Closed XadillaX closed 8 years ago
+1
There is work going on in https://github.com/libuv/libuv/pull/742 to get the current user's password file entry. This would bypass the HOME
check.
I wrote a package called real-homedir.
Actrully it's a copy of uv_os_homedir()
but remove checking getenv("HOME")
for getting real home directory.
So what I mean is that to replace os.homedir()
or write a new function like os.realHomedir()
for the situation above.
@cjihrig
@XadillaX I don't think adding the new function os.realHomedir
is a flawless solution, which would cause more confusion at user-land.
IIRC there was actually requests to use $HOME
if it existed..
@Fishrock123 Yeah I agree with $HOME
.
But I'm talking about the situation above like sudo -u foo node mycli.js
. It's the situation which mutually exclusive with $HOME
.
How to solve it in Node.js and let developers be comfortable with it?
+1. provide warning when sudo -u
to get the os.homedir() maybe nice.
Moving forward, you can use os.userInfo().homedir
. It skips the environment variable check, and returns the information for the effective user.
I saw
os.homedir()
is directly usinguv_os_homedir
and it has an strange feature.It will check the environment variable first and then check for the real home directory.
And someone discussed here for the reason.
But I think there's still a problem.
Consider one situation:
One solution is to edit
/etc/sudoers
:And another method is using
-i
argument._For further reading you can go to this article. (It was written in Chinese by @Amunu)_
But I think why don't we wrote a
os.realHomedir()
or removing checkingHOME
inrealhomedir()
? Not all of us (normal developers) have the permission to access configuration files on our online servers.