For a few days I have been wrestling with nvm, nodejs, php composer etc. trying to figure out why the hell I keep getting permission issues.
I followed the instructions and installed them without being the root user… or so I thought. I completely failed to understand what was going on with permissions.
I tried to install composer and node while in the directory I usually use for my web server /var/www/app-folder . When given permission denied errors I did the normal thing and added sudo.
I fully failed to understand WTF sudo does.
In my world, as long as I didn’t login as the root I was still the user that is shown in the terminal myself@myself$. I figured that adding sudo kept me as the user I was shown as in the terminal.
It seems logical right, you use sudo and you never see your terminal user change to root, therefore you must not be root.
Nope when you use sudo apparently this not only elevates your privileges as a user, it totally changes you to the root user. More info about the nonsense of sudo in linux
The reason I was getting errors and having to use sudo in the first place is because I was trying to install stuff from a folder owned by root but had permissions for group which my user was a member of.
I falsely assumed that using sudo kept me as the user I was only giving me higher privilege levels. Apparently sudo in fact makes you the root user for a short period, which is the same as sudo -i which leaves you logged in as the root.
To prevent these errors and install things not as root and not using sudo, you must be in a folder that your current user owns and is not just a member of a group of. I’ve been using Linux for a decade but never tried installing node, other software like compilers etc don’t give a shit and work.
For so long I’ve installed and built apps in /var/www/directory because that was always the default for Apache and Nginx. This is an issue for people trying to package their node apps too from what I have read.
This creates another conundrum. Which folder should you use for web development? Which one should you put your apps in in docker containers?
The problem is, you need to research more to fully understand the implications of creating a directory with the current user as owner. You must understand what permission levels will be safe on a server. What is the minimum permissions for your user you need and still be safe?
So when installing node, nvm, npm or php composer, do it in a file your user owns. If you are installing for development you can do it right from the users Download folder for example, that one is owned by the user. But whatever you do, do not use sudo and do not install from any folder owned by root.
Link explaining file permissions