CocoaPod's shouldn't let you run as root #1815

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
5 participants
Contributor

kylef commented Feb 16, 2014

I'm often finding people using sudo the first time because they needed it to install and they don't fully understand they don't need it in the future. This leads to problems further down the line when they don't use sudo.

It's currently possible to make both your repositories and library caches as root so running subsequent commands will cause hard to understand failures.

Thinking we should do something like this (someone to think of better copy):

$ sudo pod
Hey, it's just pod you will need to drop sudo.

We also need to facilitate with things being root because you won't be able to continue running as root.

~/Libraries/Caches/(not sure on exact location) can be root and cause failure, perhaps we should drop these? Or get a friendlier message when "git clone" from cocoapods-downloader fails due to permission.
~/.cocoapods/repos/master could be root.

@kylef kylef added Defect labels Feb 11, 2014

Owner

fabiopelosin commented Feb 12, 2014

👍

Owner

fabiopelosin commented Feb 12, 2014

~/Libraries/Caches/(not sure on exact location) can be root and cause failure

I expect everything in home dir of the user not being root. Can you elaborate on this?

Contributor

kylef commented Feb 12, 2014

As you can see when using sudo, the user's HOME directory is still set. So ~/Library/Caches will be used as the existing user not root.

$ sudo env
HOME=/Users/kylef
LOGNAME=root
USER=root
USERNAME=root
SUDO_USER=kylef
SUDO_UID=501
SUDO_GID=20

I'm not sure how ruby expands paths, but from what i've seen on someone mac computer with root files in ~/Library/Caches I think it takes $HOME.

Owner

fabiopelosin commented Feb 12, 2014

Yep but is very rare to set permissions to root for files stored in the home directory tree, no?

Contributor

kylef commented Feb 16, 2014

@irrationalfab I think I didn't explain this very well. Take the following example:

$ rm -fr ~/Library/Caches/CocoaPods/
$ rm -fr ~/.cocoapods/repos/master/
$ sudo pod install  # user accidentally uses sudo pod
Setting up CocoaPods master repo

Now, the user has caches and a master repo as root. Along with Pods:

$ ls -al ~/.cocoapods/repos/
drwxr-xr-x  3732 root   staff  126888 16 Feb 18:25 master

$ ls -al ~/Library/Caches/CocoaPods/
drwxr-xr-x   19 root   staff   646 16 Feb 18:26 GitHub

$ ls -al
drwxr-xr-x    3 root   staff    102 16 Feb 18:30 Pods

Now the user run's pod without root, most pod related commands are going to fail with various permission errors. Some raise huge backtraces, some say permission denied.

$ pod install
Analyzing dependencies
[!] Pod::Executable pull

error: cannot open .git/FETCH_HEAD: Permission denied

To fix all these permission errors the user needs to delete the caches, delete the pod repository and delete any project local Pods directory.

I think that instead of letting a user run pod as root, we shouldn't let them do this to prevent them getting in a mess like above.

Contributor

kylef commented Feb 16, 2014

Right, i've attached a commit to this. Not sure if this is the correct place to do this kind of check.

Owner

fabiopelosin commented Feb 21, 2014

Looks good to me!

Contributor

kylef commented Feb 21, 2014

Perhaps we should have a clause to help the user cleanup an existing install where they used "sudo" and have files at ~/Library/Caches/CocoaPods/, ~/.cocoapods/repos/master, and Pods/ as root.

Owner

fabiopelosin commented Feb 21, 2014

I think that a section in the guides with instructions to fix any resulting issue would do. I would just print the link in the output of the command line.

@kylef kylef referenced this pull request Feb 22, 2014

Closed

I got a error like this #1833

Contributor

kylef commented Feb 22, 2014

Yes, perhaps it should also catch all Errno::EACCES - Permission denied such as found in #1833.

Display a link to the guide in that case too.

@kylef kylef referenced this pull request in AFNetworking/AFNetworking Mar 6, 2014

Closed

can't add AFNetworking to project using cocoapods. #1872

@kylef kylef assigned kylef and unassigned kylef Mar 25, 2014

Owner

fabiopelosin commented Mar 27, 2014

What is the state of this?

Issue has been confirmed by @confidencejuice

@kylef kylef assigned kylef and unassigned CocoaPodsBot Mar 30, 2014

Contributor

Ashton-W commented Apr 9, 2014

Is this issue in need of a developer?

Contributor

kylef commented Apr 9, 2014

After thinking about this some more, I don't think it's realistic that we can catch all permission denied errors and show a message. Some will come from git, mercurial, bzr etc.

Maybe we should just roll with this PR and add a note in the troubleshooting guide regarding what to do with permission errors.

Does this work for everyone?

Contributor

Ashton-W commented Apr 9, 2014

👍

Owner

alloy commented Apr 9, 2014

@kylef Sounds wise to me 👍 Just one point, can you please add a period to the end of the sentence?

Contributor

kylef commented Apr 9, 2014

@alloy Sure thing 👍.

@kylef kylef closed this in 0465aee Apr 9, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment