We've noticed an occasional bug at npm during the analyzer's tar extraction step:
tar files are extracted into the /tmp/npms-analyzer folder which has world readable permissions.
occasionally a tar file extracts that changes the permissions, this results in a file being created that cannot be accessed by npms-analyzer.
the analyzer, in turn, starts crashing.
This might be related to the settings --same-owner, and --preserve-permissions but it seems like these settings should be defaulting appropriately for a non-super user (our analyzer is run as ubuntu):
# npms-analyzer-consume node 0
description "rank packages based on several metrics"
start on started network-services
stop on stopping network-services
respawn
setuid ubuntu
setgid ubuntu
We do not currently use bsdtar, so one thought I had was perhaps switching to the default tar program that npms-analyzer looks for might solve the problem?
any thoughts, have you bumped into anything similar?
We've noticed an occasional bug at npm during the analyzer's tar extraction step:
/tmp/npms-analyzer
folder which has world readable permissions.npms-analyzer
.This might be related to the settings
--same-owner
, and--preserve-permissions
but it seems like these settings should be defaulting appropriately for a non-super user (our analyzer is run asubuntu
):We do not currently use
bsdtar
, so one thought I had was perhaps switching to the default tar program thatnpms-analyzer
looks for might solve the problem?any thoughts, have you bumped into anything similar?