-
Notifications
You must be signed in to change notification settings - Fork 290
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insufficient permission to manipulate /usr/local/bin #1155
Comments
@twillowman thanks for reporting the issue and suggesting a solution. |
I'm also running into this on 0.7.0 on OSX Big Sur. Where should the symlinks point to so we can manually work around it? I'd really like to have rancher-desktop/src/k8s-engine/lima.ts Lines 661 to 673 in 7c0ad62
rancher-desktop/src/k8s-engine/unixlikeIntegrations.ts Lines 100 to 124 in f8e59c9
|
@spuder The problem is the sudo mkdir -p /usr/local/bin
sudo chown $USER /usr/local/bin The first |
Thank you. I found that Running this worked around the issue for me:
Once the boxes were clicked, the symlinks that were created for me are at:
|
had the same issue but |
IMHO /usr/local/bin should be owned by root. So changing it to be owned by $USER is a workaround, not a fix. I would think the solution proposed by @jasjisdo is the right way to do it. |
I agree that sudo chown $USER /usr/local/bin then I can check the checkboxes in rancher desktop,
|
Just to add a data point, this issue is still present in 1.0.0-beta1. |
sudo chown $USER /usr/local/bin worked for me. Thanks |
I confirm that this reproduces on Mac OS Monterey Version 12.1 on a MacBook Pro with M1 Pro. Chown seems a weird solution, I would rather open the entire app as sudo. |
The same in version 1.0.0-beta1 on Monterey 12.1. Temporarily changing owner workaround worked for me also. |
also to note: if installed from Homebrew, the symlinks are generated by Homebrew, but the app doesn't reflect that state.
|
I worked around the issue by creating the symlinks manually...
|
For Homebrew user, this is the work around. Although you will still see the UI error, all commands will works.
|
This seems to be changed. Installing RD 1.0.1 with brew doesn't create these links:
Checking |
Lots of bad workaround recommended here. Please do not |
In such cases I prefer to add the path in the |
Could you explain why and how would you fix instead of workaround? |
Note that all the Rancher Desktop shortcuts go to the same directory, so you could put that directory in your This is what happens with the Windows version1; the directory is added at the end of the You can also put the name of that directory into a $ cat /etc/paths.d/rancher-desktop
/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/bin Note that you will have to deal with shadowing on your It's kind of hard to find a one-size-fits-all solution for this issue. Footnotes
|
That's really Linux/Unix administration 101 and goes against basic security practices. The permissions of
I don't have a proper fix at the moment, but installing those tools manually, even with Homebrew, seems to be a more sane workaround. Unfortunately I just upgraded my MacOS to 12.3 Beta, which seems to have completely broken Rancher, so I'm unable to give a step-by-step instructions for this workaround. |
As a workaround, I have run Rancher Desktop from a terminal as a root. Then, I have installed the missing tools, stopped Rancher Desktop and run it normally. |
How is this more sane? On Intel Macs this will change the ownership of But whatever you do, please do not run Rancher Desktop as |
I have started Rancher Desktop as a normal user and created lima VM. They I have started it as a root (starting VM failed), installed nerdctl and switched back to normal user. I could not used brew, because there is no nerdctl for Apple Silicon. I am using brew for other tools, but /usr/local/bin is still owned by root. In FAQ (https://docs.brew.sh/FAQ) they say, that brew uses MacOS sandbox and do not chown /usr/local/bin to $USER. |
Brew does not change the ownership of |
Did you actually try it? I just did (on a pristine VM running Big Sur), and you'll be surprised to see this: jan@Jans-Mac ~ % ls -la /usr/local
total 0
drwxr-xr-x 2 root wheel 64 1 Jan 2020 .
drwxr-xr-x@ 11 root wheel 352 1 Jan 2020 ..
jan@Jans-Mac ~ % /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
==> Checking for `sudo` access (which may request your password)...
Password:
[...]
