You are attempting to run Meteor as the "root" user

[rclai]

Uh... Why is this error happening? I did not even upgrade any of my Meteor apps at all. Why would this shell flow control be getting hit when I haven't even updated to the new version? This must have come up as a result of you pushing out this latest build.

Anyway, running this:

meteor run --unsafe-perm --port 3002

Does not fix the issue, and it's because I'm running an old version of Meteor and all I get is this:

You have run Meteor as root. Your permissions in your app directory will be incorrect if you ever attempt to perform any Meteor tasks
as your non-root user. You probably didn't want this, but you can fix it by running the following from the root of your project:

sudo chown -Rh <username> .meteor/local

--unsafe-perm: unknown option.                
Usage: meteor run [target..] [options]

Searches upward from the current directory for the root directory of a
Meteor project, then runs that project in local development
mode. You can use the application by pointing your web browser at
localhost:3000. No internet connection is required.

Whenever you change any of the application's source files, the changes
are automatically detected and applied to the running application.

The application's database persists between runs. It's stored under
the .meteor directory in the root of the project.

If you have added a platform to your app with 'meteor add-platform', you can
pass one of the following targets as an argument to this command.

Targets:
  android          Run on the Android emulator.
  android-device   Run on a connected Android device.
  ios              Run on the iOS simulator.
  ios-device       Open Xcode with the iOS project for this app, where you can
                   run your app on a connected iOS device.

Options:
  --port, -p       Port to listen on (instead of the default 3000). Also
                   uses port N+1 and a port specified by --app-port.
                   Specify as --port=host:port to bind to a specific interface.
  --debug-port     Specify a port to enable server-side debugging. The
                   server will be paused at startup, waiting for incoming
                   connections from debugger clients on the specified port.
  --mobile-server  Location where mobile builds connect to the Meteor server.
                   Defaults to your local IP and the port that the Meteor
                   server binds to. Can include a URL scheme (for
                   example, --mobile-server=https://example.com:443).
  --production     Simulate production mode. Minify and bundle CSS and JS files.
  --raw-logs       Run without parsing logs from stdout and stderr.
  --settings       Set optional data for Meteor.settings on the server.
  --release        Specify the release of Meteor to use.
  --verbose        Print all output from builds logs.
  --no-lint        Don't run linters used by the app on every rebuild.
  --allow-incompatible-update   Allow packages in your project to be upgraded or
                   downgraded to versions that are potentially incompatible with
                   the current versions, if required to satisfy all package
                   version constraints.
  --test           [Experimental] Run Velocity tests using phantomjs and exit.

I know I shouldn't be running as root, but this just so happened to be the dev server I'm building in and don't have the flexibility to set up users on this server.

There seems to be some hijacking of the old Meteor versions in my server as a result of your update.

[rclai]

Reinstalling did not fix the issue.

Meteor is still not recognizing the --unsafe-perm still for Meteor apps on older versions (I have not tested on newest versions).

[jpmelnik]

+1 Same for me. I'm over Ubuntu 16.04 and I can't run "meteor update".

You are attempting to run Meteor as the "root" user. If you are developing, this is almost certainly not what you want to do and will likely result in incorrect file permissions. However, if you are
running this in a build process (CI, etc.) or you are absolutely sure you know what you are doing, add the --unsafe-perm flag to this command to proceed.

[benjamn]

Commented on the PR: #7821 (comment)

[ismail-syed]

Same here!
Any suggestions?

It was working fine earlier this morning. I just happened to notice this about an hour ago.

>sudo meteor

You are attempting to run Meteor as the "root" user. If you are developing, this is almost certainly *not* what you want to do and will likely result in incorrect file permissions. However, if you are running this in a build process (CI,
etc.) or you are absolutely sure you know what you are doing, add the `--unsafe-perm` flag to this command to proceed.

I usually have to run with sudo, if not I get the following.

>meteor
[[[[[ ~/Development/project ]]]]]

=> Started proxy.
=> Started MongoDB.

/Users/iSyed/.meteor/packages/ecmascript/.0.4.6.pxweny++os+web.browser+web.cordova/plugin.compile-ecmascript.os/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:165
      throw error;
            ^
Error: EACCES, open '/Users/iSyed/.meteorsession' 

[jpmelnik]

1. I removed meteor completly from my system.
2. I did a backup for my project.
3. I removed the project
4. Install meteor again.
5. I created new meteor project without root.
6. I imported the project from the backup.
7. Now, meteor / meteor run / meteor update works as expected.

[jpmelnik]

Update #1:

The package momentjs:moment@2.15.2 stop the app execution.

Update #2

momentjs:moment, added version 2.8.4, works fine.

[jay-depot]

I think #7964 is the same issue. This is kind of a big deal, as it's breaking Docker deployments for anyone not on the bleeding edge version of Meteor.

