Closed maethor closed 3 years ago
I would suggest at least using the "$HOME" variable, and adding a condition, like what rbenv role is doing: https://github.com/zzet/rbenv/blob/master/templates/rbenv_user.sh.j2
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read this blog post to see the reasons why I mark issues as stale.
Somehow related: https://github.com/geerlingguy/ansible-role-nodejs/pull/111 (this is one of the scenarios I wanted to avoid).
This issue is no longer marked for closure.
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read this blog post to see the reasons why I mark issues as stale.
See #111 — for convenience I'd rather keep the default so node things work okay (unless there's a better way of doing global installs nowadays?), but I think #111 would offer a good option for those who know what they're doing and want to avoid this pitfall.
This issue is no longer marked for closure.
Workaround implemented in #111.
In
tasks/main.yml
this role addsnpm.sh
in/etc/profile.d
, which edit the PATH variable for all users.As a result,
{{ npm_config_prefix }}/bin
is prepended to the PATH of the root user. But{{ npm_config_prefix }}/bin
may not be owned by root, which gives power to an unprivileged user to override any binary and quickly gain root privileges.