npm global install failing with sudo and github package


(Frank Laszlo) #1

What I Wanted to Do

Install a package globally directly from github.

Tried this:

sudo npm install --global 'gamontal/zxcvbn-cli#2b76978395e0b95e6a1c85acbec1b05181f07ada'

What Happened Instead

See Log:

npm ERR! code 128
npm ERR! Command failed: /bin/git clone --depth=1 -q -b master git://github.com/gamontal/zxcvbn-cli.git /root/.npm/_cacache/tmp/git-clone-640877bd
npm ERR! fatal: could not create leading directories of ‘/root/.npm/_cacache/tmp/git-clone-640877bd’: Permission denied
npm ERR!

npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2018-10-16T20_25_17_299Z-debug.log

Reproduction Steps

See command above.

Details

I performed an strace on the process and noticed that its calling setuid() right before the git commands. It appears to be using the SUDO_UID environment variable to set the UID of the process. If I unset this variable (along with SUDO_GID and SUDO_USER for good measure), everything works as it should.

Platform Info

$ npm --versions
{ npm: '5.6.0',
  ares: '1.13.0',
  cldr: '33.0',
  http_parser: '2.8.0',
  icu: '61.1',
  modules: '59',
  napi: '3',
  nghttp2: '1.32.0',
  node: '9.11.2',
  openssl: '1.0.2o',
  tz: '2018c',
  unicode: '10.0',
  uv: '1.19.2',
  v8: '6.2.414.46-node.23',
  zlib: '1.2.11' }

$ node -p process.platform
linux

(Frank Laszlo) #2

Some more debugging details here:

[flaszlo@nw-fs01 ~]$ sudo npm install --global ‘gamontal/zxcvbn-cli#2b76978395e0b95e6a1c85acbec1b05181f07ada’
npm ERR! code 128
npm ERR! Command failed: /bin/git clone --depth=1 -q -b master git://github.com/gamontal/zxcvbn-cli.git /root/.npm/_cacache/tmp/git-clone-6b06598b
npm ERR! fatal: could not create leading directories of ‘/root/.npm/_cacache/tmp/git-clone-6b06598b’: Permission denied
npm ERR!

npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2018-10-16T20_44_12_797Z-debug.log
[flaszlo@nw-fs01 ~]$ sudo SUDO_USER="" SUDO_UID="" SUDO_GID="" /bin/npm install --global ‘gamontal/zxcvbn-cli#2b76978395e0b95e6a1c85acbec1b05181f07ada’
/usr/bin/zxcvbn -> /usr/lib/node_modules/zxcvbn-cli/cli.js

  • zxcvbn-cli@1.0.6
    added 12 packages in 1.473s

(Frank Laszlo) #3

Downgrading npm seems to fix this as well.