[abernix]

@isyed867 Your situation is one of the (many) problems that this --unsafe-perm argument is trying to solve. In development, on your machine, where you have multiple accounts, you should not run Meteor as root (i.e. with sudo) as it will break a variety of things. To fix your problem, you should be able to run sudo rm ~/.meteorsession and then run meteor login again without sudo.

[abernix]

If it's not obvious by the error outputted: You can avoid this issue by not running Meteor as root which is not recommended and frequently causes problems (see above).

Some environments only have one (root) user by default and I'm aware that it's common practice to run everything inside Docker as the root user, but it has had its drawbacks and a common security recommendation is to NOT do this. See the USER setting in the Dockerfile reference and Dockerfile best practices. There is really very little reason to run meteor as root, even in Docker.

That being said, this is indeed an unintended bug affecting folks who run pre-Meteor 1.4.2 apps as root (even with the --unsafe-perm flag). For the explanation as to why, see my comment here: #7821 (comment).

Please try this suggested workaround for the time-being – instead of the usual Meteor install command, use these:

export METEOR_NO_RELEASE_CHECK=true # make sure this is set in your environment.
curl https://install.meteor.com/?release=1.4.1.3 | sh # You can use the exact version you're deploying here, or 1.4.1.3.

This will also likely speed up your Docker builds if your app is using an older version of Meteor than the current official release since it will avoid double-downloading of meteor-tool. But! Be absolutely sure that you update this version, or remove this workaround as you update Meteor versions.

I'll try to take a look at this today.

[rclai]

Thanks, @abernix's workaround is working.

[rclai]

Uh, @abernix, the error started happening again even after doing:

export METEOR_NO_RELEASE_CHECK=true # make sure this is set in your environment.
curl https://install.meteor.com/?release=1.4.1.3 | sh # You can use the exact version you're deploying here, or 1.4.1.3.

Did your recent commit cause that?

[rclai]

I had to re-run the workaround commands again to make it work. Weird.

[abernix]

My recent commit is on a different branch as a proposed fix, so no.

If it just started happening again it's because the download just went on in the background – meaning either METEOR_NO_RELEASE_CHECK wasn't set when the process continued (you'll want to make sure it's set permanently in your Docker environment), or you're using Meteor before 1.4.1 which is when this variable became suported.

You can try also setting export METEOR_OFFLINE_CATALOG=true, but you should make sure that the METEOR_NO_RELEASE_CHECK variable is persisted during multiple runs of all Meteor commands.

tl;dr if METEOR_NO_RELEASE_CHECK gets unset, you will run into this problem again.

[rclai]

Ah okay.

[hibes]

This is a majorly breaking change for my team. --unsafe-perm doesn't work for us, meteor processes that argument correctly, but whatever function implements meteor run doesn't, so we get:

You have run Meteor as root. Your permissions in your app directory will be incorrect if you ever attempt to perform any Meteor
tasks as your non-root user. You probably didn't want this, but you can fix it by running the following from the root of your
project:

sudo chown -Rh .meteor/local

--unsafe-perm: unknown option.
Usage: meteor run [target..] [options]

Is it possible to revert to an older version of whatever meteor wrapper changed to break this?

[rclai]

Have you tried the above?

[hibes]

Thought we had, tried it again now, looks like it's working. Thanks, that workaround will do.

[aldo235]

some one have sollition for this case? i still have this issue

[benjamn]

Meteor 1.4.2.1 is out now! Please run meteor update and feel free to reopen this issue if the --allow-superuser option does not work for you. (Yes, --unsafe-perm should work too, but --allow-superuser is the recommended option now.)

[88plug]

Testing @benjamn -

[88plug]

Finally confirmed working with --allow-superuser on docker image node:latest ...

[aldo235]

some project work other project not work

`Even with METEOR_ALLOW_SUPERUSER or --allow-superuser, permissions in your app directory will be incorrect if you
ever attempt to perform any Meteor tasks as a normal user. If you need to fix your permissions, run the following
command from the root of your project:

sudo chown -Rh .meteor/local

You are attempting to run Meteor as the "root" user. If you are developing, this is almost certainly not what you
want to do and will likely result in incorrect file permissions. However, if you are running this in a build process
(CI, etc.) or you are absolutely sure you know what you are doing, add the --unsafe-perm flag to this command to
proceed.`

i use meteor --allow-superuser

[rsercano]

--unsafe-perm option doesn't work anymore it stuck as below:

Even with METEOR_ALLOW_SUPERUSER or --allow-superuser, permissions in your app
directory will be incorrect if you ever attempt to perform any Meteor tasks as
a normal user. If you need to fix your permissions, run the following command
from the root of your project:

sudo chown -Rh .meteor/local

[abernix]

@aldo235 @rsercano What is the output of the following command on the system that you're experiencing this on:

readlink $HOME/.meteor/meteor

And what are the contents of the .meteor/release file from the Meteor app that this is happening on?

