protect users from themselves when they use sudo inappropriately

[duncan]

Users sometimes get themselves into trouble with sudo. For example:

sudo cabal install blah

or

sudo cabal update

In both cases, the user is doing actions as root that modify their normal-user files.

In the first case it will install a package into ~/.cabal/ but of course all the files owned by root, so the user cannot delete them again later.

In the second case cabal will as root update the per-user package index. This will make further updates not as root fail, and worse because of a file permissions bug, the index will not be readable as their normal user.

The aim would be to protect users from themselves and tell them when they're doing something that's almost certainly wrong. We could suggest alternatives, like don't use sudo if you wanted to do a per-user install, or use sudo and --global if you did.

The tricky bit is making a suitably accurate test and making it possible to do the silly thing, if that's what the user really really wanted.

[draconx]

Maybe I don't understand how sudo works, but why is cabal installing in the user's home directory when running as root in the first place?

It should be installing packages in root's home directory if you do this.

[duncan]

Replying to draconx:

Maybe I don't understand how sudo works, but why is cabal installing in the user's home directory when running as root in the first place? It should be installing packages in root's home directory if you do this.

I think sudo does not change the $HOME environment variable since it doesn't really "log in" as a the root user.

[duncan]

More examples:  http://www.haskell.org/pipermail/haskell-cafe/2010-August/082238.html