≡ Menu

rpm command

Here is a little known secret that allows you to view the change log of a package. Using --changelog option you can find out if particular security bug is fixed or not. This is extremely useful option for production boxes.

For example CVE-2007-1864 documents that php has serious buffer overflow in the bundled libxmlrpc library in PHP before v4.4.7, and 5.x before 5.2.2. It has unknown impact and remote attack vectors. Now how do you know if this bug is fixed or not in your installed php version? Simply type the following command:
rpm -q --changelog php
Better use piped out output using less:
rpm -q --changelog php | less
Output:

* Wed Apr 04 2007 Joe Orton  5.1.6-12.el5
- add security fix for CVE-2007-1864, SOAP redirect handling issue,
  FTP CRLF injection issue (#235016)
* Wed Apr 04 2007 Joe Orton  5.1.6-11.el5
- add security fix for CVE-2007-1718 (#235016)
* Tue Apr 03 2007 Joe Orton  5.1.6-9.el5
- add security fix for CVE-2007-1583 (#235016)
- add security fixes for CVE-2007-0455, CVE-2007-1001 (#235036)
* Fri Mar 09 2007 Joe Orton  5.1.6-7.el5
- add security fix for CVE-2007-1285 (#231597)
* Fri Feb 16 2007 Joe Orton  5.1.6-6.el5
- add security fixes for: CVE-2007-0906, CVE-2007-0907,
  CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#229013)
* Tue Dec 19 2006 Joe Orton  5.1.6-5.el5
- fix version for php-zend-abi (#218758)
* Thu Nov 23 2006 Joe Orton  5.1.6-4.el5
- php-xml provides php-domxml (#215656)
- fix php-pdo-abi provide (#214281)
- provide php-zend-abi (#212804)
- don't Obsolete mod_php
- fix PDO sqlite TEXT extraction truncate-by-one (#217033)
- package php{ize,-config} man pages in -devel (#199382)
- change module subpackages to require php-common not php (#177821)
- add security fix for CVE-2006-5465 (#216114)
......
...
.....

Following command look at the kernel package changelog:
rpm -q --changelog kernel|less

This option allows you to view change log w/o visiting vendors / distributions website. The --changelog option only works with rpm based package and distro such as RHEL / CentOS / Fedora / Suse etc. RPM is a very powerful utility and I hope this small tip will save lot of time. For more information read rpm command man page.

Sometime by mistakes all file permissions get changed and you need to restore file permission. For example a shell script or some sort of corruption could change the permissions for packages (installed files), it may be necessary to reset them.

For example a long time ago my shell script run chmod and chown commands on /usr and changed the permission. Luckily rpm command can reset package permission. Sun Solaris pkg command and IBM can also reset permissions.

Please note that this troubleshooting tip is about resetting the permission of the installed package files and not about end users files stored in /home directory.

RPM syntax to fix permission

To set permissions of files in a package, enter:

rpm --setperms {packagename}

RPM syntax to fix file ownership

To set user/group ownership of files in a package, enter:

rpm --setugids {packagename}

List installed package

You can list all installed package with rpm -qa command:
rpm -qa
Output:

basesystem-8.0-5.1.1.el5.centos
glibc-2.5-12
expat-1.95.8-8.2.1
db4-4.3.29-9.fc6
cyrus-sasl-lib-2.1.22-4
libusb-0.1.12-5.1
libgcrypt-1.2.3-1
perl-5.8.8-10
gmp-4.1.4-10.el5
perl-DBI-1.52-1.fc6
perl-URI-1.35-3
wireless-tools-28-2.el5
libXdmcp-1.0.1-2.1
perl-IO-Zlib-1.04-4.2.1
perl-String-CRC32-1.4-2.fc6
perl-HTML-Tagset-3.10-2.1.1
libattr-devel-2.4.32-1.1
zip-2.31-1.2.2
.....
..
...

List individual package file permission

You can list individual installed package file permission using following shell for loop (for example list file permission for zip package):
for f in $(rpm -ql zip); do ls -l $f; done
Output:

-rwxr-xr-x 1 root root 75308 Jan  9  2007 /usr/bin/zip
-rwxr-xr-x 1 root root 31264 Jan  9  2007 /usr/bin/zipcloak
-rwxr-xr-x 1 root root 28336 Jan  9  2007 /usr/bin/zipnote
-rwxr-xr-x 1 root root 30608 Jan  9  2007 /usr/bin/zipsplit
total 188
-rw-r--r-- 1 root root  3395 Dec 14  1996 algorith.txt
-rw-r--r-- 1 root root   356 Dec 14  1996 BUGS
-rw-r--r-- 1 root root 60168 Mar  9  2005 CHANGES
-rw-r--r-- 1 root root  2692 Apr 10  2000 LICENSE
-rw-r--r-- 1 root root 40079 Feb 28  2005 MANUAL
-rw-r--r-- 1 root root  8059 Feb 27  2005 README
-rw-r--r-- 1 root root  3149 Feb 21  2005 TODO
-rw-r--r-- 1 root root  2000 Mar  9  2005 WHATSNEW
-rw-r--r-- 1 root root 19032 Apr 19  2000 WHERE
-rw-r--r-- 1 root root 356 Dec 14  1996 /usr/share/doc/zip-2.31/BUGS
-rw-r--r-- 1 root root 60168 Mar  9  2005 /usr/share/doc/zip-2.31/CHANGES
-rw-r--r-- 1 root root 2692 Apr 10  2000 /usr/share/doc/zip-2.31/LICENSE
-rw-r--r-- 1 root root 40079 Feb 28  2005 /usr/share/doc/zip-2.31/MANUAL
-rw-r--r-- 1 root root 8059 Feb 27  2005 /usr/share/doc/zip-2.31/README
-rw-r--r-- 1 root root 3149 Feb 21  2005 /usr/share/doc/zip-2.31/TODO
-rw-r--r-- 1 root root 2000 Mar  9  2005 /usr/share/doc/zip-2.31/WHATSNEW
-rw-r--r-- 1 root root 19032 Apr 19  2000 /usr/share/doc/zip-2.31/WHERE
-rw-r--r-- 1 root root 3395 Dec 14  1996 /usr/share/doc/zip-2.31/algorith.txt
-rw-r--r-- 1 root root 12854 Jan  9  2007 /usr/share/man/man1/zip.1.gz

