Bug 1151869

It is by design, It give a lot of issues to running the yumex backend as non root

if the user cancel a transaction, all selection & pending actions are lot, because we restarted the backend as root, so every thing we done is lost, same issue if there is a problem in the transaction, you could not just deselect the packages with problems and apply again.
You also have to download repository metadata 2 times, one in non-root mode and one in root-mode.
The next generation for yumex based on dnf, also require root access
So I deceided to always start the backend in root mode for solve all these issues.

yumex 4.x will have standalone notification icon, there can check for updates an alert the user without needing to start the yumex gui.

I can confirm the described behaviour change. Someone suggested in IRC to use a PolicyKit rule to allow general root access for Yumex.

(In reply to Raphael Groner from comment #2)
> I can confirm the described behaviour change. Someone suggested in IRC to
> use a PolicyKit rule to allow general root access for Yumex.

Yes, there are multiple ways to make it possible for a user to run yumex, without 
typing a password.

1. making a Policykit rule
2. using sudo

http://www.yumex.dk/2012/05/running-yumex-without-typing-password.html

warning the PolicyKit rule described in this blog, do not work any longer, because
PolicyKit has change to using JS rules.

this show an exsample of how to do it using the current version of PolicyKit

https://lists.fedoraproject.org/pipermail/users/2013-August/440106.html

I have made this document on how to setup yumex to run without the user is asked for a password.

http://www.yumex.dk/p/yumex-without-password.html

You could provide the rule file within the yumex package as well as create the (initially empty) yumex group, so that all that is installed by default. The user would have to configure only by simply adding herself to the yumex group, if root password dialog is not wished.

Alternatively, how is it possible to run yumex as a special yumex user that is only allowed to start this foreground yumex process? Not sure if that would again increase any security.

That a unpriveleged user can search for packages but isn't allow to install a package is complete useless and not fair to him.
Also, downloading double yum cache makes old version of yumex complete slow, and it's cost power and time.
In a green world we should save server power.
Think about.......

(In reply to Raphael Groner from comment #6)
> You could provide the rule file within the yumex package as well as create
> the (initially empty) yumex group, so that all that is installed by default.
> The user would have to configure only by simply adding herself to the yumex
> group, if root password dialog is not wished.
> 

Good idea, I have added that upstream.

https://github.com/timlau/yumex/commit/f0c8ef8264c691f31c56d138afbf6782d85fa3c7

Being able to optionally run without root as an ordinary user is useful for systems where the user is not the admin of the system but wants to ask the admin to install a specific package. That way he can search in the repos using yumex and afterwards give the admin specific package names.
Ideally that would also include some easy export of selected package names for sending via email.

(In reply to Lukas Middendorf from comment #9)
> Being able to optionally run without root as an ordinary user is useful for
> systems where the user is not the admin of the system but wants to ask the
> admin to install a specific package. That way he can search in the repos
> using yumex and afterwards give the admin specific package names.
> Ideally that would also include some easy export of selected package names
> for sending via email.

This is not the kind of use yumex is intented for, I was for security reason that yumex was not asking for root access before it was really needed, not to work with a user with limitted rights. It was introduced in yumex 3.0.11, but it introduced a lot of issues, therefor i switch back to the old way of asking for root access from the start. Next release will solve the issues with the user have to enter password to use yumex. 
You use case, running in readonly mode, will need a lot of work, by hidding features there need root access, they should not be show to a user if he cant perform them.
yumex 3.0.x is in bug fix mode only, new features will mostly be done in yumex 4.0.x based on dnf.

You can create an issue for your usecase here:
https://github.com/timlau/yumex-dnf

An I will consider to implement it in a future yumex 4.0.x release.

(In reply to Lukas Middendorf from comment #9)
> Being able to optionally run without root as an ordinary user is useful for
> systems where the user is not the admin of the system but wants to ask the
> admin to install a specific package. That way he can search in the repos
> using yumex and afterwards give the admin specific package names.
> Ideally that would also include some easy export of selected package names
> for sending via email.

For this case a normal user can run 'yum list *<expression-to-search>*' in a terminal. So this function in yumex isn't really needed for this special case.
I mean we are on linux and using a terminal command is not the badest ;)

(In reply to Wolfgang Ulbrich from comment #11)
> For this case a normal user can run 'yum list *<expression-to-search>*' in a
> terminal. So this function in yumex isn't really needed for this special
> case.
> I mean we are on linux and using a terminal command is not the badest ;)

I think the comfortable search for packages (and then displaying the description and content of some of them) is the main advantage of yumex over yum. If that is irrelevant, let's stop development of yumex and drop it from fedora repos. We can all use yum directly instead.

Thx for the answers, especially Raphael and Tim for suggesting and upstreaming a sustainable solution. I wasn't aware of the issues with the backend running as non-root. Getting rid of this issues ads some extra value for me, too. All in all the policykit solution works better for me than before. How ever I prefer users to re-enter their password before changing system settings to make them aware of it. It also adds some security. I'm very happy to hear yumex 4 will fix the backend issues, indicates available updates for normal users and requires a password to apply these updates all at once :)
Is there already a plan when a rpm containing the policykit rule will hit the update-testing repo? I could provide some feedback after installing it of course.
Last but not least in addition to the --update-only option I'd love to see a command line option to preselect all updates. Is this already covered by yumex 4 or do you like me to write an feature request for for this?

(In reply to Woi from comment #13)
> Thx for the answers, …

I am happy to can help. No problem, you're welcome.

> Is there already a plan when a rpm containing the policykit rule will hit
> the update-testing repo? I could provide some feedback after installing it
> of course.
> Last but not least in addition to the --update-only option I'd love to see a
> command line option to preselect all updates. Is this already covered by
> yumex 4 or do you like me to write an feature request for for this?

You should open another bug report for this feature request. It does not seem to have any relation to the password dialog thingy, does it?

yumex-3.0.17-1.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/yumex-3.0.17-1.fc22

yumex-3.0.17-1.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/yumex-3.0.17-1.fc21

yumex-3.0.17-1.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/yumex-3.0.17-1.el7

Beside that yumex-dnf is now in f22, does normal yumex use dnf too in f22 with the redirector package dnf-yum?

Package yumex-3.0.17-1.el7:
* should fix your issue,
* was pushed to the Fedora EPEL 7 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing yumex-3.0.17-1.el7'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5908/yumex-3.0.17-1.el7
then log in and leave karma (feedback).

(In reply to Wolfgang Ulbrich from comment #18)
> Beside that yumex-dnf is now in f22, does normal yumex use dnf too in f22
> with the redirector package dnf-yum?

No, yumex uses the yum python api, it is not affected by the changes to the yum cli tool there has been renamed to yum-deprecated.

yumex, will proberly get retired in f23 or f24 an only yumex-dnf will live on

yumex-3.0.17-1.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

yumex-3.0.17-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

yumex-3.0.17-1.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.