Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

alias node for sudoers #43

Closed
mpotra opened this issue Jul 1, 2011 · 38 comments
Closed

alias node for sudoers #43

mpotra opened this issue Jul 1, 2011 · 38 comments
Labels
root / multiuser issues Anything related to using `sudo` or `su`, or using nvm across multiple user accounts.

Comments

@mpotra
Copy link

mpotra commented Jul 1, 2011

When sudoing node, 'command not found' is issued, because on most systems PATH is reset on sudo, for security reasons.
This makes 'sudo node' not work anymore.

Simply adding the following line at the end of the nvm.sh script, would fix it:

alias node='$NVM_BIN/node'
//possibly adding an alias for npm as well?

This assumes .bashrc for user contains these 3 lines:

. ~/.nvm/nvm.sh

enable aliases in sudo

alias sudo='sudo '

@creationix
Copy link
Collaborator

Very neat idea. I don't want to add it to my nvm repo since it's a little invasive, but it's not hard for someone who wants to customize their environment.

I usually just source the nvm.sh file as root after running "sudo su" or modify root's .bashrc. I want more than just node when I run sudo and this way I get everything in the $NVM_BIN folder.

@mpotra
Copy link
Author

mpotra commented Jul 2, 2011

You are right, it might be a bit invasive and probably shouldn't be active in the release, but maybe just have it posted here or somewhere in future docs, so that people could find it easy.
Or maybe it might be better to have it in the script, but commented out, and people who need it, would just uncomment it - just a thought.

It took me a bit to figure this out, so probably this could save some time for others.

Modifying root's bashrc wasn't an option for my case, since we had a set-up with several users, each with its own node/nvm, and wanted to allow quick running through sudo (sudo node app_name), where necessary.
Including nvm.sh or the path/s in root's .bashrc would allow only for one single setup to run through sudo.

@euskode
Copy link

euskode commented Mar 30, 2012

This is fantastic, I made the changes and it works like a charm.

What if I wanted to do something like sudo ENV1=val1 ENV2=val2 node server.js?

I am able to do that with other tools (I remember that forever never had an issue with it), however in my nvm-ized environment, I get sudo: node: command not found.

Any help would be much appreciated!

@zakdances
Copy link

Does "nvm install" need sudo to run error-free?

@creationix
Copy link
Collaborator

@zakdances no, nvm installs node into a local folder inside your git clone of the nvm repo. Unless your user doesn't have write access to your own clone, then it should work fine without sudo. In fact, using sudo can break things since it creates files as the root user.

@casio
Copy link

casio commented Sep 25, 2012

Hm, just stumbled upon this one when trying to install grunt globally.

Like @mpotra suggested, I had to also alias npm like so:
alias node='$NVM_BIN/node'
alias npm='$NVM_BIN/npm'

So that means that not a single node package intended for global availablity can be installed when using nvm by default, right? That should make quite some users having this scenario, I imagine.

How about inventing a special nvm mode so the aliases only get activated when users explicitly enter that mode?
When they leave the mode again, the aliases could get disabled.

@jcollum-hcg
Copy link

This seems common enough that it should be added to the readme.

@darethas
Copy link

Yes, needing sudo on *nix systtems is very common.

As a suggestion, you could try a solution similar to what ruby version manager does http://rvm.io/integration/sudo

@jcollum-hcg
Copy link

I was just told in the git mailing list that you should only very rarely use sudo. But I see it all the time. Too many opinions about it.

@tjwebb
Copy link

tjwebb commented Dec 14, 2013

Using sudo to install node is perfectly reasonable and common. Running node itself as root is frowned upon. Unfortunately nvm makes this very difficult.

@tjwebb
Copy link

tjwebb commented Dec 14, 2013

If anyone is looking for an easy way to install nvm globally: https://github.com/xtuple/nvm

@koenpunt
Copy link
Contributor

There is no need to install node with sudo once you give the nvm directory the right permissions.
For example:
create a user group called nvm, add every user that need to use nvm to this group and change the permissions of your nvm dir to group writeable: chmod 2775 /usr/local/nvm (the first digit (2) is the setgid bit, explained here, which ensures the group for execution in this directory stays the same)

@endorama
Copy link

+1 for nvmsudo solution proposed by @treehau5

@drkibitz
Copy link
Contributor

+1 for @koenpunt point on group access.