Reset the permissions of the all installed RPM packages

You need to use combination of rpm and a shell for loop command as follows:
for p in $(rpm -qa); do rpm --setperms $p; done
for p in $(rpm -qa); do rpm --setugids $p; done

Above command combination will reset all the permissions to the default permissions under CentOS / RHEL / Fedora Linux.

A note about Debian / Ubuntu Linux distributions

Only rpm command / Solaris pkg and AIX command supports package file permission reset option. But dpkg / apt-get command doesn’t support this option.

Solaris command example

Boot Solaris / OpenSolaris box in single user mode. Mount /usr and other filesystem:
mount / /a
mount /usr /a/usr
mount /var/ /a/var
mount /opt /a/opt

Login as the root, enter:
pkgchk -R /a -f
Please note that he pkgchk command does not restore setuid, setgid, and sticky bits. These must be set manually. Read pkgchk command man page for more information:
man pkgchk

New Linux user often get this error. Let us say you haved downloaded the RPM file from net and saved to /tmp, you may get error - no no such file or directory - when the file is really downloaded and ls command can show the same.

Answer is pretty simple rpm command needs the full path to RPM command. Use pwd command to get full path and type the following commands:
ls *.rpm
pwd
/tmp
Now install the rpm file:
rpm -ivh myrpm.rpm
or use full path:
rpm -ivh /tmp/myrpm.rpm

Running query on uninstalled rpm package

However if you run query on uninstalled package you will get an error:
# rpm -qi /tmp/bandwidth-0.12-1.el5.rf.x86_64.rpm
Output:

package bandwidth-0.12-1.el5.rf.x86_64.rpm is not installed

To query an uninstalled package pass -p option to rpm command.
# rpm -qip /tmp/bandwidth-0.12-1.el5.rf.x86_64.rpm
Output:

Name        : bandwidth                    Relocations: (not relocatable)
Version     : 0.12                              Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
Release     : 1.el5.rf                      Build Date: Sat 28 Jul 2007 03:27:28 PM CDT
Install Date: (not installed)               Build Host: lisse.leuven.wieers.com
Group       : Applications/Internet         Source RPM: bandwidth-0.12-1.el5.rf.src.rpm
Size        : 30905                            License: GPL
Signature   : DSA/SHA1, Sat 28 Jul 2007 03:31:11 PM CDT, Key ID a20e52146b8d79e6
Packager    : Dag Wieers 
URL         : http://home.comcast.net/~fbui/bandwidth.html
Summary     : Artificial benchmark for measuring memory bandwidth
Description :
bandwidth is an artificial benchmark for measuring memory bandwidth,
useful for identifying a computer's weak areas.

If rpm / yum command hangs during operations or you see error messages - it means your rpm database corrupted. /var/lib/rpm/ stores rpm database just delete the same and rebuild rpm database:

Command to rebuild rpm database

rm -f /var/lib/rpm/__db*
rpm --rebuilddb

Read rpm / yum man pages for more information

How do you install and use rsync to synchronize files and directories from one location (or one server) to another location? - A common question asked by new sys admin.
[click to continue…]

Installing software from a source code is common practice in UNIX and Linux world. Some time this is preferred method because it gives all power and flexibility you need to optimize your software such as MySQL, PHP, and Apache etc. However, uninstalling files installed from a source code tar ball is a big headache.

Two methods can be used to uninstall files:

Method # 1: make command

Use command make uninstall or equivalent supported command, Read INSTALL or README file in source code file to find out more about this method.

# make uninstall

Sure, this method sounds very easy but not supported by all tar balls.

Method # 2: find command

(a) Make a list of all files on the system before installing software i.e. a pre-installation list of all files on your system.

find /* > packgetlist.b4

(b) Now install the software (use configure & make to compile it)

make
make install

(c) Now make a list of all files on the system after installing software i.e. postinstall list

find /* > packagelist.after

(d) Next, compare both lists using the diff utility to find out what files are placing where. This list can be use to uninstall all files installed using source tar ball.
diff packagelist.b4 packagelist.after > package.uninstall.list

(e) After some time if you wish to uninstall files then you need to get list of files from package.uninstall.list file. Use following small for loop at shell prompt to remove all files:

for i in $(grep ">" package.uninstall.list | awk '{ print $2 }')
do
/bin/rm -fi $i
done

A note about binary packages

If you are using Debian / Ubuntu Linux, use following command to uninstall binary packages:
sudo apt-get remove {package-name}
If you are using Redhat / RHEL / Fedora / CentOS / Suse Linux, use following command to uninstall binary packages:
rpm -e {package-name}
OR
yum remove {package-name}