[rsercano]

METEOR@1.4.2 and for the command:

packages/meteor-tool/1.4.2_1/mt-os.linux.x86_64/meteor

As far as I know, you implemented it downgrade compatible, so I was expecting --unsafe-perm to work.

[abernix]

@rsercano The message you are receiving is not an error – it is just a warning and Meteor should not be stopping at that point. It's very possible that it's sitting there with that message on your screen, but everything is still continuing and running in the background.

[rsercano]

@abernix Indeed, that's what I was expecting but after a while (like 3-5 minute after) it gives below error:

You are attempting to run Meteor as the "root" user. If you are developing,
this is almost certainly *not* what you want to do and will likely result in
incorrect file permissions. However, if you are running this in a build process
(CI, etc.) or you are absolutely sure you know what you are doing, add the
`--unsafe-perm` flag to this command to proceed.

docker kills this container. But it has this flag already. Here's the docker file:
https://hub.docker.com/r/mongoclient/mongoclient/~/dockerfile/

[abernix]

@rsercano Ok, I understand why it is happening, but the problem is still fixed by Meteor 1.4.2.1 and while you do have the latest tool installed, your app itself is still using the buggy version. You should upgrade your actual app to Meteor 1.4.2.1 and the problem should go away. 1.4.2.1 is also a very important bug-fix release for other reasons and I would recommend doing it as soon as possible. The upgrade should be painless, but you will need to make sure that you have the babel-runtime NPM installed.

Please see this blog post for more information.

[rsercano]

@abernix thanks it seems to be fixed after upgrading 1.4.2.1

[faceyspacey]

this shouldn't be happening if you haven't upgraded anything. I don't want to upgrade anything. I want to keep everything exactly the same. I did not opt into this. How did this even happen. I use sudo to use port 80 on my computer. This is messed up.

So that said, is there a way to like upgrade globally just the cli while not updating my app. I'm not sure about these details, and that's why what's going on here is very distressing. I'm not even confident a version-locked app and an upgraded CLI will be able to run my legacy app.

[abernix]

@faceyspacey Not providing us with any information about what your situation is right now (app version, error output, etc.) is not likely to get you any help in resolving your problem and the answer as to "Why this happened" is higher up in this thread, if you care. Long story short, if you start your existing, older Meteor app with --allow-superuser you should be fine.

If this doesn't work, we'll be happy to help but the most important information to get to help you would be the output of meteor --version (not run with sudo) from INSIDE your Meteor app directory, and also from your home directory. I would also recommend you research how to use Mac OS X's pf command to forward port 80 to a non privileged port where Meteor is actually running (like port 3000) as opposed to binding Meteor directly to port 80, for a variety of very important reasons.

[faceyspacey]

@abernix I literally just got it to work. It wasn't that bad. Upgrading to the latest version of meteor and using --allow-superuser worked just fine. My app stayed version-locked. Although, the first time, I got this message: Error: $MONGO_OPLOG_URL must be set to the 'local' database of a Mongo replica set but I tried again and it went away.

ps. You may want to somehow retitle this issue with the answer, cuz every legacy app developer will waste an hour reading the issue wall. @rclai

[abernix]

@faceyspacey Glad you got it to work. Hopefully you understand the reason for it based on the message – it is actually a big deal and causes a lot of very hard to debug support problems which is why it is so forcefully required. If it works for you, keep on doing what you've been doing, but you'll have to run --allow-superuser to "agree" to the problems that it might cause. Again, if you can avoid it, please consider using port forwarding from port 80 to an unprivileged port.

[selasi]

After trying the suggestions above and had no success, this is what I did. I changed the content of .meteor/release to METEOR@1.4.2.1 and removed .meteor/local. Then I run meteor in the terminal and it worked like magic. Hopefully this works for you.

[openqubit]

I used this on ubuntu 16 and it works

export METEOR_NO_RELEASE_CHECK=true # make sure this is set in your environment.
curl https://install.meteor.com/?release=1.4.1.1 | sh # You can use the exact version you're deploying here, or 1.4.1.1.

You can use meteor in root.Used meteor in root to build an apk on digitalocean 4GB droplet.

This is the location of the generated apk

~/your_meteor_app_directory/.meteor/local/cordova-build/platforms/android/build/outputs/apk

[abernix]

Again, if you MUST run as privileged root user (which is discouraged as a best practice, even in Docker – by their own proclamation), you can pass the --allow-superuser flag to Meteor commands . Please make sure you're using Meteor 1.4.2.2 or higher to avoid the bugs found above in 1.4.2 and 1.4.2.1. If you're still having a problem with this, please open a new issue with your reproduction steps. Thanks!