cpan build environment

DennisLGolden has asked for the wisdom of the Perl Monks concerning the following question:

Using cpan as root to build/install modules, always uses uid 1000 and gid 1000. These id's are already allocated to other users/groups making system administration difficult.

I have searched the web (including this site) and the documentation without finding anything helpful. See below:

goldens:~/.cpan # ll -n build/CPAN-2.14-0ATfK7/
total 1220
drwxr-xr-x 5    0    0   4096 Jul  4 16:11 cpan-home
drwxr-xr-x 8 1000 1000   4096 Jul  4 16:11 t
-rw-r--r-- 1    0    0      0 Jul  4 16:11 pm_to_blib
drwxr-xr-x 8    0    0   4096 Jul  4 16:11 blib
-rw-r--r-- 1    0    0   1380 Jul  4 16:11 MYMETA.yml
-rw-r--r-- 1    0    0   2300 Jul  4 16:11 MYMETA.json
-rw-r--r-- 1    0    0  65681 Jul  4 16:11 Makefile
-rw-r--r-- 1 1000 1000  50942 Jun 24 23:28 SIGNATURE
-rw-r--r-- 1 1000 1000  97821 Jun 24 23:28 README
-rw-r--r-- 1 1000 1000   2524 Jun 24 23:28 META.json
-rw-r--r-- 1 1000 1000   1498 Jun 24 23:28 META.yml
drwxr-xr-x 2 1000 1000  24576 Jun 24 23:28 distroprefs
drwxr-xr-x 3 1000 1000   4096 Jun 24 23:28 inc
drwxr-xr-x 4 1000 1000   4096 Jun 24 23:28 lib
drwxr-xr-x 2 1000 1000   4096 Jun 24 23:28 scripts
-rw-r--r-- 1 1000 1000  30866 Jun 24 23:28 Makefile.PL
-rw-r--r-- 1 1000 1000  21715 Jun 24 23:27 MANIFEST
-rw-r--r-- 1 1000 1000  83463 Jun 24 23:18 Changes
-rw-r--r-- 1 1000 1000   2582 Jun 24 23:14 MANIFEST.SKIP
-rw-r--r-- 1 1000 1000 758603 Dec 30  2015 Todo
-rw-r--r-- 1 1000 1000  13287 Mar 28  2014 PAUSE2015.pub
-rw-r--r-- 1 1000 1000  11166 Mar 27  2014 PAUSE2011.pub
-rw-r--r-- 1 1000 1000   1590 Jul 14  2013 SlayMakefile
-rw-r--r-- 1 1000 1000   1750 Sep  8  2012 PAUSE2003.pub
-rw-r--r-- 1 1000 1000   2742 Sep  8  2012 PAUSE2005.pub
-rw-r--r-- 1 1000 1000   3782 Sep  8  2012 PAUSE2007.pub
-rw-r--r-- 1 1000 1000   4818 Sep  8  2012 PAUSE2009.pub
goldens:~/.cpan #
[download]

This is happening on all of my Linux systems. Any guidance would be greatly appreciated.

