0

Tl;dr: I don't want npm to mess with my home directory while locally installing and updating packages. How do I do that?

I'm creating a systemd service with node and npm. To run this service, I created an underprivileged user account that doesn't own a home directory, let's call it my_service_user here. The project directory is stored within my desktop user's home directory, and it's owned by my_service_user.
The service needs to run npm commands like npm update <specific dependency>, but fails giving an EACCES error while trying to create /home/my_service_user/, which does not exist because my_service_user intentionally lacks a home directory to limit its privileges. Since I'm only installing and updating packages locally, npm shouldn't need access to the user's home directory in theory, at least in my understanding. Is there any workaround to install and update packages locally only using my_service_user's privileges?
Also note that other parts of the service script works just fine, the only issues are with the self updating part.

The following is the error in question (I changed out the username and other details because they shouldn't be the point of this question)

my_desktop_user $ cd project_directory
my_desktop_user $ sudo su my_service_user
my_service_user $ npm update <specific dependency>
npm ERR! code EACCES
npm ERR! syscall mkdir
npm ERR! path /home/my_service_user
npm ERR! errno -13
npm ERR! Error: EACCES: permission denied, mkdir '/home/my_service_user'
npm ERR!  { [Error: EACCES: permission denied, mkdir '/home/my_service_user']
npm ERR!   cause:
npm ERR!    { Error: EACCES: permission denied, mkdir '/home/my_service_user'
npm ERR!      errno: -13,
npm ERR!      code: 'EACCES',
npm ERR!      syscall: 'mkdir',
npm ERR!      path: '/home/my_service_user' },
npm ERR!   isOperational: true,
npm ERR!   stack:
npm ERR!    'Error: EACCES: permission denied, mkdir \'/home/my_service_user\'',
npm ERR!   errno: -13,
npm ERR!   code: 'EACCES',
npm ERR!   syscall: 'mkdir',
npm ERR!   path: '/home/my_service_user' }
npm ERR! 
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR! 
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator.
npm ERR! Response timeout while trying to fetch https://registry.npmjs.org/<specific dependency> (over 30000ms)

Edit: I did a little more research, and found out that npm checks ~/.config/ and .npmrc for configuration. I think likely solutions to this problem involve either

  1. doing something in package.json to disable the homing behavior
  2. making a fake root
  3. useing an alternative npmjs.com client

Also, I could run this service as a desktop user, but I'm not sure how safe it would be, since it will be running all the time in the background, and it will be remotely receiving updates. Maybe I'm just too paranoid.
Let me know if you need more information to answer this question.

OS: Ubuntu 20.04.3 LTS x86_64
npm version: 8.1.0
node version: v16.13.0

martian17
  • 418
  • 3
  • 14
  • 1
    Possible workaround, I found if you overwrite the HOME environment var you can choose a different directory, rather than automatically choosing the current user's homedir. In addition if you specify `--logs-max=0` it will assure no new files are written, however it seems the .npm dir is always created. – Nicholi Jun 04 '22 at 01:49
  • 1
    Relevant issue: https://github.com/npm/cli/issues/4769 – Nicholi Jun 04 '22 at 02:10

0 Answers0