@wilmoore
Copy link

wilmoore commented Mar 4, 2014

Using sudo to install node is perfectly reasonable

I'm not sure I agree with "reasonable"...more like "endemic".

and common.

With this, I agree.

But I see it all the time. Too many opinions about it.

I disagree with it's usage; but, to each their own.

@tjwebb
Copy link

tjwebb commented Mar 4, 2014

My use case is to be able to easily upgrade my system-wide services, running on nodejs, in the case of patch/security releases, and for those to be compatible with Travis-CI, which uses nvm. How else besides using sudo would one install nvm into the global PATH for this purpose? Or is there a better tool for this?

I guess the real problem is the generally crappy package manager support that node.js enjoys from most OS vendors.

@wilmoore
Copy link

wilmoore commented Mar 4, 2014

I guess the real problem is the generally crappy package manager support that node.js enjoys from most OS vendors.

Well, to be fair, every other language has to deal with those same crappy OS package managers. Actually, some are quite good, but the problem is maintenance. Sometimes you want 0.11.11 but good luck finding an OS packager maintainer that can (or will) keep up with that pace.

How else besides using sudo would one install nvm into the global PATH for this purpose? Or is there a better tool for this?

Maybe someone else can chime in...I don't have a good answer because I don't tend toward this particular workflow.

Today, I use docker (i.e. LXC container)...before docker existed, I would use VMs.

With docker, nvm isn't really needed. You just spin up a container with the exact version you care about.

I tend to use nvm on my dev machine, installed via homebrew and install nodes into my local user directory; where sudo is never needed.

@gagle
Copy link

gagle commented Sep 12, 2015

Setting this in ~/.profile worked for me:

alias sudo='sudo env PATH=$PATH:$NVM_BIN'

It's part of the nvm installation in vagrant:

Vagrantfile

config.vm.provision :shell, path: "vagrant/nodejs.sh", privileged: false

vagrant/nodejs.sh

sudo su vagrant -c "wget -qO- https://raw.githubusercontent.com/creationix/nvm/v0.26.1/install.sh | bash"

echo "
source /home/vagrant/.nvm/nvm.sh
alias sudo='sudo env PATH=\$PATH:\$NVM_BIN'
" >> /home/vagrant/.profile

export NVM_DIR="/home/vagrant/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"

nvm install stable
nvm alias default stable

Now I can do sudo node|npm|pm2|whatever.

@JCMais
Copy link

JCMais commented Sep 18, 2015

Thank you @gagle, that was the best solution I found.

@pedroxs
Copy link

pedroxs commented Oct 22, 2015

I like the solution pointed at this stackoverflow given by Digital Ocean. It solves the sudo problem and makes it easy to update root versions when needed.

@ljharb
Copy link
Member

ljharb commented Oct 22, 2015

You shouldn't need sudo for anything. Use authbind if you need to have node listen on privileged ports.

@qwelias
Copy link

qwelias commented Jun 29, 2016

@gagle for some reason NVM_BIN is not set at a time when ~/.profile is being executed.
EDIT: fixed by moving

alias sudo='sudo env PATH=$PATH:$NVM_BIN'

to ~/.bashrc after nvm.sh execution

@mightypenguin
Copy link

I believe the entire point of nvm was to make switching/using node easy and avoid these kinds of shenanigans of manually editing certain files for certain users and walking counter-clockwise during a full moon.

Rightly or wrongly a lot of node tools/modules REQUIRE being installed globally.

Can we please have a global install option when installing nvm?
If you are concerned about flavors of OS's you can have a folder with specific modules for each OS/Flavor. Some may not be supported. That's fine, people can contribute modules.

@ljharb
Copy link
Member

ljharb commented Sep 29, 2016

@mightypenguin nvm is not meant to be used across user accounts. Each user should have its own $NVM_DIR.

@mightypenguin
Copy link

So even if I wrote the code to make this cleanly possible there is no way you would consider pulling my changes?

@ljharb
Copy link
Member

ljharb commented Sep 29, 2016

@mightypenguin i'd be happy to take a look at it, but I'm very skeptical it could be cleanly possible due to all the permissions issues within nvm-managed node dirs.

