-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] root permissions do not carry forward into execution #3110
Comments
Maybe due to the change below:
described in v7.0.0-beta.0 CHANGELOG Perhaps because now when running script in root, v7.x will use infer-owner to get the cli/node_modules/infer-owner/index.js Lines 41 to 45 in 8f8f71e
Then pass them to the cli/node_modules/@npmcli/promise-spawn/index.js Lines 11 to 21 in 8f8f71e
|
@ReillyBova as @alienzhou noted, this was an intended change in |
I'm unclear on why this was an intended change in v7. Running local npm as root and chown'ing the project folder to root seems like a rather messy way to deal with this. I wouldn't consider that a resolution, it's just sidestepping the problem and creating new problems. This issue is really wreaking havoc. |
This has caused pretty significant problems with us too - we've had to switch away from npm-scripts to Makefiles to avoid this. This violates conventions of other tools (e.g. |
So this is the source of my debugging nightmare... I've lost hours trying to figure out why my node application could not access a file in a privileged location, when I do A warning message for this new behavior would be very appreciated. To be frank, it's a little irresponsible not to provide more transparency here. This is a deeply non-obvious behavior. If there are good security reasons for this, then please make them known. |
https://docs.npmjs.com/cli/v7/using-npm/scripts#user
Hit this issue in CI
🤦
This is not an option as this will break other programs. |
If anyone is looking for a workaround, you can use yarn instead. |
While someone could agree on the choice to infer uid ang gid from folder there will still be someone who wants to override this, I have two programs in the same folder and I need to start one with root and the other with non-root user and I haven't any workaround here. An option to override this breaking change would be the best IMO |
Does anyone know a viable workaround to this issue? Changing ownership of a directory where source lives in not viable for my project. |
Yarn exhibits exactly the same problem. |
Any updates on that?
Same problem is described here: #4589 |
The only workaround is to not use npm to start your script. Just use node directly |
Yarn does work though...
also worked for yarn version 1.22.18 when I tried that. But yeah maybe @robertsLando is right, using node directly would be the most simple thing. Still, npm scripts can get pretty complicated, so I wonder if this is always possible without a lot of work. |
I have created #4811 please go to upvote it so maybe it get noticed by maintainers |
Current Behavior:
I am using webpack to bind a dev server to the privileged port
443
on an M1 Macbook Air (Apple Silicon) running the latest version of Big Sur. In order to bind to the privileged port, mynpm start
script must be run with root permissions, so I executesudo npm start
. Unfortunately, the root permissions do not carry into the execution, and my server fails to bind to port443
and throws an error that is identical to the error thrown when run withoutsudo
:Expected Behavior:
I expect
sudo npm run
to have no issues binding to port443
because it has root permissions. This is how it behaves when I backdate npm to6.14.12
.Steps To Reproduce:
443
)npm start
with root permissions (e.g.sudo npm start
if on a Mac)I'm not sure how broad this issue is. Here are some open questions:
Environment:
The text was updated successfully, but these errors were encountered: