npm config set giving EPERM - even if the file already belongs to the current user

[cintiadr]

This is clearly an environment problem, but I'm trying to understand what npm is actually executing when doing a config.

testnpm2@bamboo-agent:~$ ls -la
total 28
drwxr-xr-x 2 testnpm2 testnpm2 4096 Mar  7 01:17 .
drwxr-xr-x 9 root     root     4096 Mar  7 01:13 ..
-rw------- 1 testnpm2 testnpm2 1339 Mar  7 01:13 .bash_history
-rw-r--r-- 1 testnpm2 testnpm2  220 Mar  7 00:23 .bash_logout
-rw-r--r-- 1 testnpm2 testnpm2 3637 Mar  7 00:23 .bashrc
-rw-r--r-- 1 testnpm2 testnpm2  675 Mar  7 00:23 .profile
-rw------- 1 root     root      591 Mar  7 00:38 .viminfo
testnpm2@bamboo-agent:~$ npm -ddd config set color false
npm info it worked if it ends with ok
npm verb cli [ 'node',
npm verb cli   '/usr/local/bin/npm',
npm verb cli   '-ddd',
npm verb cli   'config',
npm verb cli   'set',
npm verb cli   'color',
npm verb cli   'false' ]
npm info using npm@2.7.0
npm info using node@v0.12.0
npm verb config Skipping project config: /home/testnpm2/.npmrc. (matches userconfig)
npm info config set "color" "false"
npm verb stack Error: EPERM, chown '/home/testnpm2/.npmrc'
npm verb stack     at Error (native)
npm verb cwd /home/testnpm2
npm ERR! Linux 3.13.0-40-generic
npm ERR! argv "node" "/usr/local/bin/npm" "-ddd" "config" "set" "color" "false"
npm ERR! node v0.12.0
npm ERR! npm  v2.7.0
npm ERR! path /home/testnpm2/.npmrc
npm ERR! code EPERM
npm ERR! errno -1

npm ERR! Error: EPERM, chown '/home/testnpm2/.npmrc'
npm ERR!     at Error (native)
npm ERR!  { [Error: EPERM, chown '/home/testnpm2/.npmrc'] errno: -1, code: 'EPERM', path: '/home/testnpm2/.npmrc' }
npm ERR! 
npm ERR! Please try running this command again as root/Administrator.
npm verb exit [ -1, true ]

npm ERR! Please include the following file with any support request:
npm ERR!     /home/testnpm2/npm-debug.log

testnpm2@bamboo-agent:~$ ls -la
total 36
drwxr-xr-x 2 testnpm2 testnpm2 4096 Mar  7 01:17 .
drwxr-xr-x 9 root     root     4096 Mar  7 01:13 ..
-rw------- 1 testnpm2 testnpm2 1339 Mar  7 01:13 .bash_history
-rw-r--r-- 1 testnpm2 testnpm2  220 Mar  7 00:23 .bash_logout
-rw-r--r-- 1 testnpm2 testnpm2 3637 Mar  7 00:23 .bashrc
-rw-rw-r-- 1 testnpm2 testnpm2 1045 Mar  7 01:17 npm-debug.log
-rw-rw-r-- 1 testnpm2 testnpm2   12 Mar  7 01:17 .npmrc
-rw-r--r-- 1 testnpm2 testnpm2  675 Mar  7 00:23 .profile
-rw------- 1 root     root      591 Mar  7 00:38 .viminfo
testnpm2@bamboo-agent:~$ cat .npmrc 
color=false

So, even if it actually saved the .npmrc file, and the group+user is correct, it's failing for some reason.

Trying it with sudo:

