[BUG] npm i -g foo changes ownership of files under /usr/bin #4010
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
After running sudo npm i -g foo files under /usr/bin that were owned by root are now owned by the current user.
I ran sudo npm i -g typescript and it was installed correctly I think. Then I ran sudo npm i -g vscode-langservers-extracted and I got sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set.
I think the packages I installed are irrelevant because I still get the same errors after installing other packages globally with sudo.
This looks similar to #19883 but as far as I can see, only /usr/bin/ files are affected.
Expected Behavior
npm should not change ownership of files under /usr/bin
Steps To Reproduce
- In this environment...
Linux
npm v8.1.3 - With this config...
Default - Run 'sudo npm i -g typescript' (the package doesn't matter)
- See: files under /usr/bin changing ownership
In this video, you can see what happens. When I stop writing is because I'm going to another tty as root to execute chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo. The video also shows npm with version v8.0.0 but I updated to v8.1.3 and the same thing happens.
2021-11-07.14-39-43.mov
Environment
- npm: 8.1.3
- Node: 16.11.0
- OS: Linux 5.10.70-1-MANJARO
- platform: Desktop amd64
- npm config:
; node bin location = /usr/bin/node
; cwd = /home/emi2k01/Documents/facu/tecmul/proyectofinal
; HOME = /home/emi2k01
; Run `npm config ls -l` to show all defaults.