Categories
Web Development Web Security

How to permanently set Linux environmental variablees

Every time I need to set Linux Environment variables and I use google to find out how, I always end up with those VALUELESS posts that tell you to use a terminal with export blah blah blah. Then when I close the terminal and try to use a variable it doesn’t exist and I am like WTF. Well those posts are how to set a temporary environmental variable.

This post covers what I always google and get the failed results for. This post is how to permanently forever set environmental variables.  This is often needed for development to store sensitive api key secrets, passwords etc. You should never put any of that information in a file for your project.

The idea is to create environmental variables to hold this info on your local machine, then when you put your code into production you add the necessary environmental variables to whatever controls them for your app. You can use kubernetes secrets or Hashicorp vault or if you are using something like Gitlab or Openshift continuous integration/delivery pipeline workflow will have a way to enter these values securely.

But here is how you set your local linux environment variables permanently. There are many ways to set these variables, here is a great article covering the topic.

But none of that above is useful to use, nope not for what we want to do. I just got a cool idea, rant/WOULDN’T IT BE COOL IF YOU COULD SET ENVIRONMENTAL VARIABLES IN MORE WAYS WITH LINUX. I mean where is the fun in only having 1 maybe 2 good ways of doing something, lets add more and more and more./rant

Ok so all of that sucks, how can we truly set environmental variables for our Development environment in a way that is easy and safe? Magic that is how.   Actually what you do is create a file with all of the secrets your app needs for development testing as environmental variables. I had to search hard and long to figure this out.

You create a file with any name you want with extension .sh like example-app.sh As described in the link above Linux will read all of the files in that directory and create the environmental variables. Hours of digging to figure that simple trick out FFS.

This is basically what I have in a simple text file

You simply add a new line for each variable you want to have created for your app.

Categories
Software Development Web Development

How to install Nodejs npm nvm without sudo on linux

For a few days I have been wrestling with nvm, nodejs, php composer etc. trying to figure out why the hell I keep getting permission issues.

I followed the instructions and installed them without being the root user… or so I thought.  I completely failed to understand what was going on with permissions.

I tried to install composer and node while in the directory I usually use for my web server /var/www/app-folder .  When given permission denied errors I did the normal thing and added sudo.

I fully failed to understand WTF sudo does.

In my world, as long as I didn’t login as the root  I was still the user that is shown in the terminal myself@myself$. I figured that adding sudo kept me as the user I was shown as in the terminal.

It seems logical right, you use sudo and you never see your terminal user change to root, therefore you must not be root.

Nope when you use sudo apparently this not only elevates your privileges as a user, it totally changes you to the root user. More info about the nonsense of sudo in linux  

i am root
i am root

The reason I was getting errors and having to use sudo in the first place is because I was trying to install stuff from a folder owned by root but had permissions for group which my user was a member of.

I falsely assumed that using sudo kept me as the user I was only giving me higher privilege levels. Apparently sudo in fact makes you the root user for a short period, which is the same as sudo -i which leaves you logged in as the root.

To prevent these errors and install things not as root and not using sudo, you must be in a folder that your current user owns and is not just a member of a group of. I’ve been using Linux for a decade but never tried installing node, other software like compilers etc don’t give a shit and work.

For so long I’ve installed and built apps in /var/www/directory because that was always the default for Apache and Nginx.  This is an issue for people trying to package their node apps too from what I have read.

This creates another conundrum. Which folder should you use for web development? Which one should you put your apps in in docker containers?

The problem is, you need to research more to fully understand the implications of creating a directory with the current user as owner. You must understand what permission levels will be safe on a server. What is the minimum permissions for your user you need and still be safe?

So when installing node, nvm, npm or php composer, do it in a file your user owns. If you are installing for development you can do it right from the users Download folder for example, that one is owned by the user. But whatever you do, do not use sudo and do not install from any folder owned by root.

Link explaining file permissions

Categories
Resources Software Development

BASH shell scripting links and resources

Bash script cheat sheet

Bash Scripting: Everything you need to know about Bash-shell programming