@ljharb
Copy link
Member

ljharb commented Feb 9, 2017

@tetreault you should never use sudo for privileged ports; https://thomashunter.name/blog/using-authbind-with-node-js/ is a much safer approach.

@ljharb
Copy link
Member

ljharb commented Feb 9, 2017

I believe npm run runs things as nobody, and it's unable to sudo (for safety).

@Rafi993
Copy link

Rafi993 commented Jun 4, 2017

on debian (or ubuntu) based sytem in addition to setting the alias as @mpotra said you might need to run
sudo ln -s "$(which node)" /usr/local/bin/node for npm to work in sudo mode

@Spudz76
Copy link

Spudz76 commented Oct 7, 2017

authbind is great and all, but what about things like raw-socket? I use net-ping which pulls in raw-socket which can only work as root. Would some libcap thing work to bypass the "haxor crafty packet injection" usermode block?

@ljharb
Copy link
Member

ljharb commented Oct 8, 2017

"can only work as root" seems like a reason to not use a piece of software, tbh.

@Spudz76
Copy link

Spudz76 commented Oct 8, 2017

man 7 raw

So it appears that setting the CAP_NET_RAW for the node executable will open just a big enough hole for raw-socket to operate without root, maybe, but I"m skeptical (untested because I'm running it as root because I'm not paranoid).

sudo setcap cap_net_raw+eip $(eval readlink -f `which node`)

"Microsoft" is also a reason not to use a piece of software, but lots of poor souls use that, because they have no choice. I'd love to go fix everyone elses' software but sometimes you just need root to solve headaches and get it working NOW and in ALL CASES ensured.

And if it's just plain simpler to run as root and I accept the ramifications of doing so, it should be trivial. Maybe even a supported method to drop privs (like Apache httpd does?) so the whole process doesn't have to run as root (just the socket thread). And anyway this applet literally can't be exploited / never heard of a privilege escalation problem with Node.js / why be so paranoid when it is clearly unnecessary? Best practice is not the only practice and it's never best for every use case... such as on a VM where yippee you got root and can't do anything, gg hacker bruh.

@ljharb
Copy link
Member

ljharb commented Oct 9, 2017

At any rate, the way npm works is beyond the scope of this repo.

If you want nvm to work for a root user, then that root user needs to have its own installation of nvm.

@plastmasser
Copy link

on debian (or ubuntu) based sytem in addition to setting the alias as @mpotra said you might need to run
sudo ln -s "$(which node)" /usr/local/bin/node for npm to work in sudo mode

sudo ln -s "$(which node)" /usr/local/bin/node
outputs
ln: failed to create symbolic link '/usr/local/bin/node': File exists

@volodalexey
Copy link

I wanted to run some old-legacy sdk. This sdk should use old node v6.
Following command did not work for me:

sudo somesdk

Command 'node' not found

As suggested I switched to sudo:

sudo -s

Then I read nvm.sh for current user (e.g. someuser):

source /home/someuser/.nvm/nvm.sh

After this I have nvm for sudo (for current session, which is enough for me)

root@domain:~# nvm

Node Version Manager (v0.35.2)

@hinell
Copy link

hinell commented Mar 11, 2020

Here is an ad-hoc workaround you may want to use to run commands temporarily:

$ sudo PATH=$PATH bash -c "node ..."

For instance:

$ sudo PATH=$PATH bash -c "which node npm pnpm"
/home/alex/.nvm/versions/node/v13.10.1/bin/node
/home/alex/.nvm/versions/node/v13.10.1/bin/npm
/home/alex/.nvm/versions/node/v13.10.1/bin/pnpm

@sandro768
Copy link

sudo ln -s "$NVM_DIR/versions/node/$(nvm version)/bin/node" "/usr/local/bin/node"
sudo ln -s "$NVM_DIR/versions/node/$(nvm version)/bin/npm" "/usr/local/bin/npm"

Source - https://stackoverflow.com/questions/21215059/cant-use-nvm-from-root-or-sudo

@aderchox
Copy link

aderchox commented Aug 2, 2024

Ah this was really a pain as I thought the issue was with my script and wasted a few hours on it 😪

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
root / multiuser issues Anything related to using `sudo` or `su`, or using nvm across multiple user accounts.
Projects
None yet
Development

No branches or pull requests