How to use sudo rake gems:install

To install the gems for a Ruby on Rails project, you can use rake:
  rake gems:install

To use sudo

To install the gems system-wide for all users, you can use the sudo command. You will need your sysadmin to install sudo, and to use the editor visudo to add you to the /etc/sudoers file. Your sysadmin will add a line like this:
  joe ALL = (ALL) ALL
Then you can run the command like this:
  sudo rake gems:install

To use sudo with a specific command

To provide more specific security, your sysadmin can provide the specific command
  joe ALL = (ALL) /usr/local/bin/rake

To use sudo with NOPASSWD

To provide more convenience, your sysadmin can use the setting NOPASSWD which skips the password prompt:
  joe ALL = NOPASSWD: /usr/local/bin/rake 

To use sudo to require command arguments

To require command arguments, your sysadmin adds them to /etc/sudoers. For example, to give you permission to run rake gems:install and require you to specify a Rails environment:
  joe ALL = NOPASSWD: /usr/local/bin/rake gems\:install RAILS_ENV=*
Then you can run it:
  sudo rake gems:install RAILS_ENV=test
This approach helps ensure that you always specific a RAILS_ENV when you install your rails gems.

Be aware that rake is a powerful command because it can execute arbirtrary Ruby code. For example, if a hacker has access to the "joe" account, then he could create his own rake task called gems:install, then run it as root.

To secure your sudo rake gems:install

To secure your setup, your sysadmin can specify the exact rake task to run. For example, the "gems:install" task is in the "gems.rake" file, which is in the Rails gem, which is in the Ruby directory.
  joe ALL = NOPASSWD: /usr/local/bin/rake
    -F /usr/local/ruby/lib/ruby/gems/1.8/gems/rails-2.3.5/lib/tasks/gems.rake
    gems\:install RAILS_ENV=test

What's Next?

blog comments powered by Disqus