Regression in 6.11: _cacache Permission Denied

What I Wanted to Do

Run my CI build with npm 6.11

What Happened Instead

Errors:

 ---> Running in 1e4bcddb7158

npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/sass-graph-513cdc03/bin/sassgraph’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/sass-graph-513cdc03/CHANGELOG.md’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/yargs-77e43b86/LICENSE’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/yargs-77e43b86/yargs.js’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/sass-graph-513cdc03/readme.md’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/@babel/preset-react-13d55d7e/lib/index.js’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/jquery-simulate-c4bed49a/external/jquery-1.6.2/jquery.js’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/fxa-pairing-channel-78039d5f/dist/FxAccountsPairingChannel.js’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/js-md5-fe921c9e/doc/fonts/OpenSans-Italic-webfont.svg’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/jquery-f43315cf/dist/jquery.slim.min.js’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/backbone-b757124d/LICENSE’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/backbone-b757124d/README.md’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/react-dom-788942bf/cjs/react-dom-unstable-fire.production.min.js’
npm WARN tar ENOENT: no such file or directory, lstat ‘/app/node_modules/.staging/@babel/preset-typescript-8a8c45fe/test/fixtures/flow-compat/js-valid’
npm WARN tar ENOENT: no such file or directory, lstat ‘/app/node_modules/.staging/typescript-2d0ca0bc/lib/it’
npm WARN tar ENOENT: no such file or directory, lstat ‘/app/node_modules/.staging/typescript-2d0ca0bc/lib/ja’
npm WARN tar ENOENT: no such file or directory, lstat ‘/app/node_modules/.staging/typescript-2d0ca0bc/lib/ko’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/typescript-2d0ca0bc/lib/lib.d.ts’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/typescript-2d0ca0bc/lib/lib.dom.d.ts’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/fxa-crypto-relier-c0ee2e45/dist/fxa-crypto-relier/fxa-crypto-deriver.js’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/fxa-common-password-list-08e615e6/source_data/README.md’
npm WARN tar ENOENT: no such file or directory, open ‘/app/node_modules/.staging/jquery-ui-facfa898/external/jquery-1.7.1/MIT-LICENSE.txt’
npm ERR! code 128
npm ERR! Command failed: git clone --depth=1 -q -b fxa-version git://github.com/vladikoff/ua-parser-js.git /root/.npm/_cacache/tmp/git-clone-f17e57d1
npm ERR! fatal: could not create leading directories of ‘/root/.npm/_cacache/tmp/git-clone-f17e57d1’: Permission denied
npm ERR!

npm ERR! A complete log of this run can be found in:

Reproduction Steps

Going back to latest 6.10 npm fixes the problem.

Details

CircleCI run: https://circleci.com/gh/mozilla/fxa/66518?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-checks-link

Platform Info

$ npm --versions

6.11

It looks like you’re running this install in the root home directory. What user is the install running under? Do they have permission to write to /root/.npm? Is SUDO_UID set in the environment?

Also: can you share a log of it working under npm 6.10? I’m very confused about how you are able to git checkout into a root-owned folder as a user other than root.

Thanks for the response.

This is the fix for 6.11 that we came up with https://github.com/mozilla/fxa/pull/2285/files

Might help others!

We’re seeing this issue, too, in our CI server. Docker by default uses the root user, so I can’t imagine this issue won’t end up being more widespread. It’s a bit cumbersome to have to change the default user since it will affect the access of everything else on the container as well.

You’re welcome. I’d still like to fix this in npm, though, and need some more information to debug this.

Can you share a npm-debug.log file?

Was the npm install running as root originally, or some other user?

Which user account owns /app?

Which user account owns /root/.npm?

See also npm ignores 'unsafe-perm' and 'user' params when running git as part of install