Why is it bad to build RPMs as root?

linux rpm

This page contains a prominent warning:

Important

Never build RPMS as root.

Why is it bad to build RPMs as root? Is it the possibility of overwriting some files? Are there file permissions problems?


Solution 1:

Badly written RPM .spec files (or even well-written ones with a typo) can do improper things such as:

  • Install directly to the running system instead of to a sandbox
  • Leave junk on the filesystem
  • Accidentally run nasty commands such as: rm -rf ${RPM_BUILD_ROOT}

There is no part of the RPM build process that actually needs root access. So, we should follow the standard procedure of "If it doesn't need root permission, it doesn't run as root" when building RPMs.

This avoids nasty accidents and surprises.

Solution 2:

mock for fedora is pretty nice, too. If it'll build in mock, chances are it's a pretty clean RPM.

Solution 3:

Generally you should never use the root user except you really need the rights. But you are right the main problem would be that 'rpmbuild' would execute nearly everything you wrote into a spec file. (override files, create users, delete files etc.).

Edit:

As a side note I would suggest to take a look at the openSUSE Build Service which makes building rpms for different distributions really easy. (It can also set up as a local instance.)

Related

Example of live site with trusted, signed but revoked certificate?
Sending mail from command line if body not empty
Disable right click file printing in windows?
Temporary membership to AD group
Upgrading RAID controller to 4kn - do I have to reinitialize the array to use 4kn?
What mailer does cron use to send mail?
Why do you need IPv6 Neighbor Solicitation to get the MAC address?
Which cloud services will be around in 2015? [closed]
What is 'FizzBuzz' for system administrators? [closed]
using su inside of a shell script
Keyboard shortcut to store typed command and clean the line
Run a command on Windows startup (not login!)