search

coreybutler / nvm-windows

A node.js version management utility for Windows. Ironically written in Go.
MIT License
37.28k stars 3.32k forks source link

[bug] - nvm runs even without admin privileges #1046

Closed JorensM closed 11 months ago

JorensM commented 12 months ago

What happened?

At some point my nvm use command stopped complaining about missing admin privileges.

nvm-without-admin

As you can see in the screenshot above, I've ran nvm use without having run the CMD as an admin(you can tell by the title of the window).

Thing to note: I had installed another nvm-windows instance on a different Windows user for testing. The other installation is separate from the original one though - it has a different appdata folder and a different symlink folder. But I think I still had the admin privilege error present even after installing nvm on the other user - I'm not sure.

What did you expect to happen?

I expected nvm use to complain that I don't have admin rights to run the command.

Version

1.1.11 or newer (Default)

Which version of Windows?

No response

Which locale?

None

Which shell are you running NVM4W in?

No response

User Permissions?

Administrative Privileges, Elevated

Is Developer Mode enabled?

None

Relevant log/console output

No response

Debug Output

Windows Developer Mode: UNKNOWN (user cannot read registry)

NVM4W Version:      1.1.11
NVM4W Path:         C:\Users\lucky\AppData\Roaming\nvm\nvm.exe
NVM4W Settings:     C:\Users\lucky\AppData\Roaming\nvm\settings.txt
NVM_HOME:           C:\Users\lucky\AppData\Roaming\nvm
NVM_SYMLINK:        C:\Program Files\nodejs
Node Installations: C:\Users\lucky\AppData\Roaming\nvm

Active Node.js Version: none
(run "nvm use <version>" to activate a version)

PROBLEMS DETECTED
-----------------
"C:\WINDOWS\system32\cmd.exe - nvm  debug" is not an officially supported shell. Some features may not work as expected.

Find help at https://github.com/coreybutler/nvm-windows/wiki/Common-Issues

Anything else?

No response

coreybutler commented 12 months ago

This happens in one of two scenarios I can think of:

  1. Installing for all users (as opposed to one user).
  2. Selecting the same NVM_SYMLINK target directory for each different installation (i.e. both use C:\nvm).
icharge commented 11 months ago

@coreybutler I tested on my work laptop. It can use mklink /J instead of mklink /D that required administrator.

coreybutler commented 11 months ago

@icharge if your work laptop has Developer Mode enabled or an AD group policy granting symlink privileges, then it will work.

As I've said many times before, junctions are not an acceptable option at this time because they do not work across network drives. Given how many enterprises rely on this (SAN drives), it would be a breaking change for nearly half the NVM4W user base.

icharge commented 11 months ago

@icharge if your work laptop has Developer Mode enabled or an AD group policy granting symlink privileges, then it will work.

As I've said many times before, junctions are not an acceptable option at this time because they do not work across network drives. Given how many enterprises rely on this (SAN drives), it would be a breaking change for nearly half the NVM4W user base.

That’s problem. I can’t enable developer mode due to company’s policy. That was crazy.

What if it can be configurable.

Edit: I just see Scoop app can install many applications without admin. they use symbolic link too. I not sure about the method. it would be junctions I guess.

coreybutler commented 11 months ago

@icharge - I've thought about making it configurable, but there's a whole different set of edge cases to deal with. I don't have time to do that. I've frozen feature development in order to work on the successor project: Runtime.

The bottom line is installing multiple versions of Node is... you know, installing multiple applications. It's not unusual for companies to block this. The entire reason Microsoft created Developer Mode is so companies could allow a few "power" features for those who need it without destroying their carefully crafted security policies. That's a fancy way of saying that your company will have to grant you some sort of access at some point if you're going to install multiple versions of Node. Most employers do this at some point (even strict ones, like some governments and militaries). I've worked with countless cybersecurity groups to allow-list NVM4W. If your company needs something specific to deploy NVM4W, I'm happy to talk to the cybersecurity team.

When all else fails, I tend to recommend installing NVM4W on a non-protected directory, and setting the symlink to a non-protected directory as well. For example, install to C:\nvm4w and symlink to C:\nodejs. You still need permission to use the underlying mklink capability, but this eliminates the possibility of messing with C:\Program Files (a Windows protected directory).

coreybutler commented 11 months ago

I'm closing because this isn't really a bug. In fact, running without admin privileges is a frequently requested feature.