==> Next steps:
- Run brew help to get started
- Further documentation:
https://docs.brew.sh
jan@Jans-Mac ~ % ls -la /usr/local
total 0
drwxr-xr-x 14 root wheel 448 8 Feb 10:48 .
drwxr-xr-x@ 11 root wheel 352 1 Jan 2020 ..
drwxrwxr-x 2 jan admin 64 8 Feb 10:48 Caskroom
drwxrwxr-x 2 jan admin 64 8 Feb 10:48 Cellar
drwxrwxr-x 2 jan admin 64 8 Feb 10:48 Frameworks
drwxr-xr-x 22 jan admin 704 8 Feb 10:51 Homebrew
drwxrwxr-x 3 jan admin 96 8 Feb 10:51 bin
drwxrwxr-x 3 jan admin 96 8 Feb 10:54 etc
drwxrwxr-x 2 jan admin 64 8 Feb 10:48 include
drwxrwxr-x 2 jan admin 64 8 Feb 10:48 lib
drwxrwxr-x 2 jan admin 64 8 Feb 10:48 opt
drwxrwxr-x 2 jan admin 64 8 Feb 10:48 sbin
drwxrwxr-x 6 jan admin 192 8 Feb 10:54 share
drwxrwxr-x 3 jan admin 96 8 Feb 10:48 var When you think about it, how could Note that I said Intel Macs; the install location is different on M1 Macs, and on Linux, so obviously it won't change the ownership of |
I stand corrected. Did not realise there is such difference between Apple Silicon vs Intel. |
NOTE - this issue exists across both M1 and Intel-based Macs running macOS Monterey. Rather than setting the permissions to the current user, I'd recommend people use this command: It grants all admins on the computer write access to That being said, this needs to be updated to not require changing permissions. Rancher Desktop needs to request permission to add items to the folder. |
Simple one-liner for those who were looking for it based on the suggestion here: #1155 (comment)
|
My workaround for RD 1.0.1:
|
I would suggest this permission change, or ask for sudo to manipulate these links.
|
I highly recommend against that. That would grant ALL users on the Mac access to write to /usr/local/bin. Setting the group to admin provides similar protection as wheel without requiring sudo. |
I was under the assumption that |
Changing the permissions on a MacOS system directory is categorically not the right approach here. Could people please stop spamming this issue with inane workarounds? |
@thumperward Please tone down your language a little. While some workarounds are less desirable than others, there is no need to insult people who are trying to help. Please see #1155 (comment) for workarounds that don't involve running Rancher Desktop as |
The |
This could be fixed by linking to the binaries in
This way I'd recommend Rancher Desktop do something like this by default. It's similar to how mambaforge and homebrew work. For example:
|
They could also user ~/bin to symlink the executables instead of provide them system wide. But do not know the impact then :) So maybe this is not a good solution. I like the approach of @jarrellmark THANKS! |
This is pretty close to what we will be doing in the next release: All binaries will be sym-linked into You can of course decline and do this yourself, if you want more control over where to place the directory relative to your other directories on the |
I think additional a |
This has been addressed. The fix will be included in the upcoming 1.3.0. For more information please see #1732. |
Rancher Desktop Version
0.7.1
Rancher Desktop K8s Version
1.21.7 (stable)
What operating system are you using?
macOS
Operating System / Build Version
macOS Monterey 12.1
What CPU architecture are you using?
arm64 (Apple Silicon)
Windows User Only
No response
Actual Behavior
In Rancher Desktop, Supporting Utilities I have the error
Insufficient permission to manipulate /usr/local/bin: Error: EACCES: permission denied, access '/usr/local/bin'
and the box next to each supporting utility is greyed out.This affects only installing supporting utilities from Rancher Desktop. All other functions of Rancher Desktop seem to be working as expected. The utilities work and can interact with the running Kubernetes instance when installed any other way.
Steps to Reproduce
This is a new laptop, first time configuration.
I downloaded Rancher.Desktop-0.7.1.aarch64.dmg from the releases page, opened it, dragged "Rancher Desktop.app" into Applications, and launched it.
It went through the first-time Kubernetes download without issue. Quitting and re-opening Rancher Desktop has not made any difference.
Result
Logs attached in case they're helpful.
background.log
images.log
k3s.log
k8s.log
lima.ha.stderr.log
lima.ha.stdout.log
lima.log
lima.serial.log
Expected Behavior
I expect the Supporting Utilities tab of Rancher Desktop to be able to install the supporting utilities it lists.
Additional Information
No response
The text was updated successfully, but these errors were encountered: