Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 3

Ruby: World-writable directory in PATH.

Solved! Go to Solution.

I'm running `ruby -w` in my build script, which is producing warnings about /opt/hostedtoolcache/Ruby/2.6.3/x64/bin being world-writable. (Indeed, poking around reveals that all of its parent directories are, too.)

Even if mine is the only process in the virtual environment (mitigating any practical security concerns), I'd still love to keep the build warning-free. I'm currently working around this one by running `env -i /usr/bin/ruby -w`, but it would be nice to see it fixed upstream.

Thoughts? Thank you!

2 Replies
Solution
GitHub Partner
Message 2 of 3

Re: Ruby: World-writable directory in PATH.

Hi Matthew,

 

Thank you for taking time to report this!

This warning is due to the directory has been added to your $PATH(the list of directories the OS searches when trying to find an executable to launch),  and permission is writable anyone can write to. This is potential a security problem, Ruby notices this and issues the warning.

 

However,  the hosted-github runner is a temporary virtual environment which will be deprecated after workflow run complete.  GitHub hosts Linux and Windows runner is a fork of azure pipeline agent, it's safe and protected. In addition, make the directory in $PATH un-writable by default will cause other problems.

 

As a workaround, please use below command to change the permissions of the directory so that it is no longer world writable.

 

chmod go-w /directory

 

Thanks.

Ruby.png

Copilot Lvl 2
Message 3 of 3

Re: Ruby: World-writable directory in PATH.

Thanks, @weide-zhou, I appreciate your taking the time to respond, and I'm happy to hear this will only be an issue during the beta period.

I had previously tried the chmod route, but I didn't think to try sudo. Good to know that'll work!