testnpm2@bamboo-agent:~$ ls -la
total 28
drwxr-xr-x 2 testnpm2 testnpm2 4096 Mar  7 01:20 .
drwxr-xr-x 9 root     root     4096 Mar  7 01:13 ..
-rw------- 1 testnpm2 testnpm2 1339 Mar  7 01:13 .bash_history
-rw-r--r-- 1 testnpm2 testnpm2  220 Mar  7 00:23 .bash_logout
-rw-r--r-- 1 testnpm2 testnpm2 3637 Mar  7 00:23 .bashrc
-rw-r--r-- 1 testnpm2 testnpm2  675 Mar  7 00:23 .profile
-rw------- 1 root     root      591 Mar  7 00:38 .viminfo
testnpm2@bamboo-agent:~$ sudo npm -ddd config set color false
npm info it worked if it ends with ok
npm verb cli [ 'node',
npm verb cli   '/usr/local/bin/npm',
npm verb cli   '-ddd',
npm verb cli   'config',
npm verb cli   'set',
npm verb cli   'color',
npm verb cli   'false' ]
npm info using npm@2.7.0
npm info using node@v0.12.0
npm verb config Skipping project config: /home/testnpm2/.npmrc. (matches userconfig)
npm info config set "color" "false"
npm verb exit [ 0, true ]
npm info ok 
testnpm2@bamboo-agent:~$ ls -la
total 32
drwxr-xr-x 2 testnpm2 testnpm2 4096 Mar  7 01:21 .
drwxr-xr-x 9 root     root     4096 Mar  7 01:13 ..
-rw------- 1 testnpm2 testnpm2 1339 Mar  7 01:13 .bash_history
-rw-r--r-- 1 testnpm2 testnpm2  220 Mar  7 00:23 .bash_logout
-rw-r--r-- 1 testnpm2 testnpm2 3637 Mar  7 00:23 .bashrc
-rw------- 1 testnpm2 testnpm2   12 Mar  7 01:21 .npmrc
-rw-r--r-- 1 testnpm2 testnpm2  675 Mar  7 00:23 .profile
-rw------- 1 root     root      591 Mar  7 00:38 .viminfo
testnpm2@bamboo-agent:~$ cat .npmrc 
color=false

It worked, but I'm not sure why it needed sudo. There's a difference on the chmod of the file, but not the owner.

I can reproduce the problem both in prod environment and vagrant box. I upgraded from node 0.10.33, still same problem. Upgraded npm as well, no luck. I tried to give passwordless sudo, no change as well.

It's a ubuntu 14.04 box, I created the users using adduser command and puppet, I'm not sure that exactly is missing to get this working.

npm 1.3.10 woks fine. But npm 2.7.0 or 2.5.1 doesn't.

[smikes]

How are you becoming the user testnpm2 ? Are you logging in from a login prompt, using su, or using sudo?

[cintiadr]

I guess that's the right trail. I'm logging in as 'sudo su'; I can reproduce the problem when doing sudo su testnpm2. But sudo su - testnpm2 works as expected.

That's interesting.

[smikes]

Looks like you are running into code that tries to protect users from rendering .npmrc unwriteable when using "sudo npm config set foo"

[cintiadr]

I'm having a problem with subprocesses of a service as well (it's a CI build agent), but I guess it might be the way I'm invoking the service itself.

[smikes]

Rather that setting up a config file for your CI, have you tried passing config parameters on the command line or as environment variables?

npm_config_git="/path/to/git" npm --saveprefix="^" <commands>

[cintiadr]

npm install typescript --color=false appears to work.

But I'm not sure it helps me at all, as it's a maven build (apparently some of the maven plugins used in our build require color=false, and that's yet another yak to shave), but I saw no harm in executing the same maven execution locally and on CI.

The easiest workaround to me is to create a maven profile and disable it in CI, but it feels to me it should work.

[smikes]

It sounds like you have quite a complicate setup. I hope at least you feel like you have more options for how to configure npm than you had before.

[cintiadr]

Looks like always starting the process as a su - instead of su solves the problem.

Is this by design?

[smikes]

I believe so. The most common problem with people using sudo is leaving files owned by root in the user's cache (or config). npm tries to work around that by detecting if you are running under sudo and trying to change ownership back to the original user.

Running sudo su foo leaves a trace in the environment that you are under sudo, while sudo su - foo does not leave that trace, preventing npm from running the code that (while intended to fix one problem) ends up causing a problem for you.

[brianr]

Thanks @smikes for that explanation - I ran into this as well after upgrading from npm 1.3.x to 2.8.4...

For me, it manifested when trying to npm config set cache $my_cache_dir" inside our build script, which we normally run via sudo su deploy. I don't want to have to sudo su - deploy, because I want the behavior that you were referring to - I want SUDO_USER to be set to the appropriate value so that the deploy script can see it.

My workaround was to remove that line from the build script, and manage it externally instead, which makes me sad...

Perhaps there could be a command-line option or config variable to disable the "prevent people from hurting themselves with sudo" logic?

[nottrobin]

I ran into this same issue. Would it be possible to make the error message more informative?

[asharpe]

It's sad that this was closed, even after this...

preventing npm from running the code that (while intended to fix one problem) ends up causing a problem for you

It's clear that there's a few people hitting this "problem", and I dare say most of them aren't doing anything wrong. The original issue appears to have been people doing silly things, and that's always going to happen. Now we have a case where we can't do things we should be able to :(

What would be required to consider the suggestion of an option to disable the "problematic code" via a command line option?

[asharpe]

For others reference, I was running something akin to this

sudo -u vagrant bash /path/to/script/that/runs/npm.sh

and to avoid the warning I changed it to

sudo su - vagrant -- /path/to/script/that/runs/npm.sh

to get past the warning