1.0.2 • Published 3 years ago

@cb1kenobi/postinstall-test v1.0.2

Weekly downloads
1
License
-
Repository
-
Last release
3 years ago

postinstall test

This package does nothing other than runs a postinstall script that outputs the current user and group.

Run Test

npm i @cb1kenobi/postinstall-test
npm i -g @cb1kenobi/postinstall-test

macOS Results

Tested with Node.js 14.15.0.

Local Install

Normal User (chris)

sudoUnsafe PermgidegidSUDO_GIDuideuidSUDO_UID
No20 (staff)20 (staff)n/a501 (chris)501 (chris)n/a
NoYes20 (staff)20 (staff)n/a501 (chris)501 (chris)n/a
Yes20 (staff)20 (staff)20 (staff)501 (chris)501 (chris)501 (chris)
YesYes0 (wheel)0 (wheel)20 (staff)0 (root)0 (root)501 (chris)

Root User (root)

sudoUnsafe PermgidegidSUDO_GIDuideuidSUDO_UID
No0 (wheel)0 (wheel)n/aprefix ownerprefix ownern/a
NoYes0 (wheel)0 (wheel)n/a0 (root)0 (root)n/a
Yes0 (wheel)0 (wheel)0 (wheel)0 (root)0 (root)0 (root)
YesYes0 (wheel)0 (wheel)0 (wheel)0 (root)0 (root)0 (root)

Global Install

Normal User (chris)

sudoUnsafe PermgidegidSUDO_GIDuideuidSUDO_UID
No20 (staff)20 (staff)n/a501 (chris)501 (chris)n/a
NoYes20 (staff)20 (staff)n/a501 (chris)501 (chris)n/a
Yes20 (staff)20 (staff)20 (staff)4294967294 (nobody)4294967294 (nobody)501 (chris)
YesYes0 (wheel)0 (wheel)20 (staff)0 (root)0 (root)501 (chris)

Root User (root)

sudoUnsafe PermgidegidSUDO_GIDuideuidSUDO_UID
No0 (wheel)0 (wheel)n/a4294967294 (nobody)4294967294 (nobody)n/a
NoYes0 (wheel)0 (wheel)n/a0 (root)0 (root)n/a
Yes0 (wheel)0 (wheel)0 (wheel)4294967294 (nobody)4294967294 (nobody)0 (root)
YesYes0 (wheel)0 (wheel)0 (wheel)0 (root)0 (root)0 (root)

Conclusion

The post install script is executed as one of the following users:

  1. Current user
  2. nobody
  3. root

Write permissions are only a problem when the package is installed globally. npm skips the SUDO_UID check if the --global flag is present and force the user to be nobody unless --unsafe-perm is set.

cross-env
@infinitebrahmanuniverse/nolb-_cb@everything-registry/sub-chunk-159
1.0.2

3 years ago

1.0.1

3 years ago

1.0.0

3 years ago