protect users from themselves when they use sudo inappropriately #604

Closed
bos opened this Issue May 24, 2012 · 4 comments

Comments

Projects
None yet
3 participants
Contributor

bos commented May 24, 2012

(Imported from Trac #611, reported by @dcoutts on 2009-11-27)

Users sometimes get themselves into trouble with sudo. For example:

sudo cabal install blah
or
sudo cabal update
In both cases, the user is doing actions as root that modify their normal-user files.

In the first case it will install a package into ~/.cabal/ but of course all the files owned by root, so the user cannot delete them again later.

In the second case cabal will as root update the per-user package index. This will make further updates not as root fail, and worse because of a file permissions bug, the index will not be readable as their normal user.

The aim would be to protect users from themselves and tell them when they're doing something that's almost certainly wrong. We could suggest alternatives, like don't use sudo if you wanted to do a per-user install, or use sudo and --global if you did.

The tricky bit is making a suitably accurate test and making it possible to do the silly thing, if that's what the user really really wanted.

Contributor

bos commented May 24, 2012

(Imported comment by draconx on 2009-11-27)

Maybe I don't understand how sudo works, but why is cabal installing in the user's home directory when running as root in the first place?

It should be installing packages in root's home directory if you do this.

Contributor

bos commented May 24, 2012

(Imported comment by @dcoutts on 2010-01-28)

Replying to draconx:

Maybe I don't understand how sudo works, but why is cabal installing in the user's home directory when running as root in the first place? It should be installing packages in root's home directory if you do this.

I think sudo does not change the $HOME environment variable since it doesn't really "log in" as a the root user.

jsl commented Feb 24, 2015

Given that there is no activity on this ticket since 2010, I propose closing. Please re-open or create a new issue if this is still a problem.

/cc @tibbe

@tibbe tibbe closed this Feb 24, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment