For example, when setting up a new personal machine (mac or linux), I would chown /usr/local to belong to my login user, hence not having to sudo global npm actions. If I were to use the superuser later for whatever reason, then that trumps any lower permissions, and so on.
What's the canonical opinion about this? Would this advice differ from development environments to production ones..?
What's the issue with root owning the globally installed npm modules? Permissions should be set by npm so that whatever utilities are still be executable by your user.
Maybe it's common but I've never heard of anyone chowning /usr/local to their main user. It seems especially dangerous if there's applications in there that expect to run under their own special user account.
Personally, I wouldn't do that in Dev or Production. The way I see it global installs from npm are used to install things to the PATH, like applications, not necessarily to retrieve source code for development, like regular installs. In the same way you need sudo to install from your system repositories, you need sudo to install from npm globally.
I assume this is mainly because, correct me if I'm wrong, Linux is a multi user system by nature. You don't want just anyone or any user account to have access to edit the paths where shared user applications get installed.
Forcing everything to be owned by your user may prevent you from having to type sudo but I'm not sure I see any other advantages.
댓글 없음:
댓글 쓰기