If for any reason you wish/need to install software without pacman - and this is not recommended but if you did - then it is possible to manage that software under /usr/local as another user. This is because packages managed by pacman do not install software here. The main reason to do this, though, is not to protect your personal files but to protect the system i.e. to protect anything else interfering with the files managed by pacman.
For example:
$ ls -l /usr/local/
total 68
drwxr-xr-x 2 software software 4096 Tach 10 19:05 bin/
drwxr-xr-x 2 software software 4096 Tach 10 19:05 doc/
drwxr-xr-x 2 root root 4096 Ion 27 07:29 etc/
drwxr-xr-x 2 root root 4096 Ion 27 07:29 games/
drwxr-xr-x 2 root root 4096 Ion 27 07:29 include/
drwxr-xr-x 4 software software 4096 Ion 6 18:40 lib/
drwx------ 2 root root 16384 Tach 9 16:25 lost+found/
drwxr-xr-x 2 root root 4096 Ion 27 07:29 man/
drwxr-xr-x 2 root root 4096 Ion 19 2012 sbin/
drwxr-xr-x 5 software software 4096 Ion 28 02:27 share/
drwxr-xr-x 2 root root 4096 Ion 27 07:29 src/
drwxr-xr-x 20 software software 4096 Chw 6 21:46 stow/
drwxr-xr-x 65 texlive texlive 4096 Tach 10 19:04 stow-tex/
drwxr-xr-x 5 texlive texlive 4096 Gor 25 2012 texlive/
I like this method but, then, I'm a refugee from Mac OS X...
]]>You asked "is this a terrible idea?" and several people have told you, yes, this is a terrible idea, and have even told you why. Yet you persist. Why did you ask for opinions in the first place if you already knew what you were going to do? This begins to look like trolling. Go ahead, do whatever you want. It's your system.
Reading back i realize I have offended a lot of people. This was not what I wanted to do. Please accept my appologies.
I have asked this the wrong way. I wanted to know what I had to change to my system in order for this to work, but instead I only asked if i should actually do it or not. It was not my intention to troll.
I would like to thank everybody for warning me about the problems I would encounter.
(The below is not meant to troll, just to warn somebody else with the same idea)
I have thought of one more reason not to do this. Even when I get pacman to work, then I would still have the problem of suid root executables. These end up not running as root, but as the package manager user/group. This will cause even more problems.
Best regards,
Cedric
.....then you could just unmount your home partition every time you run pacman. This would be far easier ...
This is the sanest suggestion I've seen in this thread.... But...
no less pointless.
I thought that the reason for not wanting to run pacman as root was for a good reason, like you want to just download files to a user owned directory, but no. Not even a valid reason.
As other people have said, try running `pacman -Qii <package name>` and looking at the output on the bottom. It will tell you which config files pacman is tracking and which ones have been modified since the package was installed.
]]>Pacman needs access to /usr and /var as already noted, but also to /boot ... you do get kernel upgrades, right? It also needs access to /bin /sbin and /etc. That only really leaves /opt, /root and /home as real (i.e., on disk) directories. The first of those could well be empty (mine is) and the second can be pretty darn close to empty. The third contains those personal files you don't want pacman to touch ... which it doesn't anyways.
So you would want to chown your entire root and boot partitions to some user so pacman could have access to everything that it currently has access to but does not have access to what it wouldn't touch anyways?
Best of luck.
EDIT: if my sarcasm burried the point, the point is this new user that you'd create would effectively be a root account. The only differences is that the new user could access your home directory(ies) - that's it. If this is your end goal, to protect your home partition from pacman (which as an aside has no code that would have it touch your home directory), then you could just unmount your home partition every time you run pacman. This would be far easier ... though no less pointless.
]]>This is a terrible idea. Use "pacman -Qii <some package>" and look at the bottom of the output. It is smart enough to be told to treat config files differently. Ergo, if they are changed and an update occurs, you will end up with a *.pacnew file. If you remove the package, these files stay unless specifically told to remove them.
In order for this to work, pacman still does not need to be run as root, it only needs write access to some files under /etc.
Best regards,
Cedric
I don't know exactly yet what files they are, but I guess it's everything below /usr, and the /var/cache/pacman, and probably some other places.
This is what is commonly refrerred to in the literature as the "fatal flaw"...
]]>How do you intend to update your system, which is almost entirely root-owned?
I would first change the ownership of the files pacman needs access to, then run pacman as that user. I don't know exactly yet what files they are, but I guess it's everything below /usr, and the /var/cache/pacman, and probably some other places.
And no, it doesn't overwrite your personal files unless they somehow belong to an installed package, which they shouldn't. In case of configs in /etc, pacman just creates new config as .pacnew files to be reviewed by user.
You are absolutely right. This should not happen. But why not make it impossible to happen? Adding the new user, and chowning the needed files/directories only has to be done once, after that the system is more secure.
Best regards,
Cedric
I would like to run pacman as a user with limited rights, so it can not overwrite my personal files. In order for this to work, I would like to change the ownership of all the needed directories for pacman to a new user, and then run pacman as this new user.
Pacman however refuses to run as the root user:
$ pacman -Suy
error: you cannot perform this operation unless you are root.
Is it a good idea to change pacman so it does work as a non-root user? Please also tell me if this is a terrible idea :-)
Best regars,
Cedric