nvm-sh / nvm

Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

alias node for sudoers

mpotra opened this issue · comments

When sudoing node, 'command not found' is issued, because on most systems PATH is reset on sudo, for security reasons.
This makes 'sudo node' not work anymore.

Simply adding the following line at the end of the nvm.sh script, would fix it:

alias node='$NVM_BIN/node'
//possibly adding an alias for npm as well?

This assumes .bashrc for user contains these 3 lines:

. ~/.nvm/nvm.sh

enable aliases in sudo

alias sudo='sudo '

Very neat idea. I don't want to add it to my nvm repo since it's a little invasive, but it's not hard for someone who wants to customize their environment.

I usually just source the nvm.sh file as root after running "sudo su" or modify root's .bashrc. I want more than just node when I run sudo and this way I get everything in the $NVM_BIN folder.

You are right, it might be a bit invasive and probably shouldn't be active in the release, but maybe just have it posted here or somewhere in future docs, so that people could find it easy.
Or maybe it might be better to have it in the script, but commented out, and people who need it, would just uncomment it - just a thought.

It took me a bit to figure this out, so probably this could save some time for others.

Modifying root's bashrc wasn't an option for my case, since we had a set-up with several users, each with its own node/nvm, and wanted to allow quick running through sudo (sudo node app_name), where necessary.
Including nvm.sh or the path/s in root's .bashrc would allow only for one single setup to run through sudo.

This is fantastic, I made the changes and it works like a charm.

What if I wanted to do something like sudo ENV1=val1 ENV2=val2 node server.js?

I am able to do that with other tools (I remember that forever never had an issue with it), however in my nvm-ized environment, I get sudo: node: command not found.

Any help would be much appreciated!

Does "nvm install" need sudo to run error-free?

@zakdances no, nvm installs node into a local folder inside your git clone of the nvm repo. Unless your user doesn't have write access to your own clone, then it should work fine without sudo. In fact, using sudo can break things since it creates files as the root user.

Hm, just stumbled upon this one when trying to install grunt globally.

Like @mpotra suggested, I had to also alias npm like so:
alias node='$NVM_BIN/node'
alias npm='$NVM_BIN/npm'

So that means that not a single node package intended for global availablity can be installed when using nvm by default, right? That should make quite some users having this scenario, I imagine.

How about inventing a special nvm mode so the aliases only get activated when users explicitly enter that mode?
When they leave the mode again, the aliases could get disabled.

This seems common enough that it should be added to the readme.

Yes, needing sudo on *nix systtems is very common.

As a suggestion, you could try a solution similar to what ruby version manager does http://rvm.io/integration/sudo

I was just told in the git mailing list that you should only very rarely use sudo. But I see it all the time. Too many opinions about it.

Using sudo to install node is perfectly reasonable and common. Running node itself as root is frowned upon. Unfortunately nvm makes this very difficult.

If anyone is looking for an easy way to install nvm globally: https://github.com/xtuple/nvm

There is no need to install node with sudo once you give the nvm directory the right permissions.
For example:
create a user group called nvm, add every user that need to use nvm to this group and change the permissions of your nvm dir to group writeable: chmod 2775 /usr/local/nvm (the first digit (2) is the setgid bit, explained here, which ensures the group for execution in this directory stays the same)

+1 for nvmsudo solution proposed by @treehau5

+1 for @koenpunt point on group access.

Using sudo to install node is perfectly reasonable

I'm not sure I agree with "reasonable"...more like "endemic".

and common.

With this, I agree.

But I see it all the time. Too many opinions about it.

I disagree with it's usage; but, to each their own.

My use case is to be able to easily upgrade my system-wide services, running on nodejs, in the case of patch/security releases, and for those to be compatible with Travis-CI, which uses nvm. How else besides using sudo would one install nvm into the global PATH for this purpose? Or is there a better tool for this?

I guess the real problem is the generally crappy package manager support that node.js enjoys from most OS vendors.

I guess the real problem is the generally crappy package manager support that node.js enjoys from most OS vendors.

Well, to be fair, every other language has to deal with those same crappy OS package managers. Actually, some are quite good, but the problem is maintenance. Sometimes you want 0.11.11 but good luck finding an OS packager maintainer that can (or will) keep up with that pace.

How else besides using sudo would one install nvm into the global PATH for this purpose? Or is there a better tool for this?

Maybe someone else can chime in...I don't have a good answer because I don't tend toward this particular workflow.

Today, I use docker (i.e. LXC container)...before docker existed, I would use VMs.

With docker, nvm isn't really needed. You just spin up a container with the exact version you care about.

I tend to use nvm on my dev machine, installed via homebrew and install nodes into my local user directory; where sudo is never needed.

