Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot create directory[/opt/homebrew-cask] when running chef-client as a non-root user #70

Closed
glevine opened this issue Apr 29, 2015 · 8 comments

Comments

@glevine
Copy link

glevine commented Apr 29, 2015

When ensuring directories, the cask recipe makes the assumption that chef-client has been run either as root or with elevated privileges. If running chef-client in local mode as the current user, I run into the following error.

================================================================================
Error executing action `create` on resource 'directory[/opt/homebrew-cask]'
================================================================================

Chef::Exceptions::InsufficientPermissions
-----------------------------------------
Cannot create directory[/opt/homebrew-cask] at /opt/homebrew-cask due to insufficient permissions

Resource Declaration:
---------------------
# In /Users/glevine/.chef/local-mode-cache/cache/cookbooks/homebrew/recipes/cask.rb

 31: directory '/opt/homebrew-cask' do
 32:   owner node['homebrew']['owner'] || homebrew_owner
 33:   mode 00775
 34: end
 35: 

Compiled Resource:
------------------
# Declared in /Users/glevine/.chef/local-mode-cache/cache/cookbooks/homebrew/recipes/cask.rb:31:in `from_file'

directory("/opt/homebrew-cask") do
  action :create
  retries 0
  retry_delay 2
  default_guard_interpreter :default
  path "/opt/homebrew-cask"
  declared_type :directory
  cookbook_name "homebrew"
  recipe_name "cask"
  homebrew_owner 501
  owner 501
  mode 509
end

[2015-04-28T23:06:01-04:00] INFO: Running queued delayed notifications before re-raising exception
[2015-04-28T23:06:01-04:00] DEBUG: Re-raising exception: Chef::Exceptions::InsufficientPermissions - directory[/opt/homebrew-cask] (homebrew::cask line 31) had an error: Chef::Exceptions::InsufficientPermissions: Cannot create directory[/opt/homebrew-cask] at /opt/homebrew-cask due to insufficient permissions

The java cookbook includes the homebrew::cask recipe in its homebrew recipe (https://github.com/agileorbit-cookbooks/java/blob/master/recipes/homebrew.rb). So when installing Java using Homebrew, it seems like it is a requirement to run chef-client as root. This has two smells to me:

  1. The user is effectively required to install Java as root, which runs counter to how Homebrew is designed.
  2. Even if I wrote a wrapper script to create the directory before calling chef-client, then I would still run into this issue anytime I tried to use the java community cookbook.

The java cookbook is just an example, though. This could be true for any dependent cookbook. But it is especially difficult to work around when trying to use community cookbooks.

Maybe this could be passed off as an issue with the java cookbook. But it just feels like cookbooks dependent on the homebrew cookbook are not expecting this cookbook to behave this way -- if being permission agnostic is a goal.

@jtimberman
Copy link
Contributor

If running chef-client in local mode as the current user, I run into the following error.

Yes. This is actually expected, as /opt is not writable by the normal user. A thing that Homebrew and Homebrew Cask do is shell out with sudo to create the directories they need.

When running these recipes with Chef, it's possible that sudo is executed transparently when they're installing, or it might prompt for a password. Either way, while homebrew recommends against doing things with sudo, the fact is you still need to do certain things on your system with elevated privileges. For example, when you install software from a .pkg, and you get prompted for your password by OS X, that's a sudo prompt that it's going to use behind the GUI to perform the installation.

@glevine
Copy link
Author

glevine commented May 8, 2015

In my case, I already have Homebrew and Cask installed. So when testing a recipe, I wasn't expecting this failure. If I run chef-client in local mode as myself and /opt/homebrew-cask already exists (and is owned by me), then I would expect everything to run just fine. If that directory didn't already exist in such a state, then I would totally understand the error.

The Cask installer requires sudo to create its directories, but then it modifies the permissions of everything except /opt so that sudo isn't necessary for installations of software. My point about it being counter to Homebrew's recommendations was only that after installation of the tool, sudo should no longer be necessary.

So I guess the real issue is that the cask recipe isn't taking into account whether or not those directories already exist and are in the correct state. The default recipe uses a not_if (https://github.com/opscode-cookbooks/homebrew/blob/master/recipes/default.rb#L37) to prevent a second attempt at installing Homebrew. It may not be as trivial, but I feel like the the cask recipe should avoid repeating installation steps, too.

Maybe the root cause is in the way that directory works and is thus an issue with chef itself? It appears to attempt to make the directory as opposed to testing its state first. Although, that is just speculation on my part.

@kbruner
Copy link

kbruner commented May 23, 2015

+1 Same problem here. /opt/homebrew-cask already exists, is already owned by the homebrew user. And yes, it's because the chef directory resource provider checks permissions of the parent directory before it checks whether it even needs to take action.

@glevine
Copy link
Author

glevine commented Jun 2, 2015

Is it best to open an issue against chef for the directory resource provider? I just don't know enough about the existing use cases of that resource provider to know if it would open a can of worms.

@glevine
Copy link
Author

glevine commented Sep 2, 2015

@jtimberman Do you have an opinion about how best to handle this? Thanks.

@seanfisk
Copy link
Contributor

I have been having this same problem as well. Do we even need the following code? Doesn't the Cask installer create these directories if they don't exist?

directory '/Library/Caches/Homebrew/Casks' do
  owner homebrew_owner
  mode 00775
  only_if { ::Dir.exist?('/Library/Caches/Homebrew') }
end

directory '/opt/homebrew-cask' do
  owner homebrew_owner
  mode 00775
  recursive true
end

directory '/opt/homebrew-cask/Caskroom' do
  owner homebrew_owner
  mode 00775
end

@aramprice
Copy link

Relatedly the default Caskroom location has moved per #100 and Homebrew/homebrew-cask#21603

seanfisk added a commit to seanfisk/personal-chef-repo that referenced this issue Jun 26, 2016
Disable installation of Casks while these issues are being worked out:

- sous-chefs/homebrew#70
- sous-chefs/homebrew#100
@tas50
Copy link
Contributor

tas50 commented Sep 6, 2016

We no longer manage this directory in the latest version so I'm going to close this out

@tas50 tas50 closed this as completed Sep 6, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants