node_modules/.bin/ is created with root:root ownership #3946

Closed
nqdeng opened this Issue Sep 27, 2013 · 5 comments

Projects

None yet

5 participants

@nqdeng

If I did a local installation with sudo npm install xxx, everything in node_modules is created with {REAL_USER}:{REAL_GROUP} ownership, except the node_modules/.bin/ folder's ownership is set to root:root. The document said "npm will downgrade permissions if it's root ...", so I think there's a bug. Could anyone fix this?

@luk-

npm downgrades its permissions when running scripts as root, more information can be found in npm help scripts. This is not a bug.

@luk- luk- closed this Sep 27, 2013
@nqdeng

@luk- You misunderstood. Just because npm downgrades, every file and folder created by npm install xxx should have ownership of current user and group. The problem is after downgrade, npm still creates node_modules/.bin/ with root:root ownership. It's inconsistent.

For example, assume a user named admin run sudo npm install jsmin command, then the follow folder is created.

- node_modules/
    + .bin/
    + jsmin/

Then run ls -l node_modules to see the result.

-rw-r--r--   root   root    .bin
-rw-r--r--   admin  admin   jsmin
@rlidwka

How it is even possible for downgraded process to create files owned by root? As far as I know, chown requires root privileges.

@nqdeng

@rlidwka So the problem is why a downgraded NPM process creates .bin/ folder owned by root. Maybe it doesn't downgrade properly before some fs operations?

@walthaas

Running npm 1.3.12 on Ubuntu 12.04, if I attempt to do a local install of grunt-jsdoc as myself the install fails with complaints about permissions. I can successfully install grunt-jsdoc locally by running npm as root, but in that case node_modules/.bin has ownership root:root and so I must run as root if I want to rm it.

@othiym23 othiym23 added the support label Sep 24, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment