New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
removes sudo from global installation #1807
Conversation
The /usr/local/bin folder should require sudo access.
removes sudo from global installation
@sclarson are you sure?
|
@tristanlins I think it's one of those platform specific things, I added a n about sudo. |
Yes, I'm sure. Depending on your linux distribution it may not be, but in general it is better to instruct people to use less privilege and possibly add additional steps in case of the error message. Using escalated privilege by default can cause other package managers (homebrew on OSX) to have issues. I may be wrong, but my viewpoint is that if you're in the situation where it is locked down by default, you're more likely to know what sudo does and know that you need it. |
@sclarson: i've never seen a linux distribution in which /usr/local/bin was available for normal users to write to. so sudo is pretty well a necessity. |
Yes I also not see any distribution allow a regular user to write into |
@jrobeson I looked back at our production servers and you're correct. It was my local and some vm's that had that open. I still do prefer assuming not to use sudo unless necessary though as there are a lot of osx users where this is writable by users. A good alternative may be removing this and adding wording for osx users to not use sudo or to use homebrew to install composer globally. |
IMO the advice to use I strongly discourage everyone to use sudo without knowing exactly what is happening then, therefore the phrasing in the last commit by @Seldaek should at least be rephrased a little with an explanation. Currently it sounds like: "Hey try this and if it does not work out, simply do it as root, trust us, it won't do any harm." which transports the wrong message, anyone running something as root should be extremely cautious. On another hand, I already feel people complaining about "why does selfupdate not work for me" etc. OTOH: I encourage everyone to install composer in ~/bin vs. system wide, as this is IMO the best way to install anyway. |
removes sudo from global installation
The /usr/local/bin folder shouldn't require sudo access.