Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No read permission for group and others in a package yarn installed #1143

Closed
clippit opened this issue Oct 17, 2016 · 6 comments
Closed

No read permission for group and others in a package yarn installed #1143

clippit opened this issue Oct 17, 2016 · 6 comments
Labels
triaged

Comments

@clippit
Copy link

clippit commented Oct 17, 2016

Do you want to request a feature or report a bug?
It's bug.

What is the current behavior?
The file permissions are different when installing the same package using yarn and npm. The one yarn installed only has '700' for permission, which causes an EACCES error when running node with another user.

If the current behavior is a bug, please provide the steps to reproduce.

Try this package.json:

{
  "name": "test",
  "version": "1.0.0",
  "main": "index.js",
  "license": "MIT",
  "dependencies": {
    "arr-flatten": "^1.0.1"
  }
}

Run yarn install and ls -lha node_modules/arr-flatten:

total 32
drwxr-xr-x  6 [user and group hidden]   204B Oct 17 13:50 .
drwxr-xr-x  4 [user and group hidden]   136B Oct 17 13:50 ..
-rwx------  1 [user and group hidden]   1.1K Mar 11  2015 LICENSE
-rwx------  1 [user and group hidden]   1.8K Mar 11  2015 README.md
-rwx------  1 [user and group hidden]   455B Mar 11  2015 index.js
-rwx------  1 [user and group hidden]   1.1K Mar 11  2015 package.json

Let me remote node_modules then run npm install, file permissions are 744 rather than 700.

total 32
drwxr-xr-x  6 [user and group hidden]   204B Oct 17 13:54 .
drwxr-xr-x  3 [user and group hidden]   102B Oct 17 13:54 ..
-rwxr--r--  1 [user and group hidden]   1.1K Mar 11  2015 LICENSE
-rwxr--r--  1 [user and group hidden]   1.8K Mar 11  2015 README.md
-rwxr--r--  1 [user and group hidden]   455B Mar 11  2015 index.js
-rw-r--r--  1 [user and group hidden]   2.5K Oct 17 13:54 package.json

What is the expected behavior?
The read permission should be added to dependencies.

Please mention your node.js, yarn and operating system version.
node 6.2.2
yarn 0.15.1
macOS 10.12
@mgcrea
Copy link
Contributor

mgcrea commented Oct 17, 2016

Duplicate of #961

@chlunde chlunde mentioned this issue Oct 26, 2016
Closed
@akloeber
Copy link

Same here after installing pm2 (which also has arr-flatten in its dependency tree) globally via yarn global add pm2:

~$ ll /usr/local/share/.config/yarn/global/node_modules/arr-flatten
total 24
drwxr-xr-x   2 root root 4096 Nov 19 19:47 ./
drwxr-xr-x 193 root root 4096 Nov 19 19:48 ../
-rwx------   1 root root  455 Mar 11  2015 index.js*
-rwx------   1 root root 1088 Mar 11  2015 LICENSE*
-rwx------   1 root root 1133 Mar 11  2015 package.json*
-rwx------   1 root root 1845 Mar 11  2015 README.md*

This makes running pm2 as a non-root user impossible:

Error: EACCES: permission denied, open '/usr/local/share/.config/yarn/global/node_modules/arr-flatten/index.js'

Environment:
yarn 0.17.6
node 4.6.2
Ubuntu 14.04.4 LTS

@japsu
Copy link

japsu commented Mar 8, 2017

Easy commands to reproduce:

docker run --rm node /bin/bash -c "npm install -s arr-flatten && ls -lah node_modules/arr-flatten"
docker run --rm node /bin/bash -c "yarn add arr-flatten && ls -lah node_modules/arr-flatten"

Full transcript:

Thanatos:backend japsu$ docker run --rm node /bin/bash -c "npm install -s arr-flatten && ls -lah node_modules/arr-flatten"
/
`-- [email protected]

total 24K
drwxr-xr-x 2 root root 4.0K Mar  8 09:04 .
drwxr-xr-x 3 root root 4.0K Mar  8 09:04 ..
-rwxr--r-- 1 root root 1.1K Mar 11  2015 LICENSE
-rwxr--r-- 1 root root 1.9K Mar 11  2015 README.md
-rwxr--r-- 1 root root  455 Mar 11  2015 index.js
-rwxr--r-- 1 root root 2.5K Mar  8 09:04 package.json
Thanatos:backend japsu$ docker run --rm node /bin/bash -c "yarn add arr-flatten && ls -lah node_modules/arr-flatten"
yarn add v0.21.3
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
└─ [email protected]
Done in 0.55s.
total 24K
drwxr-xr-x 2 root root 4.0K Mar  8 09:04 .
drwxr-xr-x 3 root root 4.0K Mar  8 09:04 ..
-rwx------ 1 root root 1.1K Mar 11  2015 LICENSE
-rwx------ 1 root root 1.9K Mar 11  2015 README.md
-rwx------ 1 root root  455 Mar 11  2015 index.js
-rwx------ 1 root root 1.2K Mar 11  2015 package.json

@japsu japsu mentioned this issue Mar 8, 2017
Closed
@liul85
Copy link

liul85 commented Mar 23, 2017
edited
Loading

same error

19:46:27 building docker image...
19:46:27 docker build -t suggestion:0.0.19 .
19:46:27 Error checking context: 'no permission to read from '/var/lib/jenkins/workspace/squarefoot-core/capi-squarefoot-suggestions/node_modules/arr-diff/LICENSE''.
19:46:27 Build step 'Execute shell' marked build as failure

use yarn install no read access to LICENSE file
screen shot 2017-03-23 at 19 53 52

but works when use npm install
screen shot 2017-03-23 at 19 54 22

@nicoschoenmaker
Copy link

Duplicate of #961, was fixed in #2826. Works for me in yarn v0.23.3.

total 16K
-rw-r--r-- 1 user group  470 Apr 14 13:19 index.js
-rwxr--r-- 1 user group 1,1K Mar 25  2015 LICENSE
-rw-r--r-- 1 user group 1,5K Apr 17 05:52 package.json
-rwxr--r-- 1 user group 3,5K Apr 14 13:22 README.md

@flying-sheep flying-sheep mentioned this issue May 23, 2017
Closed
@bestander bestander mentioned this issue May 24, 2017
Closed
@bestander
Copy link
Member

Fixed

@about-code about-code mentioned this issue Jun 25, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@Daniel15 @mgcrea @japsu @clippit @akloeber @liul85 @nicoschoenmaker @bestander