Bug 30220

Created attachment 13210 [details]
Output from trying to install yarn plus equivalent info

CC: (none) => lovaren

If I execute npm to install with --global ( that's what we're supposed to be doing according to https://classic.yarnpkg.com/lang/en/docs/install/#debian-stable ) wouldn't that mean that my user would be able to install through sudo or did I misunderstand --global?

https://classic.yarnpkg.com/en/docs/cli/global shows nothing about root permission.

How is this a bug? Installing a package for all users of the system requires
root privileges, as it should. As per the page referenced in comment 2, see the
"Defining install location" if you want to install things just for that user.

CC: (none) => davidwhodgins

(In reply to Dave Hodgins from comment #3)
> How is this a bug? Installing a package for all users of the system requires
> root privileges, as it should. As per the page referenced in comment 2, see
> the
> "Defining install location" if you want to install things just for that user.

Uuuuuuhm. npm instructions doesn't tell the user to become root for the installation to work so the guide is somewhat vague.

Can there be a sentence (in case of this error) that points a user to try the command as sudo?

From "Defining install location" ...
 You can configure the base location with yarn config set prefix <filepath>. For example, yarn config set prefix ~/.yarn will ensure all global packages will have their executables installed to ~/.yarn/bin.

That should stop it from trying to write to the system directories in /usr.

(In reply to Dave Hodgins from comment #5)
> From "Defining install location" ...
>  You can configure the base location with yarn config set prefix <filepath>.
> For example, yarn config set prefix ~/.yarn will ensure all global packages
> will have their executables installed to ~/.yarn/bin.
> 
> That should stop it from trying to write to the system directories in /usr.

Yes, but the npm package that we have doesn't seem to take that into consideration when installing yarn.

Anyway to adjust that?

Just tried it in an install where I hadn't used npm before ...
[dave@x8v ~]$ npm install yarn

> yarn@1.22.18 preinstall /home/dave/node_modules/yarn
> :; (node ./preinstall.js > /dev/null 2>&1 || true)

npm WARN saveError ENOENT: no such file or directory, open '/home/dave/package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open '/home/dave/package.json'
npm WARN dave No description
npm WARN dave No repository field.
npm WARN dave No README data
npm WARN dave No license field.

+ yarn@1.22.18
added 1 package and audited 1 package in 1.417s
found 0 vulnerabilities

So yarn was installed in ~/node_modules/.

In https://classic.yarnpkg.com/en/docs/cli/global the top part has ...
Install packages globally on your operating system.
# yarn global <add/bin/list/remove/upgrade> [--prefix]

The # preceding the yarn global command indicates it should be run by root.

As to the rest of the examples, either the author has modified their system
to allow regular users to write to /usr/local, or is using a distribution where
that is the default. According to https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html /usr/local is for system administrators (aka root) to install
packages, not regular users.

Going back to the beginning,
> Run npm install --global yarn
> The installation fails due to not having write access to /usr/lib/node_modules
this in itself suggests the sensible need to be root to write to /usr/lib. You did not say whether you ran it as normal user, but it looks like that.

From the previous comment,
> The # preceding the yarn global command indicates it should be run by root
which is standard notation. And the last paragraph above is definitive.

So this is not a Mageia bug, just a usability thing. Closing it.

Status: NEW => RESOLVED
CC: (none) => lewyssmith
Resolution: (none) => INVALID