Is it safe to run a ruby script using sudo? - ruby

I am running redmine on Ubuntu, and I am running it using sudo.
If I try to run as my redmine user, I get permission errors on the log file.
Is this safe? Should I be concerned?

You should be careful when running any sort of web application as root. Personally, I would not recommend it.
If permissions problems on the logfile are your only problems, the better solution would be to alter the permissions of the log files/folders. Make sure the log files belong to the user account that Redmine is running as (or have group write permissions and belong to the same group). You might have to use sudo to change those permissions, but it is much safer than running a web application as root.

Any time you run a script using sudo you should be concerned since in effect you are running the script as root. Therefore, to give an extreme example, if the script executes a command similar to rm -rf / you will wipe out the entire system....it's best not to use sudo to execute scripts unless you are completely aware of what the script is doing and any potentially tainted data that is consumed by it!

Related

How to solve Bundler::PermissionError There was an error while trying to write to... on windows

While running bundle install on windows I get the following error unless I run from an elevated prompt.
Bundler::PermissionError There was an error while trying to write to < path > It is likely that you need to grant write permissions for that path
While running the install from an elevated prompt works around the issue, it sounds like a huge security risk for the OS and I'd like to be able to install projects without running into the error.
While there are similar posts, they are all targeting linux or mac as far as I can tell.
Granting Modify and Write permissions to the following paths for the MachineName\Users group solved the issue. Alternatively you could change the owner from the administrators group to your current user or only grant that permission to your current user.
C:\Ruby32-x64\lib\ruby\gems\ruby-version\cache
C:\Ruby32-x64\lib\ruby\gems\ruby-version\extensions
C:\Ruby32-x64\lib\ruby\gems\ruby-version\specifications
C:\Ruby32-x64\lib\ruby\gems\ruby-version\gems
C:\Ruby32-x64\bin

How do i get rid of the sudo requirement?

I am using MacOS Catelina and i often have to run my terminal stuff with sudo otherwise they fail. like when i use Visual Studio and IONIC to add stuff to global or when it tries to create dir etc.
Is there a way to change the logged in user to run elevated commands in terminal without sudo ?
You either continue using sudo or switch current user to root (it's not a recommended way)
The user account named ”root” is a superuser with read and write
privileges to more areas of the system, including files in other macOS
user accounts. The root user is disabled by default. If you can log in
to your Mac with an administrator account, you can enable the root
user, then log in as the root user to complete your task.
The root user account is not intended for routine use. Its privileges
allow changes to files that are required by your Mac. To undo such
changes, you might need to reinstall your system software. You should
disable the root user after completing your task.
It's safer to use the sudo command in Terminal instead of enabling the
root user. To learn about sudo, open the Terminal app and enter man
sudo.
Taken from https://support.apple.com/en-us/HT204012

Heroku CLI only works from root

I'm not sure why, but I can only run the Heroku CLI from root, not from a user.
When I run from user I get
>>heroku -v
and that's it. Nothing comes, nothing happens, it just freezes.
However when I open a new terminal window and change to root, it works fine
>>sudo su
Password:
>>heroku -v
heroku-cli/6.15.26 (darwin-x64) node-v9.6.1
>>
I have already tried uninstalling and reinstalling over and over again, I've used the Heroku direct download, as well as Homebrew, but I can't get it to work. I'm not really sure what I did to break my CLI, but how do I fix it? Where should I even look to see what the actual problem is?
UPDATES:
I've also changed shell types, and that did nothing to fix the issue either. The shell lists Terminal -- node /usr/local/bin/heroku -v at the top, if that helps.
As per the comments below, we tried copying the directory that the root user uses into my .local/share but this did not solve the problem either.
Further, I opened my activity monitor, and any time I try to run Heroku, it shows that node is taking up 95-100% of my CPU.
Spent nearly 12 days chatting with heroku staff. It turns out if your .netrc file is long (mine was 1.9 million lines), their parser has issues reading it.
Solution:
$ rm ~/.netrc
$ heroku login
Once the file is removed and you re-login it will create a new .netrc file without issues.
Why this happens:
My crontab uses an expect script to login to the blank environment. If you login over, and over and over, the .netrc file becomes huge.

Meteor requires sudo to run

Previously I was able to start Meteor 0.6.6.3 by simply running mrt.
Recently, Meteor 0.7.0.1 wont run properly unless I run it as root with sudo mrt. Environmental variables like MONGO_URL requires root to set it.
Any ideas what happened? I'm using Mountain Lion on Mac OSX.
You might have run it with sudo once before. When you run it with sudo just once and a file is written the files become root files root user file so it needs more permissions to run and wont run
ordinarily.
You might have run sudo mrt once it must have updated files for a package but they're now owned by root instead of your normal user.
I'm sure theres a terminal command to get it back but using Disk Utility and running 'Repair Disk Permissions' can also fix it (i think).

Mac installer package - how to run scripts as root or admin? (postflight)

I have created the Mac Package in order to install some of my stuff. I have the postflight script that is supposed to copy over some data to /Library/Application Support/Apple/Mail/Stationery/Apple/Contents/Resources/Stationery/Contents/Resources/ - and for reasons mentioned in here: How can I build a Mac package on linux? (BOM file problem) it needs to be postflight script.
However it did not work (it was just downloading a zip file, unpacking it and cp to mentioned location). So I've checked the errors by adding 2> to cp and here's what happened:
cp: /Library/Application Support/Apple/Mail/Stationery/Apple/Contents/Resources/Stationery/Contents/Resources/: Permission denied
I've double check my Info.plist and looks like proper setting is preserved:
<key>IFPkgFlagAuthorizationAction</key>
<string>RootAuthorization</string>
But the script still don't have permissions. I've tried the "whoami" and it returned currently logged in user. What's more curious, the installer ia actually asking for admin authentication. You guys have any ideas what should I do to have this script running as root/admin/whoever with greater permissions?
The fact that the installer is bringing up the admin authentication alert means that the installer is already authenticated (presumably to install files into admin/root-only places).
If I remember correctly, in my own Postflight scripts, I added calls to sudo within the script to do admin/root privileged things. Try that approach and see if it works. I don't know if this is the "best practice" approach though (or maybe it is, since installers can be signed).
I think it's impossible in Lion.Installer of Lion launches scripts from current user.

Resources