My Rails app runs with nginx's www-data user and all disk write functions are owned by www-data and so all the app's related disk stored assets are owned by www-data. Sometimes I need to raise the Rails console and perform actions that touch or create stored assets and I do not want these touched/created assets to become owned by root or another admin user, I want them to remain owned by the www-data user. This worked fine under ruby 1.9.3 -> 2.6.x:
sudo -u www-data RAILS_MASTER_KEY=xxx RAILS_ENV=production bin/rails console
When I try this on ruby 2.7.x or 3.0.0, I get these errors:
Loading production environment (Rails 6.1.3)
/usr/lib/ruby/3.0.0/irb/ext/save-history.rb:98:in `stat': Permission denied @ rb_file_s_stat - /root/.irb_history (Errno::EACCES)
from /usr/lib/ruby/3.0.0/irb/ext/save-history.rb:98:in `save_history'
from /usr/lib/ruby/3.0.0/irb/ext/save-history.rb:60:in `block in extended'
from /usr/lib/ruby/3.0.0/irb.rb:475:in `block in run'
from /usr/lib/ruby/3.0.0/irb.rb:475:in `each'
from /usr/lib/ruby/3.0.0/irb.rb:475:in `ensure in run'
from /usr/lib/ruby/3.0.0/irb.rb:475:in `run'
from /usr/lib/ruby/3.0.0/irb.rb:400:in `start'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:70:in `start'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:19:in `start'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:102:in `perform'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/command.rb:27:in `run'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/invocation.rb:127:in `invoke_command'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor.rb:392:in `dispatch'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command/base.rb:69:in `perform'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command.rb:50:in `invoke'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands.rb:18:in `<top (required)>'
from bin/rails:4:in `require'
from bin/rails:4:in `<main>'
/usr/lib/ruby/3.0.0/reline/config.rb:124:in `readlines': Permission denied @ rb_sysopen - /root/.inputrc (Errno::EACCES)
from /usr/lib/ruby/3.0.0/reline/config.rb:124:in `read'
from /usr/lib/ruby/3.0.0/reline.rb:232:in `inner_readline'
from /usr/lib/ruby/3.0.0/reline.rb:175:in `readmultiline'
from /usr/lib/ruby/3.0.0/forwardable.rb:238:in `readmultiline'
from /usr/lib/ruby/3.0.0/forwardable.rb:238:in `readmultiline'
from /usr/lib/ruby/3.0.0/irb/input-method.rb:302:in `gets'
from /usr/lib/ruby/3.0.0/irb.rb:519:in `block (2 levels) in eval_input'
from /usr/lib/ruby/3.0.0/irb.rb:721:in `signal_status'
from /usr/lib/ruby/3.0.0/irb.rb:518:in `block in eval_input'
from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:202:in `lex'
from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:174:in `block (2 levels) in each_top_level_statement'
from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:171:in `loop'
from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:171:in `block in each_top_level_statement'
from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:170:in `catch'
from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:170:in `each_top_level_statement'
from /usr/lib/ruby/3.0.0/irb.rb:537:in `eval_input'
from /usr/lib/ruby/3.0.0/irb.rb:472:in `block in run'
from /usr/lib/ruby/3.0.0/irb.rb:471:in `catch'
from /usr/lib/ruby/3.0.0/irb.rb:471:in `run'
from /usr/lib/ruby/3.0.0/irb.rb:400:in `start'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:70:in `start'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:19:in `start'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:102:in `perform'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/command.rb:27:in `run'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/invocation.rb:127:in `invoke_command'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor.rb:392:in `dispatch'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command/base.rb:69:in `perform'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command.rb:50:in `invoke'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands.rb:18:in `<top (required)>'
from bin/rails:4:in `require'
from bin/rails:4:in `<main>'
I've tried creating a file at /root/.irb_history and given it world write permissions and I still get the same errors.
I'm compiling ruby from source on Ubuntu 18.04 and 20.04 with only the '--prefix=/usr' flag.
If I sudo su to an admin user account that is a full user with a home directory, etc, unlike the limited www-data user, or run as root I can raise the Rails console without errors (of course ownership of on disk assets is a problem).
If I run the sudo -u www-data bin/rails console command as a full admin user I can raise the console and only see errors once I exit the console like this:
irb(main):033:0> exit
/usr/lib/ruby/3.0.0/irb/ext/save-history.rb:108:in `initialize': Permission denied @ rb_sysopen - /home/[username]/.irb_history (Errno::EACCES)
from /usr/lib/ruby/3.0.0/irb/ext/save-history.rb:108:in `open'
from /usr/lib/ruby/3.0.0/irb/ext/save-history.rb:108:in `save_history'
from /usr/lib/ruby/3.0.0/irb/ext/save-history.rb:60:in `block in extended'
from /usr/lib/ruby/3.0.0/irb.rb:475:in `block in run'
from /usr/lib/ruby/3.0.0/irb.rb:475:in `each'
from /usr/lib/ruby/3.0.0/irb.rb:475:in `run'
from /usr/lib/ruby/3.0.0/irb.rb:400:in `start'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:70:in `start'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:19:in `start'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:102:in `perform'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/command.rb:27:in `run'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/invocation.rb:127:in `invoke_command'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor.rb:392:in `dispatch'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command/base.rb:69:in `perform'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command.rb:50:in `invoke'
from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands.rb:18:in `<top (required)>'
from bin/rails:4:in `require'
from bin/rails:4:in `<main>'
If I run it as root I get the errors above.