Setting this in ~/.profile worked for me:

alias sudo='sudo env PATH=$PATH:$NVM_BIN'

It's part of the nvm installation in vagrant:


config.vm.provision :shell, path: "vagrant/nodejs.sh", privileged: false


sudo su vagrant -c "wget -qO- https://raw.githubusercontent.com/creationix/nvm/v0.26.1/install.sh | bash"

echo "
source /home/vagrant/.nvm/nvm.sh
alias sudo='sudo env PATH=\$PATH:\$NVM_BIN'
" >> /home/vagrant/.profile

export NVM_DIR="/home/vagrant/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"

nvm install stable
nvm alias default stable

Now I can do sudo node|npm|pm2|whatever.

Thank you @gagle, that was the best solution I found.

I like the solution pointed at this stackoverflow given by Digital Ocean. It solves the sudo problem and makes it easy to update root versions when needed.

You shouldn't need sudo for anything. Use authbind if you need to have node listen on privileged ports.

@gagle for some reason NVM_BIN is not set at a time when ~/.profile is being executed.
EDIT: fixed by moving

alias sudo='sudo env PATH=$PATH:$NVM_BIN'

to ~/.bashrc after nvm.sh execution

I believe the entire point of nvm was to make switching/using node easy and avoid these kinds of shenanigans of manually editing certain files for certain users and walking counter-clockwise during a full moon.

Rightly or wrongly a lot of node tools/modules REQUIRE being installed globally.

Can we please have a global install option when installing nvm?
If you are concerned about flavors of OS's you can have a folder with specific modules for each OS/Flavor. Some may not be supported. That's fine, people can contribute modules.

@mightypenguin nvm is not meant to be used across user accounts. Each user should have its own $NVM_DIR.

So even if I wrote the code to make this cleanly possible there is no way you would consider pulling my changes?

@mightypenguin i'd be happy to take a look at it, but I'm very skeptical it could be cleanly possible due to all the permissions issues within nvm-managed node dirs.

@tetreault you should never use sudo for privileged ports; https://thomashunter.name/blog/using-authbind-with-node-js/ is a much safer approach.

I believe npm run runs things as nobody, and it's unable to sudo (for safety).


on debian (or ubuntu) based sytem in addition to setting the alias as @mpotra said you might need to run
sudo ln -s "$(which node)" /usr/local/bin/node for npm to work in sudo mode

authbind is great and all, but what about things like raw-socket? I use net-ping which pulls in raw-socket which can only work as root. Would some libcap thing work to bypass the "haxor crafty packet injection" usermode block?

"can only work as root" seems like a reason to not use a piece of software, tbh.

man 7 raw

So it appears that setting the CAP_NET_RAW for the node executable will open just a big enough hole for raw-socket to operate without root, maybe, but I"m skeptical (untested because I'm running it as root because I'm not paranoid).

sudo setcap cap_net_raw+eip $(eval readlink -f `which node`)

"Microsoft" is also a reason not to use a piece of software, but lots of poor souls use that, because they have no choice. I'd love to go fix everyone elses' software but sometimes you just need root to solve headaches and get it working NOW and in ALL CASES ensured.

And if it's just plain simpler to run as root and I accept the ramifications of doing so, it should be trivial. Maybe even a supported method to drop privs (like Apache httpd does?) so the whole process doesn't have to run as root (just the socket thread). And anyway this applet literally can't be exploited / never heard of a privilege escalation problem with Node.js / why be so paranoid when it is clearly unnecessary? Best practice is not the only practice and it's never best for every use case... such as on a VM where yippee you got root and can't do anything, gg hacker bruh.

At any rate, the way npm works is beyond the scope of this repo.

If you want nvm to work for a root user, then that root user needs to have its own installation of nvm.

on debian (or ubuntu) based sytem in addition to setting the alias as @mpotra said you might need to run
sudo ln -s "$(which node)" /usr/local/bin/node for npm to work in sudo mode

sudo ln -s "$(which node)" /usr/local/bin/node
ln: failed to create symbolic link '/usr/local/bin/node': File exists

I wanted to run some old-legacy sdk. This sdk should use old node v6.
Following command did not work for me:

sudo somesdk

Command 'node' not found

As suggested I switched to sudo:

sudo -s

Then I read nvm.sh for current user (e.g. someuser):

source /home/someuser/.nvm/nvm.sh

After this I have nvm for sudo (for current session, which is enough for me)

root@domain:~# nvm

Node Version Manager (v0.35.2)

Here is an ad-hoc workaround you may want to use to run commands temporarily:

$ sudo PATH=$PATH bash -c "node ..."

For instance:

$ sudo PATH=$PATH bash -c "which node npm pnpm"
sudo ln -s "$NVM_DIR/versions/node/$(nvm version)/bin/node" "/usr/local/bin/node"
sudo ln -s "$NVM_DIR/versions/node/$(nvm version)/bin/npm" "/usr/local/bin/npm"

Source - https://stackoverflow.com/questions/21215059/cant-use-nvm-from-root-or-sudo