29

If you run ruby bundler from the command line while logged in as root, you get the following warning:

Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will break this application for all non-root users on this machine.

What is this exact difference that running bundler as root makes to the gems it installs?

Is it to do with the permissions of the actual files that it installs for each gem? Will Ruby try to access the gem files as a non-root user (and if so, what user / group would Ruby use and how would I find out)?

What would be the symptoms of an application that is broken due to bundler being used as root?

My specific reason for asking is because I'm trying to use bundler on a very basic Centos VPS where I have no need to set up any non-root users. I'm having other problems with gems installed via bundler (Error: file to import not found or unreadable: gemname despite the gem in question being present in gem list), and I'm wondering if installing the gems via bundler as root might have made the files unreadable to Ruby.

I want to work out if I do need to set up a non-root user account purely for running bundler, and if I do, what groups and privileges this user will need to allow Ruby to run the gems bundler installs.

Or can I just chown or chgrp the gem folders? If so, does it depend on anything to do with how Ruby is installed? (I used RVM and my gems end up in /usr/local/rvm/gems/ which is owned by root in group rvm) This loosely related question's answer implies that unspecified aspects of how Ruby is installed influence bundler's permissions requirements.

Researching the "Don't run bundler as root" message only comes up with an unanswered question and complaints that this warning is apparently "like it saying to go to sleep at 8PM" (link contains NSFW language).

Community
  • 1
  • 1
user56reinstatemonica8
  • 32,576
  • 21
  • 101
  • 125

1 Answers1

20

So I had to dig into the git log history of bundler's repo, because GitHub doesn't allow search in git commits messages anymore.

The commit c1b3fd165b2ec97fb254a76eaa3900bc4857a357 says :

Print warning when bundler is run by root. When a user runs bundle install with sudo bundler will print a warning, letting them know of potential consequences.

closes #2936

Reading this issue, you understand the real reason you should not use the root user:

Running sudo bundle install can cause huge and cascading problems for users trying to install gems on OS X into the system gems. We should print a warning and explain that Bundler will prompt for sudo if it's needed. We should also warn people that sudo bundle will break git gems, because they have to be writable by the user that Bundler runs as.

Community
  • 1
  • 1
Pak
  • 2,123
  • 22
  • 28
  • 5
    Nice, great answer, thanks! Side note, those guys really aren't doing anything to challenge the stereotype that programmers aren't good at communication or writing clear user-facing messages... – user56reinstatemonica8 Dec 16 '15 at 17:48
  • 9
    Nice! In a development environment where most people "live," the warning is great advice. But the Ruby culture is a bit myopic ("opinionated"?) on this issue. On a server deploy for example, there is a good case for skipping RVM, RBENV, and all the related hoopla and simply installing one version of Ruby and all the Gems in one place as root. Especially these days when, if you need another user/user environment, you just spin up a different VM. It's easy to waste more time on getting the multi-Ruby/Gem environment right that on the rest of the deployment. – Tom Wilson Dec 19 '16 at 15:39
  • 2
    So this warning is only for OS X stuff? I mean on a standard nix it would be ok? – 4wk_ Jun 06 '18 at 07:07
  • @4wk_ I guess so, unless there are other unintended, unknown side effects ;) – Pak Jun 07 '18 at 07:42
  • 5
    What should you do once you already screwed up and ran the bundler as root to install something? – cloneman Dec 22 '18 at 08:12
  • 5
    Would be great to have the ability to disable the message, when the user does know what he/she is doing. bundle --really – Kevin Buchs Aug 29 '19 at 16:51
  • 1
    You can silence the babysitter with `bundle config --global silence_root_warning true` – JGurtz Jun 23 '21 at 20:11
  • @cloneman remove /var/lib/gems/{version}/bundler ; that solves the problem with "sudo bundle will break git gems" at least. Then, obviously, bundle install again as user. – Honza Oct 13 '21 at 17:47
  • 1
    Just came here to provide similar feedback to @JGurtz. For any given run of `bundle` you can set/export`BUNDLE_SILENCE_ROOT_WARNING=true` in the environment you're bundling. – stringsn88keys May 06 '22 at 17:51