Install-Module requires PowerShell to be run as root under Mac OS X

[SteveL-MSFT]

From @ffeldhaus on September 16, 2016 18:19

Steps to reproduce

Install PowerShell 6 Alpha 10 and run powershell as a user who is not root nor member of the wheel group. Then run Install-Module -Name Posh-SSH which will fail with exception Could not find a part of the path.

Expected behavior

Either users who are not root nor member of the wheel group should be able to install Modules via Install-Module or if, for security reasons, installing modules should only be allowed to the root user or members of the wheel group, then Install-Module should fail with a hint that root privileges are required.

Actual behavior

PS /Users/ffeldhaus> Install-Module -Name Posh-SSH                                                                      

Untrusted repository
     PackageManagement\Install-Package : Could not find a part of the path                                              
'/usr/local/microsoft/powershell/6.0.0-alpha.10/Modules/Posh-SSH/1.7.6'.                                                
At /usr/local/microsoft/powershell/6.0.0-alpha.10/Modules/PowerShellGet/PSModule.psm1:1711 char:21                      
+ ...          $null = PackageManagement\Install-Package @PSBoundParameters 
+                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                                 
+ CategoryInfo          : NotSpecified: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package], Exception
    + FullyQualifiedErrorId : System.IO.DirectoryNotFoundException,Microsoft.PowerShell.Commands.CopyItemCommand,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackage

Environment data

PS /Users/ffeldhaus>  $PSVersionTable                                                                                   

Name                           Value                                                                                   
----                           -----                                                                                   
PSVersion                      6.0.0-alpha                                                                             
PSEdition                      Core                                                                                    
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                 
BuildVersion                   3.0.0.0                                                                                 
GitCommitId                    v6.0.0-alpha.10                                                                         
CLRVersion                                                                                                             
WSManStackVersion              3.0                                                                                     
PSRemotingProtocolVersion      2.3                                                                                     
SerializationVersion           1.1.0.1

Copied from original issue: PowerShell/PowerShell#2286

[SteveL-MSFT]

From @DHowett on September 17, 2016 5:1

On Windows / PowerShell Desktop it looks like there is a proper permissions warning:

Install-Module : Administrator rights are required to install modules in 'C:\Program
Files\WindowsPowerShell\Modules'. Log on to the computer with an account that has Administrator rights,
and then try again, or install 'C:\Users\Dustin\Documents\WindowsPowerShell\Modules' by adding "-Scope
CurrentUser" to your command. You can also try running the Windows PowerShell session with elevated
rights (Run as Administrator).

Out of curiosity, does Install-Module -Scope CurrentUser <module> work? That is the idiomatic way to install a module without root privileges.

[SteveL-MSFT]

From @ffeldhaus on September 17, 2016 10:2

Yes, Install-Module -Scope CurrentUser <module> works. Interestingly, Uninstall-Module run as a non root user when the module was installed by a root user gives the following warning followed by an exception which points to missing permissions:

WARNING: The version '1.7.6' of module 'Posh-SSH' is currently in use. Retry the operation after closing the 
applications.
PackageManagement\Uninstall-Package : Module 'Posh-SSH' is in currently in use or you don't have the required 
permissions.

I would suggest to implement a similar warning for Install-Module as shown in Windows PowerShell to close this isssue.

[SteveL-MSFT]

From @bmanikm on September 19, 2016 17:55

@ffeldhaus Is it possible to provide more details on how to determine a user who is not root nor member of the wheel group?

[SteveL-MSFT]

From @DHowett on September 19, 2016 18:5

In this case, it should only be restricted to those with write access to the modules directory. Any user/group membership check would fail to paint the full picture.

A system administrator could set the module directory to be owned by root:netusers and give it g=rwx permissions. That way, all netusers group members would be able to install modules, regardless of whether they were actually the system administrator.

The access syscall would help here (example in C):

if (0 == access(MODULE_DIRECTORY, W_OK)) {
    // module installation is allowed
}

[DHowett]

Is this issue closed as resolved or closed as “won’t fix”?

[bmanikm]

@DHowett Apologies, this was closed by mistake.

On PWSH, AllUsers scope install location has been changed to SHARED_MODULES location (i.e., $PSHOME\..\Modules for modules and $PSHOME\..\Scripts for scripts) (#175).

[edyoung]

The default scope for Install-Module is CurrentUser in PowerShellGet 2.0.0 and above. I think that addresses the bulk of this, so resolving.