmoniumQ Apr 06 '22 at 09:03
  • @muru I edited the question to say that I think installing to a shared directory should not theoretically preclude installing at a user-level too. This is how pip works, but not apt, which only has system-level, when most packages a user would want to install don't require system-level changes. – charmoniumQ Apr 06 '22 at 09:05
  • @cas "the people who made these "design decisions" based them on actual knowledge rather than uneducated opinions" I'm sure of this as well, and I'm asking to be corrected. I don't understand how this it is inevitable that end up installing everything to fixed paths in /; why not install in $HOME? – charmoniumQ Apr 06 '22 at 09:20
  • @charmoniumQ apt is a poor choice as an example, since apt has the Dir and RootDir configuration options allowing you to set the root of the installation to pretty much wherever - you just have to set up the directories and files that apt expects in that location. (You can even configure some specific directories, e.g., apt -o Dir::State=$HOME/apt/state update should work fine as a non-root user.) – muru Apr 06 '22 at 10:22

1 Answers1

0

You are speaking about system package managers, which install system libraries and shared programs (and possibly also daemons), for that reasons they requires root privileges.

There are some user-space package managers, e.g. flatpack, but if you look at them, you may see some problems:

  • you must learn two (or more) package managers, and you may confuse where some programs come from (system or user?)

  • dependencies are more complex: a package manager at a level cannot see dependencies of the others. E.g. if I upgrade the version of my OS, it is possible that this break some users, and I cannot check all programs installed by my users. But also the contrary: my user-space package manager cannot influence the system packages. If it need a specific version of a package, you need it, or you are lost. For this reason, most of such user-space packages tend to includes requires dependencies (and libraries).

  • it makes much harder to handle a system (in case you find a way to integrate the two).

Note: computer languages (Python with virtual environments, javascript with node.js, and many other languages) may have own system (similar to package manager) to handle libraries and other programs.

In short: it is difficult, and now we often prefer docker: there is a clear separation between system an my container (and simple boundaries: file systems, network). Now probably we have much more support (shadow file systems, separate namespaces, etc.) to allow user packages well integrated on a system, but it doesn't really solve the problem about easy maintenance of the system, and users may run dangerous (old vulnerable programs). I think it may be feasible now, but there is not much demand (or volunteers) to do it.

PS: you can really screw up other users, by installing a new version of a library, or by installing some programs like sl, les, etc. (so typos of common commands): easily you can get all powers of such user.

Giacomo Catenazzi
  • 2,846
  • In systems where users can install packages, they wouldn't necessarily show up in other users paths, so I don't think this poses a security vulnerability. – charmoniumQ Apr 06 '22 at 09:05
  • It depends on how do you design your package manager, but so if you update bash, your script will still use /bin/bash because of shebang. So you are going in direction of a pure "user-space" package managers. Try to design one, and you will find a lot of "small" problems, and own design decisions. docker helped us, so not much interest to invent something in the middle. – Giacomo Catenazzi Apr 06 '22 at 09:14
  • I don't buy that it will mess up other users user-level package management is the default, except for a small set of packages that actually require privilege (e.g., kernel, boot loader). – charmoniumQ Mar 19 '24 at 16:16
  • Just try it. Check how many people messed up macos installing python3 where system expected python2. Or libraries, where many programs expected some versions (and so you never see an ABI change? Debian had the libc4 to glibc, various C++ ABI changes, etc.). You do not need to trust me. Just try. – Giacomo Catenazzi Mar 19 '24 at 17:00
  • I use Nix package manager on Ubuntu, so core system is installed with APT and everything else is installed with Nix. It works great for me, since Nixpkgs are more often up-to-date than APT. It seems like a much better way of doing things, because the packages I install don't affect other users, so I was wondering why it didn't start that way. – charmoniumQ Mar 19 '24 at 19:54