Skip to content


Subversion checkout URL

You can clone with
Download ZIP


CocoaPod's shouldn't let you run as root #1815

wants to merge 1 commit into from

5 participants


I'm often finding people using sudo the first time because they needed it to install and they don't fully understand they don't need it in the future. This leads to problems further down the line when they don't use sudo.

It's currently possible to make both your repositories and library caches as root so running subsequent commands will cause hard to understand failures.

Thinking we should do something like this (someone to think of better copy):

$ sudo pod
Hey, it's just pod you will need to drop sudo.

We also need to facilitate with things being root because you won't be able to continue running as root.

~/Libraries/Caches/(not sure on exact location) can be root and cause failure, perhaps we should drop these? Or get a friendlier message when "git clone" from cocoapods-downloader fails due to permission.
~/.cocoapods/repos/master could be root.


~/Libraries/Caches/(not sure on exact location) can be root and cause failure

I expect everything in home dir of the user not being root. Can you elaborate on this?


As you can see when using sudo, the user's HOME directory is still set. So ~/Library/Caches will be used as the existing user not root.

$ sudo env

I'm not sure how ruby expands paths, but from what i've seen on someone mac computer with root files in ~/Library/Caches I think it takes $HOME.


Yep but is very rare to set permissions to root for files stored in the home directory tree, no?


@irrationalfab I think I didn't explain this very well. Take the following example:

$ rm -fr ~/Library/Caches/CocoaPods/
$ rm -fr ~/.cocoapods/repos/master/
$ sudo pod install  # user accidentally uses sudo pod
Setting up CocoaPods master repo

Now, the user has caches and a master repo as root. Along with Pods:

$ ls -al ~/.cocoapods/repos/
drwxr-xr-x  3732 root   staff  126888 16 Feb 18:25 master

$ ls -al ~/Library/Caches/CocoaPods/
drwxr-xr-x   19 root   staff   646 16 Feb 18:26 GitHub

$ ls -al
drwxr-xr-x    3 root   staff    102 16 Feb 18:30 Pods

Now the user run's pod without root, most pod related commands are going to fail with various permission errors. Some raise huge backtraces, some say permission denied.

$ pod install
Analyzing dependencies
[!] Pod::Executable pull

error: cannot open .git/FETCH_HEAD: Permission denied

To fix all these permission errors the user needs to delete the caches, delete the pod repository and delete any project local Pods directory.

I think that instead of letting a user run pod as root, we shouldn't let them do this to prevent them getting in a mess like above.


Right, i've attached a commit to this. Not sure if this is the correct place to do this kind of check.


Looks good to me!


Perhaps we should have a clause to help the user cleanup an existing install where they used "sudo" and have files at ~/Library/Caches/CocoaPods/, ~/.cocoapods/repos/master, and Pods/ as root.


I think that a section in the guides with instructions to fix any resulting issue would do. I would just print the link in the output of the command line.

@kylef kylef referenced this pull request

I got a error like this #1833


Yes, perhaps it should also catch all Errno::EACCES - Permission denied such as found in #1833.

Display a link to the guide in that case too.

@kylef kylef referenced this pull request in AFNetworking/AFNetworking

can't add AFNetworking to project using cocoapods. #1872

@kylef kylef self-assigned this
@kylef kylef removed their assignment

What is the state of this?

@CocoaPodsBot CocoaPodsBot was assigned by kylef

Issue has been confirmed by @confidenceJuice

@CocoaPodsBot CocoaPodsBot was unassigned by kylef
@kylef kylef self-assigned this

Is this issue in need of a developer?


After thinking about this some more, I don't think it's realistic that we can catch all permission denied errors and show a message. Some will come from git, mercurial, bzr etc.

Maybe we should just roll with this PR and add a note in the troubleshooting guide regarding what to do with permission errors.

Does this work for everyone?


@kylef Sounds wise to me :+1: Just one point, can you please add a period to the end of the sentence?


@alloy Sure thing :+1:.

@kylef kylef referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
@kylef kylef closed this pull request from a commit
@kylef kylef Don't let the user run as root
Closes #1815
@kylef kylef closed this in 0465aee
@kylef kylef referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
@kylef kylef referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 16, 2014
  1. @kylef

    Don't let the user run as root

    kylef authored
    Closes #1815
This page is out of date. Refresh to see the latest.
Showing with 7 additions and 0 deletions.
  1. +3 −0  lib/cocoapods/command.rb
  2. +4 −0 spec/functional/command_spec.rb
3  lib/cocoapods/command.rb
@@ -43,11 +43,14 @@ def self.parse(argv)
+ help! "You cannot run CocoaPods as root" if Process.uid == 0
argv =
if argv.flag?('version')
exit 0
4 spec/functional/command_spec.rb
@@ -14,5 +14,9 @@ module Pod
UI.output.should.include 'spec/fixtures/spec-repos/master/AFNetworking'
+ it "doesn't let you run as root" do
+ Process.stubs(:uid).returns(0)
+ lambda {['--version']) }.should.raise CLAide::Help
+ end
Something went wrong with that request. Please try again.