Comment on cpan build environment Download Code

Replies are listed 'Best First'.
Re: cpan build environment by hippo (Archbishop) on Jul 06, 2016 at 11:33 UTC
Any guidance would be greatly appreciated. The listing which you have provided shows files with uid and gid of 0. This means one of two things: You (or somebody) has been running cpan as root which has some pretty massive security implications, or Somebody has managed to create root-owned files without running cpan as root ... which has some pretty massive security implications. I hope for your sake that it's number 1 and the easy solution is to stop running cpan as root. HTH. Update: It has been brought to my attention (thanks, GotToBTru!) that your post starts with "Using cpan as route ... " which probably means you are indeed running it as root. In which case, don't do that.	[reply]
Re^2: cpan build environment by Anonymous Monk on Jul 06, 2016 at 11:43 UTC
Probably number 1 - when you run `sudo cpan`, it will still use `/home/whoever/.cpan` and drop root-owned files there.	[reply] [d/l] [select]
Re^2: cpan build environment by DennisLGolden (Initiate) on Jul 06, 2016 at 19:24 UTC
Yes I run cpan as root when adding global additions to perl. I thank all of you for the information that you have provided. I also thank you for the quick response.	[reply]
Re: cpan build environment ( uid 1000 and gid 1000 umask chown setgid chgrp ) by Anonymous Monk on Jul 05, 2016 at 22:12 UTC
And what is the uid/gid of the user who ran cpan? Check your umask You can see for yourself , cpan doesn't really change permissions on its own, http://search.cpan.org/grep?cpanid=ANDK&release=CPAN-2.14&string=chown&i=1&n=1&C=5, http://search.cpan.org/grep?cpanid=ANDK&release=CPAN-2.14&string=gid&i=1&n=1&C=5, http://search.cpan.org/grep?cpanid=ANDK&release=CPAN-2.14&string=chgrp&i=1&n=1&C=5	[reply]
Re^2: cpan build environment ( uid 1000 and gid 1000 umask chown setgid chgrp ) by DennisLGolden (Initiate) on Jul 06, 2016 at 19:06 UTC
User is root so uid/gid = 0:0. Thanks for the links. I assume then that ALL the tar files from CPAN are 1000:1000?	[reply]
Re^3: cpan build environment ( uid 1000 and gid 1000 umask chown setgid chgrp ) by Anonymous Monk on Jul 06, 2016 at 22:17 UTC
Thanks for the links. I assume then that ALL the tar files from CPAN are 1000:1000? Um, why assume that? From what I can tell, CPAN ignores completely uid/gid from tarballs, which means the files end up with the current users uid/gid	[reply]
Re: cpan build environment by Anonymous Monk on Jul 06, 2016 at 10:46 UTC
The UID and GID are stored as part of the tar archive. `~/.cpan/.build` is just a temporary directory. When you actually install the modules to their final location they should get the correct uid/gid/perms. What does "making system administration difficult" mean, what is the actual problem? Can't it be solved by `chown -R goldens:goldens /home/goldens/.cpan/.build` or even `rm -r /home/goldens/.cpan/.build`? tar has the `--no-same-owner` option, but apparently CPAN uses Archive::Tar by default, and I'm not sure if Archive::Tar can do the same kind of thing. Maybe (untested) you could try setting the CPAN option `prefer_external_tar` and then using the `TAR_OPTIONS` environment variable to give tar the `--no-same-owner` option.	[reply] [d/l] [select]
Re^2: cpan build environment by DennisLGolden (Initiate) on Jul 06, 2016 at 19:19 UTC
If UID and GID are always 1000:1000 from CPAN, I can live with it. I just could find nothing documented about that. "making system administration difficult" means that I have an allocated group with GID 1000. When using find to collect this information, it was also finding everything in the CPAN build tree as well.	[reply]
Re: cpan build environment by haukex (Archbishop) on Jul 07, 2016 at 10:07 UTC
Hi DennisLGolden, In one of your replies in this thread you wrote "If UID and GID are always 1000:1000 from CPAN, I can live with it." I just downloaded three .tar.gz files from CPAN at random and can verify that it is not the case, I've got varying UID/GIDs. Tar archives store the UID/GID information, and my understanding is that when extracting tar archives as root, those UID/GIDs will be restored, and when running as a normal user they won't (because they can't). So CPAN may not change the permissions, but untarring as root does. Modifying the system Perl is a whole nother topic, but one of the reasons not to do so, in short, is that installing modules into the system Perl can go wrong, and then picking apart the mess caused by that can be pretty bad. I now always install a fresh Perl in a different location (you can do this by hand fairly easily or with perlbrew), and install all the modules I want there, and I see doing so recommended often. When I install modules into the system Perl I only use the system's repositories and package manager. Having said that, it's possible to clean up the situation - as was already said, you could just `sudo chown -R` the `~/.cpan` directory. Another possible solution that hasn't been mentioned yet is to run the build process as a normal user, but configure CPAN to use sudo for only those commands where it is necessary, which is the "install" step. Search the CPAN page for "sudo", and it'll reveal the two config options you need to set: `make_install_make_command` and `mbuild_install_build_command` (note I haven't tried this myself but I see it referenced in several articles online). Hope this helps, -- Hauke D	[reply] [d/l] [select]
Re: cpan build environment by codiac (Beadle) on Jul 07, 2016 at 10:05 UTC
Which OS and distribution? No, they aren't all the same `$ getent passwd 1000` should tell you who the user is ... on some OS's ;)	[reply] [d/l]