[SOLVED] Running updatedb as normal user

So I was trying to run updatedb as a normal user to create a local database for myself. Basically, since my personal files would not be in the general database, I wanted to create a “~/.locate.db” and alias locate as a custom name (e.g.: mylocate) to use that database.

But I kept running into a permissions error:

joe@delljoe:~> updatedb -U /home/joe/ -l0 -o /home/joe/.locate.db 
updatedb: can not open a temporary file for `/home/joe/.locate.db'

Even running as root, would give me that error. I have spent months scouring the web, and they all point to that command being the correct command to create a local database.

I just found out apparmor was blocking the executable from reading/writing from anywhere except the system default directory.

So there are three options:

  1. Disable it for mlocate completely
sudo aa-disable /usr/bin/locate
sudo aa-disable /usr/bin/updatedb
sudo mv /etc/apparmor.d/usr.bin.locate /etc/apparmor.d/usr.bin.locate.OLD
sudo mv /etc/apparmor.d/usr.bin.updatedb /etc/apparmor.d/usr.bin.updatedb.OLD
sudo touch /etc/apparmor.d/usr.bin.locate
sudo touch /etc/apparmor.d/usr.bin.updatedb

  1. Tune or update /etc/apparmor.d/usr.bin.updatedb and /etc/appmarmor.d/usr.bin.locate to allow writing to certain locations. For example updatedb can write to /home/*/.locate.db etc. This is recommended for production multi-user environments. (I am just using my laptop. And I am lazy)
  2. Disable apparmor completely for dev envs

You might submit this as a “feature request” to https://bugzilla.opensuse.org

I hadn’t thought much about why elevated permissions are required to execute updatedb, I wonder if there is any downside to allowing ordinary User permissions… I’ve never really thought about this before, just accepted the elevated permissions requirement.