Obtaining file information with RPM

RPM (the Red Hat Package manager) is the most widely-used package manager on Linux systems. Other package
formats exist on various Linux systems, such as the Debian (.deb) package format, but the majority of distributions
use the RPM package format. As with any other format, it has unique strengths and weaknesses. One of RPM’s
strengths is the variety of options it provides to verify file information, reset file information, and so on. All of this
information is stored in the RPM database which keeps track of information such as file sizes, md5sums of files,
ownership, permissions, and more.

To obtain a list of all the installed RPM packages on your system, use:

# rpm -qa | sort

To list the permissions and ownership of files in a package, use:

# rpm -qlv openssh

drwxr-xr-x 2 root root 0 Dec 29 2006 /etc/ssh
-rwxr-xr-x 1 root root 49488 Dec 29 2006 /usr/bin/scp
...

To simply list the filenames, omit the -v option. To verify that the permissions and ownership of the files that were
installed are similar, use the -V option:

# rpm -V sudo
S.5....T c /etc/sudoers

Here you can see that the file, /etc/sudoers, has changed in size, the md5sum has changed, and the modification
time has changed (indicated by S.5….T). However, the c indicator means that this file is a configuration file, so
changes are to be expected.

In fact, you can use RPM as a poor-man’s tripwire by using:

# for rpm in $(rpm -qa); do rpm -V $rpm; done

This will indicate what files have changed from what the package originally provided.

If you wanted to know what configuration files a RPM package provided, use:

# rpm -q --configfiles sudo

/etc/logrotate.d/sudo
/etc/pam.d/sudo
/etc/sudoers

The RPM program also provides two very useful switches that can be used to restore ownership and permissions
to files that it is aware of. For instance, if you were to accidentally execute something along the lines of chown -R
user:user /, your system would break very quickly. However, the damage can be mitigated somewhat by restoring
ownership and permissions of files that came in RPM packages by using:

# rpm -qa | xargs rpm --setperms --setugids

As you can see, there are definitely some interesting things that can be done with RPM. The database stores a fair
amount of information that can be used to query and restore permissions and ownership of files that were provided
in RPM packages.

Delivered each Tuesday, TechRepublic’s free Linux NetNote provides tips, articles, and other resources to help you
hone your Linux skills. Automatically sign up today!