"Don't Run Bundler as Root" - What Is the Exact Difference Made by Using Root

Don't run bundler as root - what is the exact difference made by using root?

So I had to dig into the git log history of bundler's repo, because GitHub doesn't allow search in git commits messages anymore.

The commit c1b3fd165b2ec97fb254a76eaa3900bc4857a357 says :

Print warning when bundler is run by root. When a user runs bundle install with sudo bundler will print a warning, letting
them know of potential consequences.

closes #2936

Reading this issue, you understand the real reason you should not use the root user:

Running sudo bundle install can cause huge and cascading problems for
users trying to install gems on OS X into the system gems. We should
print a warning and explain that Bundler will prompt for sudo if it's
needed. We should also warn people that sudo bundle will break git
gems, because they have to be writable by the user that Bundler runs
as.

Why shouldn't I run bundle install as root?

There are two things which interact with each other to make installing most software as root a "bad idea":

• Most programs which create files default to creating them as the user who ran the program.
• Files created by root typically don't give anyone else read/write/execute permissions.

In the case of installing packages as root with Bundler, this means that the scripts in the ruby gem you install would not be accessible to any other users.

How to make bundler work again for non root users ? (after mistakenly using it with root)

You should try changing the owner and setting the correct permissions for your ~/.bundle.

Try:

sudo chown -R <youruser> ~/.bundle

Followed by:

sudo chmod -R 655 ~/.bundle

Difference between asdf vs bundler

asdf is used to manage different versions of the used programming languages. In the context of Ruby projects, it is used to decide if you want to run your project with, for example, Ruby 2.7.4, Ruby 3.0.3, or Ruby 3.1.1. Using such a ruby version manager (like asdf, rbenv, rvm) is extremely useful when you work on different Ruby projects at the same time and they depend on different Ruby versions or when you are in the process of upgrading a Ruby project to a newer version and you need to switch between versions a lot. Additionally, when checking in the Ruby configuration into your version control system you can make sure that all developers use the same versions.

bundler on the other hand is used to define library dependencies of your application. Imagine your Ruby application uses the redis gem to connect to a Redis database, then you can use bundler to define what version of the redis gem you want to use in your application. This is important because different versions might have different APIs or only newer versions support required features, or a new version introduced a breaking change that your application is not able to handle yet. Additionally, bundler helps to solve nested dependencies, like, when your app depends on gems a and b, but those gems also depend on gem c but with slightly different requirements. Then bundler tries to find a version of the c gem that fulfills the dependency config of both gems a and b.

Is the difference the same as pyenv vs poetry for Python projects? I am not familiar with the Python ecosystem. But from having a glance at the docs of pyenv vs poetry IMHO they solve a similar requirement.

Bundler creates a ? folder in the project's root directory

Deleting the .bundle directory and running bundle install again seems to have solved the issue.

---

Related Topics