This repository has been archived by the owner. It is now read-only.

Is sudo supposed to be required for globally installed packages on OS X? #3139

Closed
domenic opened this Issue Feb 8, 2013 · 13 comments

Comments

Projects
None yet
@domenic
Member

domenic commented Feb 8, 2013

Several coworkers have downloaded the default Node.js install from nodejs.org, and can't install packages globally without using sudo. They're running Mac OS X.

We've been solving this by either: (1) chowning directories left and right; or (2) nuking their existing installation and telling them to use homebrew.

Is this intended behavior?

@mfncooper

This comment has been minimized.

Contributor

mfncooper commented Feb 10, 2013

The default install probably puts things in /usr/local/bin, which means global installs will try to go there too, and yes, that usually requires sudo. The easiest way to handle this is to set the npm global prefix such that global installs will go somewhere else. (npm config set prefix /some/better/path -g) Make sure that the somewhere else is on the path, so that things will be found.

An alternative would be to have your coworkers use something like nvm, which will install in a writable location as well as let them easily switch between versions. (And it doesn't build Node any more, unless it has to.)

@isaacs

This comment has been minimized.

Member

isaacs commented Feb 10, 2013

Using sudo is fine. npm will not run arbitrary build scripts as root, if you're root -- it chown's the package dir to nobody and then runs scripts as nobody.

If packages do other non-gyp things in their install scripts, then they are broken. Complain to the authors.

If you really really need to run package scripts as root, then set the unsafe-perm config to true.

@isaacs isaacs closed this Feb 10, 2013

@edef1c

This comment has been minimized.

Member

edef1c commented Feb 10, 2013

@domenic I personally npm config set prefix ~/npm and have ~/npm/bin in my PATH.

@MattiSG

This comment has been minimized.

MattiSG commented Feb 11, 2013

From a user point of view, as it's global, i.e. it makes a command available to all users, it seems logical that admin access is required.

@luk-

This comment has been minimized.

Contributor

luk- commented Mar 23, 2013

@MattiSG that's not necessarily true. the user on my machine I use for dev work can write to the directory without using sudo, and these commands can be ran by other users on the system if necessary due to how the executable permissions are set up. You don't need root-level permissions to allow a command to be executable to all users.

@Meligy

This comment has been minimized.

Meligy commented Jan 3, 2015

I'd argue this should be opened again. At least for how the behaviour differs from Windows for example, for what's essentially the same semantic (running global installs as admin).

i have been using NPM on Windows for years. When I got my first Macbook Pro and installed Node then tried to install my first global package I just halted.

It should be standardized whether global packages are meant to be global within the same user profile (which makes most sense especially in hosted environments), or machine wide. This shouldn't change per OS (or at least be documented in NPM install or NPM folders documentation sections).

Thanks a lot for reading this feedback, and for making NPM in the first place.

@edef1c

This comment has been minimized.

Member

edef1c commented Jan 5, 2015

@Meligy On Unices, the convention is that "global" means /usr/local. On Windows, per-user installs are fairly common, and running npm as admin is a bunch more painful. In the face of those things, "consistency" feels like a fairly flimsy argument against the OS difference.

@Meligy

This comment has been minimized.

Meligy commented Jan 5, 2015

If it's inconsistent (assuming we agree there are good reasons for the inconsistency), then it will make several people's life a tiny but easier if there is a warning about that, either in CLI (best) or in documentation.

I couldn't find anywhere that is authentic and suggests this is the expected behaviour (that it's not broken) except here, which wasn't the only result on the topic when searching.

@edef1c

This comment has been minimized.

Member

edef1c commented Jan 6, 2015

It's consistency with the surrounding environment over consistency across platforms. It might be a mild surprise for people who work on multiple platforms, but that's a small price to pay, relative to surprising everyone who uses Windows only.

@loxK

This comment has been minimized.

loxK commented May 20, 2015

The issue I face:

when installing a package globally using sudo, it writes to my ~/.npm folder as root so running npm install as a normal user fails very often afterwards.

@othiym23

This comment has been minimized.

Contributor

othiym23 commented May 20, 2015

@IoxK You should upgrade your npm and then run sudo chown -R $(whoami) ~/.npm one more time to get everything straightened out. After that, npm shouldn't mess up permissions in ~/.npm anymore.

@christianhaller

This comment has been minimized.

christianhaller commented May 27, 2015

thx @othiym23 👍

@ajmas

This comment has been minimized.

ajmas commented Sep 27, 2016

What do you do if you need to npm install global, but you don't have an admin account? Should the alternative behaviour be to prompt the user to install local to their account instead? Something like:

You don't have write permission to /usr/local/bin, do you wish to install to ~/bin instead? [y/N/always]

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.