Linux

Obtaining file information with RPM


RPM (the Red Hat Package manager) is the most widely-used package manager on Linux systems. Other package formats exist on various Linux systems, such as the Debian (.deb) package format, but the majority of distributions use the RPM package format. As with any other format, it has unique strengths and weaknesses. One of RPM's strengths is the variety of options it provides to verify file information, reset file information, and so on. All of this information is stored in the RPM database which keeps track of information such as file sizes, md5sums of files, ownership, permissions, and more.

To obtain a list of all the installed RPM packages on your system, use:

# rpm -qa | sort

To list the permissions and ownership of files in a package, use:

# rpm -qlv openssh
drwxr-xr-x    2 root    root                0 Dec 29  2006 /etc/ssh
-rwxr-xr-x    1 root    root            49488 Dec 29  2006 /usr/bin/scp
...

To simply list the filenames, omit the -v option. To verify that the permissions and ownership of the files that were installed are similar, use the -V option:

# rpm -V sudo
S.5....T  c /etc/sudoers

Here you can see that the file, /etc/sudoers, has changed in size, the md5sum has changed, and the modification time has changed (indicated by S.5....T). However, the c indicator means that this file is a configuration file, so changes are to be expected.

In fact, you can use RPM as a poor-man's tripwire by using:

# for rpm in $(rpm -qa); do rpm -V $rpm; done

This will indicate what files have changed from what the package originally provided.

If you wanted to know what configuration files a RPM package provided, use:

# rpm -q --configfiles sudo
/etc/logrotate.d/sudo
/etc/pam.d/sudo
/etc/sudoers

The RPM program also provides two very useful switches that can be used to restore ownership and permissions to files that it is aware of. For instance, if you were to accidentally execute something along the lines of chown -R user:user /, your system would break very quickly. However, the damage can be mitigated somewhat by restoring ownership and permissions of files that came in RPM packages by using:

# rpm -qa | xargs rpm --setperms --setugids

As you can see, there are definitely some interesting things that can be done with RPM. The database stores a fair amount of information that can be used to query and restore permissions and ownership of files that were provided in RPM packages.

Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

7 comments
Allen Halsey
Allen Halsey

RPM stands for RPM Package Manager. It is used by several distributions and its file format is part of the Linux Standards Base.

Ajax4Hire
Ajax4Hire

YUM works good too. I find it easier to manage remote retrieval of new software and removal of old/un-needed on Linux box. Works like magic; need eclipse: yum -y install "eclipse*" boom it is there, usually.

linux
linux

>In fact, you can use RPM as a poor-man?s tripwire by using: ># for rpm in $(rpm -qa); do rpm -V $rpm; done it can be done by just rpm -Va

johnson12
johnson12

RPM being first used and made by Red Hat it means Red Hat package. Or Red Hat package manager depending on who you ask.

vdanen
vdanen

Like apt and urpmi, yum is just a frontend to RPM. It still uses rpm packages, still uses the rpm database, etc. Not to say there is anything wrong with yum, but it's not "different" than rpm.. everything in the tip will work on a system that uses rpm packages, be it one that uses apt, synaptic, urpmi, rpmdrake, yum, smart, etc.

Editor's Picks