Comments (5)
I think when it comes down to it the important thing is to ignore chown failures. It's simply not a crucial operation. The only situation where we'd care would be if the suid bit was set on the file - Ruby handles this case by dropping the suid bit if chown fails.
Thanks for your time on this!
from node-graceful-fs.
Thanks for the writeup. I think the right thing would be to follow cp
on this.
The chown_failure_ok function looks interesting. It seems like it still fails if running as root, though?
from node-graceful-fs.
As root, yes. I looked up the behavior in install as well and it's the same. install.c had the handy explanatory text:
We don't normally ignore errors from chown because the idea of
the install command is that the file is supposed to end up with
precisely the attributes that the user specified (or defaulted).
If the file doesn't end up with the group they asked for, they'll
want to know.
and the code:
if (! (owner_id == (uid_t) -1 && group_id == (gid_t) -1)
&& lchown (name, owner_id, group_id) != 0)
error (0, errno, _("cannot change ownership of %s"), quote (name));
else if (chmod (name, mode) != 0)
error (0, errno, _("cannot change permissions of %s"), quote (name));
else
ok = true;
owner_id is set to -1 if files should be owned by the current user - in other words it skips the chown.
Hmm.
Okay, to break this down into two separate cases:
- If we are installing a file as root to be owned by another user, we should error out if that fails because it's a violation of the user's stated desire.
- If we are installing a file as a normal user, we should skip the chown (install-style) or at least ignore failure (cp-style).
For NPM's purposes, this would be divided into (1) "all-user global installs" - where it would be a failure to not have the file owned by root or whomever is designated, and (2) "node_modules installs" - where the current user creates files owned by the current user.
Am I misunderstanding the cases?
from node-graceful-fs.
Let's stick to what graceful-fs should do here. It sounds like the algorithm you're proposing is:
if (er is EINVAL or EPERM) {
if (user is root) {
raise exception
} else {
ignore exception
}
} else if (some other error) raise exception
Here's how npm decides whether or not to chown:
if local: uid=(owner of nearest ancestor of file, or SUDO_UID)
else: uid=("user" config val, default="nobody")
if (not root, or "unsafe-perm" config flag is set) doChown = false
else doChown = true
if (doChown) chown(file, uid)
So, really, if we just swallowed any EINVAL or EPERM for non-root uses of chown, it should satisfy you, I'd think. It shouldn't even try to do chown if you're not root (or that's a bug), but it might be trying to chown on file systems that don't support ownership, and then incorrectly failing, but this change would fix that.
Am I understanding that correctly?
from node-graceful-fs.
I think we're exactly on the same page. I do wonder how chown is being called in that case, but if we eat the error on non-root we'll be fine either way.
As my npm-fu is not that strong, if you'll let me know how to test any change you make without you doing a full release, I'll hop on it.
Thanks!
from node-graceful-fs.
Related Issues (20)
- v4.2.8 and v4.2.7 break when used on node < 6 HOT 6
- Issue with statSync when using new `throwIfNoEntry` option. HOT 2
- Problem with webpack 4 : Object prototype may only be an Object or null: undefined HOT 8
- Incompatible with Electron v10.x.y+ when dealing with .asar HOT 2
- TypeError: Cannot read property 'uid' of undefined HOT 2
- ReferenceError thrown from clone.js HOT 1
- cb is not a function HOT 5
- Manipulate PDF with NUXT 3 for digital sign HOT 1
- graceful-fs doesn't use node module location from .yarnrc HOT 1
- "web3.storage": "^4.3.0" has issues with Angular 14.0.3 with files-from-path and graceful-fs dependencies
- NOT using gulp - primordials error HOT 1
- missing file 'fs.js'
- statSync read .sqlite3 unknow
- Version 4.2.11 will not pull from npmjs
- Generate SLSA Build L3 provenance HOT 3
- EMFILE error when attempting to read dir with 10,000 files (Windows 11) HOT 4
- Waad
- TypeError: Cannot define property Symbol(graceful-fs.queue), object is not extensible HOT 1
- Gracefulfs suddenly doesn't work anymore HOT 1
- Different speed of file rename to non-accessible destination on Windows
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-graceful-fs.