Skip to content
This repository has been archived by the owner on Jul 3, 2019. It is now read-only.

git fetcher fails if opts.uid is used to drop privileges #105

Open
cjwatson opened this issue Jul 6, 2017 · 12 comments
Open

git fetcher fails if opts.uid is used to drop privileges #105

cjwatson opened this issue Jul 6, 2017 · 12 comments

Comments

@cjwatson
Copy link

cjwatson commented Jul 6, 2017

The git fetcher goes wrong if opts.uid is used to drop privileges, which npm does by default when running under sudo.

Reproduction steps:

  • Construct a clean environment where you have a non-root user with sudo privileges. (I used lxc launch ubuntu:16.04 pacote-test followed by lxc exec pacote-test su - ubuntu.)
  • Install (for example) Node 8.1.3 / npm 5.0.3. (I installed nvm and used nvm install 8.1.3 followed by nvm use 8.1.3.)
  • Create a new project with the following package.json:
{
  "name": "pacote-test",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "socksv5": "git://github.com/heroku/socksv5.git#v0.0.6.1"
  }
}
  • Run sudo PATH="$PATH" sh -c 'npm i'. (The PATH and sh wrangling is to work around sudo's defaults so that it can find npm, and you may not need them in all setups.) This says:
npm ERR! code 1
npm ERR! Command failed: /usr/bin/git clone --depth=1 -q -b v0.0.6.1 git://github.com/heroku/socksv5.git /home/ubuntu/.npm/_cacache/tmp/git-clone-6d967b02
npm ERR! /home/ubuntu/.npm/_cacache/tmp/git-clone-6d967b02/.git: Permission denied
npm ERR!

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/ubuntu/.npm/_logs/2017-07-06T10_38_44_407Z-debug.log

This happens because the fetcher makes a temporary git-clone-... directory and then tries to run git clone inside that, but it doesn't chown/chgrp the temporary directory to opts.uid and opts.gid, so git clone can't write to it. I think chown/chgrping the temporary directory would fix this.

(This came up in the context of building snaps. At the moment our builders run snapcraft as root under sudo, which is mostly fine because they're running in a throwaway container anyway; but it causes us to run into this bug. We may switch to running as non-root to work around it.)

@zkat
Copy link
Owner

zkat commented Jul 6, 2017

Nice! This is good sleuthing.

This seems focused enough, too, that it might be a good starter issue, since it sounds like the primary fix is to make sure perms are correct on that tmp dir?

@cscalfani
Copy link

This bug has left NPM 5.x.x broken since no global installs can be made. Is this scheduled to be fixed?

@douglasmiller
Copy link

This is a major blocker for my company

@msimerson
Copy link

It's a blocker for me too.

@zkat
Copy link
Owner

zkat commented Dec 8, 2017

update: I'm working on this now. It's important to point out that the --unsafe-perm flag is for run-script, not for installation. I'm trying to make sure I understand why npm@4 and earlier managed to drop perms safely for this, but I'm pretty sure they were doing it then. npm is really really not meant to be run as root, and you'll find it doesn't play well with it. It's strange that not even doing SUDO_UID=0 gets this working.

@Jakobud
Copy link

Jakobud commented Feb 7, 2018

Well you can't run npm link on a lot of installations without root. So that's a big problem to assume one can just use npm without sudo.

@zkat
Copy link
Owner

zkat commented Mar 15, 2018

update 2: this fell by the wayside and I'm unlikely to tackle it for a while, so if any brave soul wants to take it on, please be my guest!

@kjetilk
Copy link

kjetilk commented Aug 10, 2018

Hi all! So, I'm a total noob on node.js, but since this is a blocker bug for us, I figured I might just take a look anyway... :-)

When look at cacache it looks like it should be doing this for us. Is that the correct interpretation of those docs?

Based on that, I figured it might either be that opts.uid isn't passed all the way into cacache, or it is something wrong in cacache, itself. I couldn't see where opts.uid originates, so I can't tell, but am I onto something?

@zkat
Copy link
Owner

zkat commented Aug 10, 2018

@kjetilk I would be very surprised if cacache were causing this. I'm pretty sure the issue is between lib/fetchers/git.js and lib/util/git.js.

@kjetilk
Copy link

kjetilk commented Aug 10, 2018

OK, thanks a lot for the quick response, @zkat ! That's good to know!

agy pushed a commit to agy/pacote that referenced this issue Aug 21, 2018
As reported in zkat#105 `pacote` does
not set permissions on temporary directories for git fetcher when
opts.uid is used to drop privileges (e.g. when using sudo).

This fix passes in the uid and gid to cacache as options. No checking is
required as cacache checks these options before using them.
@agy
Copy link
Contributor

agy commented Aug 21, 2018

I created a PR with a fix that "works for me". I'm running some more tests at the moment to be sure.

I found this issue via the older issue: npm/npm#16898

(edit): Tested with:

node: v8.11.4
npm: 5.6.0
node: v8.11.4
npm: 6.4.0

@katezaps
Copy link

💯 need this fix

zkat pushed a commit that referenced this issue Oct 26, 2018
As reported in #105 `pacote` does
not set permissions on temporary directories for git fetcher when
opts.uid is used to drop privileges (e.g. when using sudo).

This fix passes in the uid and gid to cacache as options. No checking is
required as cacache checks these options before using them.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

9 participants