New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installation as root fails mysteriously #3232

Merged
merged 1 commit into from Jul 12, 2014

Conversation

Projects
None yet
4 participants
@jessetane
Contributor

jessetane commented Jul 10, 2014

Issue Summary

If you try to install Ghost as root you'll have a very frustrating time of it!

Mostly because grunt-shell < 0.7.0 doesn't pass errors upstream by default - so grunt init appears to succeed (even though the bower shell task will have failed), npm start works and you'll make it to the landing page but visiting /ghost yields a blank screen.

The actual reason things break is because bower can't run as root.

Opinion time: Ghost itself places no restrictions on running as root (indeed neither do node, npm, grunt-cli or pretty much any other program I've heard of) so why does bower get to be an exception?

This patch addresses both issues. If you disagree with my opinion I still recommend updating grunt-shell to 0.7.0 so that at least blame for failure can be properly placed on bower's insubordination.

Steps to Reproduce

  1. be root
  2. clone the repo
  3. git checkout stable
  4. npm install
  5. grunt init
  6. npm start
  7. visit in browser and experience broken things

Technical details

  • Ghost Version: stable - latest commit: 4e664f0
  • Client OS: Mac OS X 10.9.4
  • Server OS: Arch Linux lxc container
  • Node Version: 0.10.29
  • Browser: Chrome 35.0.1916.153
  • Database: SQLite
@novaugust

This comment has been minimized.

Member

novaugust commented Jul 10, 2014

Hi @jessetane and welcome to Ghost. Thanks for tracking this error down - I helped someone else with an install that went wrong because the bower shell task failed: now we know why.
Would you please read our contributing guidelines, in particular the section on bug reports and more importantly on submitting PRs and reformat your PR to suit?
Cheers

jessetane added a commit to jessetane/Ghost that referenced this pull request Jul 10, 2014

jessetane added a commit to jessetane/Ghost that referenced this pull request Jul 10, 2014

@jessetane jessetane changed the title from Installation as root to Installation as root fails mysteriously Jul 10, 2014

@jessetane jessetane changed the title from Installation as root fails mysteriously to Bug: Installation as root fails mysteriously Jul 10, 2014

@jessetane jessetane changed the title from Bug: Installation as root fails mysteriously to Installation as root fails mysteriously Jul 10, 2014

@jessetane

This comment has been minimized.

Contributor

jessetane commented Jul 10, 2014

@novaugust updated

@novaugust

This comment has been minimized.

Member

novaugust commented Jul 10, 2014

@jessetane thanks for getting after that so quickly! I just realized, the contributing link I sent you didn't directly tell you this, you would've had to follow a link or two... but we squash our PRs down to just one commit with git rebase. Here's a little guide on how to do that

@novaugust

This comment has been minimized.

Member

novaugust commented Jul 10, 2014

Also

visit in browser and experience broken things

👍 I like your style

update grunt-shell to 0.7.0
grunt: pass --allow-root to bower

fixes #3232
@jaswilli

This comment has been minimized.

Member

jaswilli commented Jul 10, 2014

Hi @jessetane -- I'd review #2351 for the general mood on making it easy to install Ghost as root.

Upgrading grunt-shell sounds like a good idea, though. Silent bower install failures cause a lot of grief.

Welcome!

@jessetane

This comment has been minimized.

Contributor

jessetane commented Jul 10, 2014

@jaswilli yes I read that, my opinion continues to be that unless Ghost intends to document and explicitly prevent root from working as expected then its dependencies should not be allowed to insert their opinions.

Including some helpful information about the dangers of running as root is simpler than jumping through hoops to prevent people from shooting themselves in the foot.

When you say "sudo make me a sandwich" nobody gets to say no, that's just how it works :)

@jessetane

This comment has been minimized.

Contributor

jessetane commented Jul 10, 2014

@novaugust squashed

@ErisDS

This comment has been minimized.

Member

ErisDS commented Jul 10, 2014

@jessetane You're right, the lack of a clear error message is really poor and I agree that it is weird that bower enforces not-root when Ghost doesn't.

However, there's a reason why bower does what it does, and that's because without it you can have problems with your cache being partially owned by root, which will only cause similar error-less obscure problems further down the road. Chances are if we merge this PR, someone else will encounter that issue and come along and do a reverse PR. I think making sure the error message is visible is the solution to this.

There's a similar problem with npm, and whilst npm doesn't enforce running without sudo, it would actually be really helpful if it did. People get a little sudo happy when installing node/npm, and then their Ghost install doesn't work without sudo, and then they think Ghost needs sudo and it all gets a little messy.

Ideally, we want to guide people toward doing the right thing (not running Ghost as root) so perhaps the full solution to this problem is to also add our own error message and override param, and to update our documentation to reflect this. For reference, yeoman is another project which does this.

Out of interest @jessetane, what is your use-case for using root?

@jessetane

This comment has been minimized.

Contributor

jessetane commented Jul 10, 2014

My use case is that I like to try out new software (like Ghost) in containers or virtual machines that run a super stripped down os with no login users other than root. This is nice in part because I don't have to do any sudo'ing while I figure out how to get things up and going. If I decide I like the software, deploying to production is trivial with a modern init system like upstart or systemd where I can drop privileges by specifying the user I want my service to run as, for example the non-login user "nobody" works well (and yes, I'll probably have to chown Ghost/content).

Here's a systemd example:

[Unit]
Description=Ghost blog

[Service]
User=nobody
Environment="NODE_ENV=production"
ExecStart=/usr/bin/node /usr/local/Ghost/index.js
Restart=always

[Install]
WantedBy=multi-user.target

And here are some docs for upstart:
http://upstart.ubuntu.com/cookbook/#setuid

People aren't going to get far running a node app in production without using an init system, which by default is very likely to try and start Ghost as root anyways, so this is the perfect time to show them how to do things properly and talk about the dangers of running publicly exposed services as root.

Other programs:

  • npm: even isaacs says it's OK: npm/npm#3139
  • bower: since bower is installed and invoked locally to Ghost the caching issues they describe don't apply - if you alternate running grunt init as root and someone else (or any two users for that matter), things are gonna get weird bower or no bower.
  • yeoman: yeoman/yo#101
  • brew: (another program I thought of that does this) bites me every time I try to install sshfs!

Every operating system has many programs you use everyday as an unprivileged user that are actually owned by root. Installing things as root is not bad or evil. Creating bandaids that prevent people from gaining important understanding about the difference between filesystem permissions and service security is perhaps not evil, but imo not a shortcut we should encourage them to take.

@ErisDS

This comment has been minimized.

Member

ErisDS commented Jul 10, 2014

so this is the perfect time to show them how to do things properly and talk about the dangers of running publicly exposed services as root.

I don't disagree, like at all, but any suggestions for the right way to go about doing this?

@jessetane

This comment has been minimized.

Contributor

jessetane commented Jul 10, 2014

Well, merging this patch will probably make installation "Just Work" for a lot more people who try Ghost for the first time, which means they'll think it's cool and after a short while arrive here:

http://docs.ghost.org/installation/deploy/

Where detailed instructions on proper deployment are already available :)

Using sysV init as recommended here does indeed require using some additional monitoring program like forever (I like mon if I'm stuck with sysV) to restart Ghost if it crashes, which makes things a bit more complex than using a more modern init - it would be great to see an upstart example here too (I see there is already a systemd one):

https://github.com/TryGhost/Ghost-Config

jessetane added a commit to jessetane/Ghost that referenced this pull request Jul 11, 2014

@ErisDS

This comment has been minimized.

Member

ErisDS commented Jul 11, 2014

Anyone else feel strongly about this? Otherwise I'm inclined to merge it.

@novaugust

This comment has been minimized.

Member

novaugust commented Jul 11, 2014

I'm 👍 on it
On Jul 11, 2014 8:30 AM, "Hannah Wolfe" notifications@github.com wrote:

Anyone else feel strongly about this? Otherwise I'm inclined to merge it.


Reply to this email directly or view it on GitHub
#3232 (comment).

ErisDS added a commit that referenced this pull request Jul 12, 2014

Merge pull request #3232 from jessetane/install-as-root
Installation as root fails mysteriously

@ErisDS ErisDS merged commit a24eeb0 into TryGhost:master Jul 12, 2014

1 check passed

continuous-integration/travis-ci The Travis CI build passed
Details

morficus pushed a commit to morficus/Ghost that referenced this pull request Sep 4, 2014

update grunt-shell to 0.7.0
grunt: pass --allow-root to bower

fixes TryGhost#3232

morficus pushed a commit to morficus/Ghost that referenced this pull request Sep 4, 2014

Merge pull request TryGhost#3232 from jessetane/install-as-root
Installation as root fails mysteriously
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment