Operating System - Linux
1748181 Members
3363 Online
108759 Solutions
New Discussion

Re: Application Install as root

 
Simon_G
Occasional Advisor

Application Install as root

We have lot of application requests to install their rpm (mysql) etc as root on Redhat Linux (6).  How are these requests handled typically across different companies? We install those rpm's for them, but wanted to know how other companies handle

 

Simon

1 REPLY 1
Matti_Kurkela
Honored Contributor

Re: Application Install as root

A RPM package installation needs to update the RPM database of installed software, which is normally writeable by root only, so having root access is a requirement for installing RPM packages.

 

A RPM package can really do anything (e.g. using pre/post-install scripts embedded inside the RPMs), so in an environment where someone is responsible for the applications and someone else of the overall OS, it is very important that the OS-responsible person knows what is going to be installed and can verify that the packages are OK (i.e. the packages have not been maliciously tampered with and that they are appropriate for the Linux distribution).

 

For packages like MySQL, the provider of the software usually signs the RPMs with their GPG key; you can use this to easily validate the authenticity of the RPMs. A careful checking of RPM version and other package metadata may be needed to verify that the package is appropriate for the Linux distribution (e.g. that someone is not trying to install a  SuSE-specific package to a RedHat system, which might cause problems with library dependencies).

 

If you give the application people an unrestricted access to install any RPMs they want, that is essentially the same as giving them full root access to the system. If you are legally or contractually responsible for the overall system, you may not be allowed to give them that. In that case, a part of your work will be to review and implement the installation requests from the application people.

MK