Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm or node-gyp using the wrong user when running under sudo. #2106

Closed
jessegranger opened this issue Apr 27, 2020 · 2 comments
Closed

npm or node-gyp using the wrong user when running under sudo. #2106

jessegranger opened this issue Apr 27, 2020 · 2 comments

Comments

@jessegranger
Copy link

  • Node Version: node v14.0.0 and npm 6.14.4 (installed via nodesource rpm)
  • Platform: Linux staging-v3-2020 3.10.0-1062.18.1.el7.x86_64 Make 0.6.x work #1 SMP Tue Mar 17 23:49:17 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

  • Compiler: gcc version 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)

  • Module: heapdump (or any other module that needs node-gyp)

  • Key Facts: npm is running via sudo. SUDO_USER is "jesse".

The relevant error from the log is this line: gyp WARN EACCES current user ("jesse") does not have permission to access the dev dir "/root/.cache/node-gyp/14.0.0"

The bug is that node-gyp should never be opening anything as SUDO_USER. The system is correctly rejecting node-gyp's attempt to write into /root as a non-root user.

Verbose output (from npm or node-gyp): 

npm info lifecycle [email protected]~install: [email protected]                                                                                                                                                                                            [27/1912]

> [email protected] install /opt/mpath/api/node_modules/heapdump
> node-gyp rebuild

gyp info it worked if it ends with ok
gyp verb cli [
gyp verb cli   '/usr/bin/node',
gyp verb cli   '/usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js',
gyp verb cli   'rebuild'
gyp verb cli ]
gyp info using [email protected]
gyp info using [email protected] | linux | x64
gyp verb command rebuild []
gyp verb command clean []
gyp verb clean removing "build" directory
gyp verb command configure []
gyp verb find Python Python is not set from command line or npm configuration
gyp verb find Python Python is not set from environment variable PYTHON
gyp verb find Python checking if "python" can be used
gyp verb find Python - executing "python" to get executable path
gyp verb find Python - executable path is "/bin/python"
gyp verb find Python - executing "/bin/python" to get version
gyp verb find Python - version is "2.7.5"
gyp info find Python using Python version 2.7.5 found at "/bin/python"
gyp verb get node dir no --target version specified, falling back to host node version: 14.0.0
gyp verb command install [ '14.0.0' ]
gyp verb install input version string "14.0.0"
gyp verb install installing version: 14.0.0
gyp verb install --ensure was passed, so won't reinstall if already installed
gyp WARN EACCES current user ("jesse") does not have permission to access the dev dir "/root/.cache/node-gyp/14.0.0"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/opt/mpath/api/node_modules/heapdump/.node-gyp"
gyp verb tmpdir == cwd automatically will remove dev files after to save disk space
gyp verb command install [ '--node_gyp_internal_noretry', '14.0.0' ]
gyp verb install input version string "14.0.0"
gyp verb install installing version: 14.0.0
gyp verb install --ensure was passed, so won't reinstall if already installed
gyp verb install version not already installed, continuing with install 14.0.0
gyp verb ensuring nodedir is created /opt/mpath/api/node_modules/heapdump/.node-gyp/14.0.0
gyp WARN install got an error, rolling back install
gyp verb command remove [ '14.0.0' ]
gyp verb remove using node-gyp dir: /opt/mpath/api/node_modules/heapdump/.node-gyp
gyp verb remove removing target version: 14.0.0
gyp verb remove removing development files for version: 14.0.0
gyp WARN install got an error, rolling back install
gyp verb command remove [ '14.0.0' ]
gyp verb remove using node-gyp dir: /opt/mpath/api/node_modules/heapdump/.node-gyp
gyp verb remove removing target version: 14.0.0
gyp verb remove removing development files for version: 14.0.0
gyp ERR! configure error
gyp ERR! stack Error: EACCES: permission denied, mkdir '/opt/mpath/api/node_modules/heapdump/.node-gyp'
gyp ERR! System Linux 3.10.0-1062.18.1.el7.x86_64
gyp ERR! command "/usr/bin/node" "/usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /opt/mpath/api/node_modules/heapdump
gyp ERR! node -v v14.0.0
gyp ERR! node-gyp -v v5.1.0
gyp ERR! not ok
@cclauss
Copy link
Contributor

cclauss commented Apr 27, 2020

Please upgrade your Python. v2.7.5 is 8 years old and contains well documented security flaws so running it as sudo is not a good idea. Python 2 is end of life at v2.7.18. If possible, please consider upgrading to something more current like v3.8.2.

@bnoordhuis
Copy link
Member

Key Facts: npm is running via sudo. SUDO_USER is "jesse" [..] The bug is that node-gyp should never be opening anything as SUDO_USER.

There's no bug. node-gyp is invoked as user 'jesse' but you didn't update $HOME to point to /home/jesse or wherever that user's home dir is, it's still pointing to /root.

In other words, you should fix your sudoers setup. See https://unix.stackexchange.com/a/91572 for tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bnoordhuis @cclauss @jessegranger