Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

CocoaPod's shouldn't let you run as root #1815

Closed
wants to merge 1 commit into from

5 participants

@kylef
Owner

I'm often finding people using sudo the first time because they needed it to install and they don't fully understand they don't need it in the future. This leads to problems further down the line when they don't use sudo.

It's currently possible to make both your repositories and library caches as root so running subsequent commands will cause hard to understand failures.

Thinking we should do something like this (someone to think of better copy):

$ sudo pod
Hey, it's just pod you will need to drop sudo.

We also need to facilitate with things being root because you won't be able to continue running as root.

~/Libraries/Caches/(not sure on exact location) can be root and cause failure, perhaps we should drop these? Or get a friendlier message when "git clone" from cocoapods-downloader fails due to permission.
~/.cocoapods/repos/master could be root.

@fabiopelosin

~/Libraries/Caches/(not sure on exact location) can be root and cause failure

I expect everything in home dir of the user not being root. Can you elaborate on this?

@kylef
Owner

As you can see when using sudo, the user's HOME directory is still set. So ~/Library/Caches will be used as the existing user not root.

$ sudo env
HOME=/Users/kylef
LOGNAME=root
USER=root
USERNAME=root
SUDO_USER=kylef
SUDO_UID=501
SUDO_GID=20

I'm not sure how ruby expands paths, but from what i've seen on someone mac computer with root files in ~/Library/Caches I think it takes $HOME.

@fabiopelosin

Yep but is very rare to set permissions to root for files stored in the home directory tree, no?

@kylef
Owner

@irrationalfab I think I didn't explain this very well. Take the following example:

$ rm -fr ~/Library/Caches/CocoaPods/
$ rm -fr ~/.cocoapods/repos/master/
$ sudo pod install  # user accidentally uses sudo pod
Setting up CocoaPods master repo

Now, the user has caches and a master repo as root. Along with Pods:

$ ls -al ~/.cocoapods/repos/
drwxr-xr-x  3732 root   staff  126888 16 Feb 18:25 master

$ ls -al ~/Library/Caches/CocoaPods/
drwxr-xr-x   19 root   staff   646 16 Feb 18:26 GitHub

$ ls -al
drwxr-xr-x    3 root   staff    102 16 Feb 18:30 Pods

Now the user run's pod without root, most pod related commands are going to fail with various permission errors. Some raise huge backtraces, some say permission denied.

$ pod install
Analyzing dependencies
[!] Pod::Executable pull

error: cannot open .git/FETCH_HEAD: Permission denied

To fix all these permission errors the user needs to delete the caches, delete the pod repository and delete any project local Pods directory.

I think that instead of letting a user run pod as root, we shouldn't let them do this to prevent them getting in a mess like above.

@kylef
Owner

Right, i've attached a commit to this. Not sure if this is the correct place to do this kind of check.

@fabiopelosin

Looks good to me!

@kylef
Owner

Perhaps we should have a clause to help the user cleanup an existing install where they used "sudo" and have files at ~/Library/Caches/CocoaPods/, ~/.cocoapods/repos/master, and Pods/ as root.

@fabiopelosin

I think that a section in the guides with instructions to fix any resulting issue would do. I would just print the link in the output of the command line.

@kylef kylef referenced this pull request
Closed

I got a error like this #1833

@kylef
Owner

Yes, perhaps it should also catch all Errno::EACCES - Permission denied such as found in #1833.

Display a link to the guide in that case too.

@kylef kylef referenced this pull request in AFNetworking/AFNetworking
Closed

can't add AFNetworking to project using cocoapods. #1872

@kylef kylef self-assigned this
@kylef kylef removed their assignment
@fabiopelosin

What is the state of this?

@CocoaPodsBot CocoaPodsBot was assigned by kylef
@CocoaPodsBot
Collaborator

Issue has been confirmed by @confidenceJuice

@CocoaPodsBot CocoaPodsBot was unassigned by kylef
@kylef kylef self-assigned this
@Ashton-W

Is this issue in need of a developer?

@kylef
Owner

After thinking about this some more, I don't think it's realistic that we can catch all permission denied errors and show a message. Some will come from git, mercurial, bzr etc.

Maybe we should just roll with this PR and add a note in the troubleshooting guide regarding what to do with permission errors.

Does this work for everyone?

@alloy
Owner

@kylef Sounds wise to me :+1: Just one point, can you please add a period to the end of the sentence?

@kylef
Owner

@alloy Sure thing :+1:.

@kylef kylef referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
@kylef kylef closed this pull request from a commit
@kylef kylef Don't let the user run as root
Closes #1815
0465aee
@kylef kylef closed this in 0465aee
@kylef kylef referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
@kylef kylef referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 16, 2014
  1. @kylef

    Don't let the user run as root

    kylef authored
    Closes #1815
This page is out of date. Refresh to see the latest.
Showing with 7 additions and 0 deletions.
  1. +3 −0  lib/cocoapods/command.rb
  2. +4 −0 spec/functional/command_spec.rb
View
3  lib/cocoapods/command.rb
@@ -43,11 +43,14 @@ def self.parse(argv)
end
def self.run(argv)
+ help! "You cannot run CocoaPods as root" if Process.uid == 0
+
argv = CLAide::ARGV.new(argv)
if argv.flag?('version')
UI.puts VERSION
exit 0
end
+
super(argv)
UI.print_warnings
end
View
4 spec/functional/command_spec.rb
@@ -14,5 +14,9 @@ module Pod
UI.output.should.include 'spec/fixtures/spec-repos/master/AFNetworking'
end
+ it "doesn't let you run as root" do
+ Process.stubs(:uid).returns(0)
+ lambda { Pod::Command.run(['--version']) }.should.raise CLAide::Help
+ end
end
end
Something went wrong with that request. Please try again.