Getting the Warning "Insecure World Writable Dir /Home/Chance " in Path, Mode 040777 For Rails and Gem

  • Home
  • Languages
  • Ruby
  • Getting the Warning "Insecure World Writable Dir /Home/Chance " in Path, Mode 040777 For Rails and Gem

Getting the warning Insecure world writable dir /home/chance in PATH, mode 040777 for rails and gem

If you tried sudo chmod go-w /usr/local/bin from the other answer, try:

chmod go-w /home/chance

instead.

What seems to have happened is that somehow your home directory (/home/chance) has been added to your $PATH (the list of directories the OS searches when trying to find an executable to launch) and has also had its permissions changed so that anyone can write to it. This is potential a security problem, as another user could put an executable into this directory which you could accidentally launch. Ruby notices this and issues the warning.

This command changes the permissions of the directory so that it is no longer world writable.

In unix, file permissions are specified for three categories, the file owner (user), the group of the file (group), and everyone else (other). (See Google for more on unix file permissions).

So breaking down the command above:

chmod - change the 'mode' of the file (i.e. its permissions)

go - for group(g) and others(o)

-w - (minus w) remove write permission

/home/chance - the file (or directory) in question

In the other answer the directory that was causing the problem was /usr/local/bin, which is owned by root so sudo is required to change permissions on it. /home/chance is your home directory which is owned by the chance user who can change permissions on it - no sudo required.

warning: Insecure world writable dir /usr/local/bin in PATH, mode 040777

You will need to have root access to do this. If you aren't already the administrative user, login as the administrator. Then use 'sudo' to change the permissions:

sudo chmod go-w /usr/local/bin

Obviously, that will mean you can no longer install material in /usr/local/bin except via 'sudo', but you probably shouldn't be doing that anyway.

warning: Insecure world writable dir when I run a ruby or gem command

Just chmod go-w /opt/local/bin at a shell prompt (depending on permissions you may need to sudo to do that).

warning: Insecure world writable dir

This is a warning that your home directory is writeable to by anyone in your group plus anyone else at all (i.e. world). The 777 at the end of the mode is indicating the directory is writable by all of yourself (owner), the group plus world. Normally it should end with 755 or 750 depending on how open you want your home directory to be.

It is not going to stop anything working but it's a legitimate warning as you really don't want your home directory open like this.

Easiest way to fix it is to execute command such as:

chmod go-w /home/nazar

which will remove write permission for group and others (world).

Erroneous Insecure world writable dir foo in PATH when running ruby script

You could shut off all warnings with

> ruby -W0 ...

But that may hide other issues. and you did say you want only that specific warning hidden, and I don't think there is a way to do it other than fix the issue, which I think is due to the NFS mount not properly relaying the actual mask. I see this when I mount a non-linux server on linux with NFS.

Like a snao server or something that does not support unix style attributes.

Also as the error is reporting that it doesn't like the world writable directory in the path, could you remove it from the path, and use a prefix to access anything in that directory?

EDIT...
Another idea is to filter the output of your ruby script with something like...

> ruby ... | egrep -v "warning: Insecure world writable dir"

That would print any output other (the -v) than the specific warning.

However the warning is a security warning, it is a bad idea to have a world writable directory in your path as anyone can put a malicious script or executable in there. And it is equally bad to have a mounted bin directory especially one you have no control over in your PATH. In this case the issue has nothing to do with whether the directory is writable or not, it is the fact there is a foreign directory in your PATH.

Good practices would dictate that you take that mounted directory out of your PATH and the warning will go away. If you need to execute something that is in that directory, then explicitly provide the full path to the script or executable.

This is not really a Ruby issue but a security issue.


Related Topics

Error: While Executing Gem ... (Gem::Filepermissionerror)

Rails :Include Vs. :Joins

Why Use Symbols as Hash Keys in Ruby

Ruby Metaclass Confusion

How Does Instance_Eval Work and Why Does Dhh Hate It

How to Have Methods Inside Methods

When to Use 'Self.Foo' Instead of 'Foo' in Ruby Methods

&:Views_Count' in 'Post.Published.Collect(&:Views_Count)'

Ruby Proc Syntax

What Do 'I' and '-I' in Regex Mean

Validation for Non-Negative Integers and Decimal Values

What Does the (Unary) * Operator Do in This Ruby Code

Activerecord: Size VS Count

Your Ruby Version Is 2.0.0, But Your Gemfile Specified 2.1.0

Why Is 'A = A' 'Nil' in Ruby

Calling a Method from a String With the Method'S Name in Ruby

Find Indices of Elements That Match a Given Condition

How to Install a Local Gem


Leave a reply



Submit