From bad55cdc6a99453c718ef1a2ab2c63efc110ef3f Mon Sep 17 00:00:00 2001 From: isaacs Date: Wed, 4 Dec 2019 12:28:19 -0800 Subject: [PATCH] fix: Do not drop perms in git when not root Forward port of 5f3304028b6985fd380fc77c4840ff12a4898301 Fix https://github.com/npm/cli/issues/476 for pacote v10. Fix https://github.com/npm/pacote/issues/22 --- lib/util/git/opts.js | 5 +++-- test/util/git/opts.js | 52 +++++++++++++++++++++++++++++++------------ 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/lib/util/git/opts.js b/lib/util/git/opts.js index 54214a3f..600a4d1a 100644 --- a/lib/util/git/opts.js +++ b/lib/util/git/opts.js @@ -1,12 +1,13 @@ const gitEnv = require('./env.js') module.exports = (_gitOpts = {}, opts = {}) => { + const isRoot = process.getuid && process.getuid() === 0 const gitOpts = { env: gitEnv() } - if (+opts.uid && !isNaN(opts.uid)) { + if (isRoot && +opts.uid && !isNaN(opts.uid)) { gitOpts.uid = +opts.uid } - if (+opts.gid && !isNaN(opts.gid)) { + if (isRoot && +opts.gid && !isNaN(opts.gid)) { gitOpts.gid = +opts.gid } Object.assign(gitOpts, _gitOpts) diff --git a/test/util/git/opts.js b/test/util/git/opts.js index 5dd3cb31..f3ed402b 100644 --- a/test/util/git/opts.js +++ b/test/util/git/opts.js @@ -1,19 +1,43 @@ const t = require('tap') const gitOpts = require('../../../lib/util/git/opts.js') const gitEnv = require('../../../lib/util/git/env.js') -t.match(gitOpts({ - foo: 'bar', - env: { override: 'for some reason' }, -}, { - uid: 420, - gid: 69, - abc: 'def', -}), { - foo: 'bar', - env: { override: 'for some reason' }, - uid: 420, - gid: 69, - abc: undefined, -}, 'copied relevant opts, not irrelevant ones') t.match(gitOpts().env, gitEnv(), 'got the git env by default') + +t.test('as root', t => { + process.getuid = () => 0 + t.match(gitOpts({ + foo: 'bar', + env: { override: 'for some reason' }, + }, { + uid: 420, + gid: 69, + abc: 'def', + }), { + foo: 'bar', + env: { override: 'for some reason' }, + uid: 420, + gid: 69, + abc: undefined, + }, 'copied relevant opts, not irrelevant ones') + t.end() +}) + +t.test('as non-root', t => { + process.getuid = () => 999 + t.match(gitOpts({ + foo: 'bar', + env: { override: 'for some reason' }, + }, { + uid: 420, + gid: 69, + abc: 'def', + }), { + foo: 'bar', + env: { override: 'for some reason' }, + uid: undefined, + gid: undefined, + abc: undefined, + }, 'do not set uid/gid as non-root') + t.end() +})