Why does dnf5 require root permissions to download updates?

[rgilton]

To update my machine, I currently run sudo dnf update. The whole dnf process is given root privileges. This seems like overkill: the process only requires root privileges for the installation part, not the download part. Root privileges aren't needed to do some HTTP requests.

I don't know whether the answer here is that there should be two commands dnf download and dnf apply, or whether it can be done in some other way internally within the dnf update command.

[ppisar]

The simple answer is that the directory where the packages are download to is writable for root only. It is/should be writable for root only because you do not want a non-privileged user to mangle packages a root is going to install.

If you ask why DNF5 uses root for the network transfer, then the answer is because nobody cared so far. A small complication is that the download functions are part of libdnf5 library so that other applications can use that library for performing package operations. And forking in a library, especially when it aspires for thread-safety, is not the best idea.

[RokeJulianLockhart]

@rgilton, issues/2471#issuecomment-3411227671 may be relevant.