Skip to content
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.

Is sudo supposed to be required for globally installed packages on OS X? #3139

Closed
domenic opened this issue Feb 8, 2013 · 13 comments
Closed

Comments

@domenic
Copy link
Contributor

domenic commented Feb 8, 2013

Several coworkers have downloaded the default Node.js install from nodejs.org, and can't install packages globally without using sudo. They're running Mac OS X.

We've been solving this by either: (1) chowning directories left and right; or (2) nuking their existing installation and telling them to use homebrew.

Is this intended behavior?

@mfncooper
Copy link
Contributor

The default install probably puts things in /usr/local/bin, which means global installs will try to go there too, and yes, that usually requires sudo. The easiest way to handle this is to set the npm global prefix such that global installs will go somewhere else. (npm config set prefix /some/better/path -g) Make sure that the somewhere else is on the path, so that things will be found.

An alternative would be to have your coworkers use something like nvm, which will install in a writable location as well as let them easily switch between versions. (And it doesn't build Node any more, unless it has to.)

@isaacs
Copy link
Contributor

isaacs commented Feb 10, 2013

Using sudo is fine. npm will not run arbitrary build scripts as root, if you're root -- it chown's the package dir to nobody and then runs scripts as nobody.

If packages do other non-gyp things in their install scripts, then they are broken. Complain to the authors.

If you really really need to run package scripts as root, then set the unsafe-perm config to true.

@isaacs isaacs closed this as completed Feb 10, 2013
@edef1c
Copy link
Contributor

edef1c commented Feb 10, 2013

@domenic I personally npm config set prefix ~/npm and have ~/npm/bin in my PATH.

@MattiSG
Copy link

MattiSG commented Feb 11, 2013

From a user point of view, as it's global, i.e. it makes a command available to all users, it seems logical that admin access is required.

@luk-
Copy link
Contributor

luk- commented Mar 23, 2013

@MattiSG that's not necessarily true. the user on my machine I use for dev work can write to the directory without using sudo, and these commands can be ran by other users on the system if necessary due to how the executable permissions are set up. You don't need root-level permissions to allow a command to be executable to all users.

@Meligy
Copy link

Meligy commented Jan 3, 2015

I'd argue this should be opened again. At least for how the behaviour differs from Windows for example, for what's essentially the same semantic (running global installs as admin).

i have been using NPM on Windows for years. When I got my first Macbook Pro and installed Node then tried to install my first global package I just halted.

It should be standardized whether global packages are meant to be global within the same user profile (which makes most sense especially in hosted environments), or machine wide. This shouldn't change per OS (or at least be documented in NPM install or NPM folders documentation sections).

Thanks a lot for reading this feedback, and for making NPM in the first place.

@edef1c
Copy link
Contributor

edef1c commented Jan 5, 2015

@Meligy On Unices, the convention is that "global" means /usr/local. On Windows, per-user installs are fairly common, and running npm as admin is a bunch more painful. In the face of those things, "consistency" feels like a fairly flimsy argument against the OS difference.

@Meligy
Copy link

Meligy commented Jan 5, 2015

If it's inconsistent (assuming we agree there are good reasons for the inconsistency), then it will make several people's life a tiny but easier if there is a warning about that, either in CLI (best) or in documentation.

I couldn't find anywhere that is authentic and suggests this is the expected behaviour (that it's not broken) except here, which wasn't the only result on the topic when searching.

@edef1c
Copy link
Contributor

edef1c commented Jan 6, 2015

It's consistency with the surrounding environment over consistency across platforms. It might be a mild surprise for people who work on multiple platforms, but that's a small price to pay, relative to surprising everyone who uses Windows only.

@loxK
Copy link

loxK commented May 20, 2015

The issue I face:

when installing a package globally using sudo, it writes to my ~/.npm folder as root so running npm install as a normal user fails very often afterwards.

@othiym23
Copy link
Contributor

@ioxk You should upgrade your npm and then run sudo chown -R $(whoami) ~/.npm one more time to get everything straightened out. After that, npm shouldn't mess up permissions in ~/.npm anymore.

@christianhaller
Copy link

thx @othiym23 👍

@ajmas
Copy link

ajmas commented Sep 27, 2016

What do you do if you need to npm install global, but you don't have an admin account? Should the alternative behaviour be to prompt the user to install local to their account instead? Something like:

You don't have write permission to /usr/local/bin, do you wish to install to ~/bin instead? [y/N/always]

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests