"igem install rake" raise an System.UnauthorizedAccessException (Windows 7)

Might be a .NET issue, but we should work around it in that case.

What I am curious about though is if MRI is installed to Program Files,
will “gem install” also silently install to the virtual store if it is
run without elevation. If the redirecting is done at the Ruby/OS level,
then RubyGems does not need to do anything, and so –user-install should
not be needed at all.

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 11:54 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Hm, that’s interesting… MRI gets redirected to the virtual store but
IronRuby does not, I wonder if that is more of a .NET issue than a
IronRuby problem…

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:44 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There indeed is a difference in behavior between IronRuby and MRI when
creating a file in %ProgramFiles% from a non-elevated process. MRI
silently writes to USERPROFILE. IronRuby raises Errno::EACCES. I have
opened http://ironruby.codeplex.com/WorkItem/View.aspx?WorkItemId=3685
to track this. I don’t see the System.UnauthorizedAccessException
though.

D:>ruby -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”

D:>dir “c:\Program Files\foo.txt”
File Not Found

D:>dir “%USERPROFILE%\AppData\Local\VirtualStore\Program Files\foo.txt”
01/26/2010 11:39 AM 0 foo.txt
1 File(s) 0 bytes
0 Dir(s) 122,124,869,632 bytes free

D:>rbx -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”
mscorlib:0:in `WinIOError’: Access to the path ‘c:\Program
Files\foo.txt’ is denied. (Errno::EACCES)

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:09 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Another way to simulate “sudo” is to use an elevated Command Prompt.
http://www.sevenforums.com/tutorials/11841-run-administrator.html tells
you how. If you are using the command prompt a lot, you only need to
deal with the UAC dialog box once when you open the elevated Command
Prompt. After that, all commands executed from the Command Prompt run
elevated.

Jim, from an elevated Command prompt, I was able to create a new file in
%ProgramFiles% using notepad, and did not get any UAC dialog box. This
would mean that “gem install” should also be able to install gems to
%ProgramFiles%. Not sure how this reconciles with your comment about
TrustedInstaller.

Thibaut, could you try using “igem install –user-install”? (I wonder if
IronRuby needs to catch the System.UnauthorizedAccessException exception
and raise a Ruby exception for RubyGems to do the right thing.)

Could you also separately try running from an elevated Command Prompt?

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 9:18 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There are a couple of differences that would be apparent for this
proposed solution:

1.  Runas /user…. Is much longer than sudo ;)
   

2.  The normal installation directory is owned by TrustedInstaller 
   

and Admins have no rights by default. We wouldn’t have a supported way
to share gems at this time, since that does have security risks. Each
user would have to install their own gems, but (unsupported) you should
be able to move GEM_PATH (assuming we can figure out how to share
between IronRuby and Ruby) to a shared location and change permissions
on it.

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Will G.
Sent: Tuesday, January 26, 2010 9:03 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Yes, that occurred to me this morning.

So, runas /user:mymachine\administrator igem install foo for globals
gems, right?

–
Will G.
http://hotgazpacho.org/
On Tue, Jan 26, 2010 at 4:16 AM, Thibaut Barrère
<[email protected]mailto:[email protected]> wrote:

Per-user gems should not be the default. In RubyInstaller (mingw MRI), as well as MRI on Linux, and I believe OS X, system-wide gems are
the default. This, of course, would require elevation (sudo gem install xxx).
I believe per-user gems is now the default (it wasn’t in the past, but
if I’m right a rubygems update changed that behaviour. Maybe 1.3.0 -
http://rubyforge.org/forum/forum.php?forum_id=27728 => ‘RubyGems now
installs gems into ~/.gem if GEM_HOME is not writable. Use
–no-user-install command-line switch to disable this behavior.’).

Here’s what happens on my machine (OS X):

~$ gem list | grep less
~$ sudo gem list | grep less
~$ gem install less
(…)
~$ gem list | grep less
less (1.2.21)
~$ sudo gem list | grep less
(empty)

~$ gem -v
1.3.5
~$ ruby -v
ruby 1.8.7 (2009-06-12 patchlevel 174) [i686-darwin10.0.0]

– Thibaut

Ironruby-core mailing list
[email protected]mailto:[email protected]
http://rubyforge.org/mailman/listinfo/ironruby-core

Technically, the virtual store is an OS level feature, however, not
using --user-install could imply to people that we are installing in a
shared location when we aren’t.

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 12:06 PM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Might be a .NET issue, but we should work around it in that case.

What I am curious about though is if MRI is installed to Program Files,
will “gem install” also silently install to the virtual store if it is
run without elevation. If the redirecting is done at the Ruby/OS level,
then RubyGems does not need to do anything, and so –user-install should
not be needed at all.

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 11:54 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Hm, that’s interesting… MRI gets redirected to the virtual store but
IronRuby does not, I wonder if that is more of a .NET issue than a
IronRuby problem…

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:44 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There indeed is a difference in behavior between IronRuby and MRI when
creating a file in %ProgramFiles% from a non-elevated process. MRI
silently writes to USERPROFILE. IronRuby raises Errno::EACCES. I have
opened http://ironruby.codeplex.com/WorkItem/View.aspx?WorkItemId=3685
to track this. I don’t see the System.UnauthorizedAccessException
though.

D:>ruby -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”

D:>dir “c:\Program Files\foo.txt”
File Not Found

D:>dir “%USERPROFILE%\AppData\Local\VirtualStore\Program Files\foo.txt”
01/26/2010 11:39 AM 0 foo.txt
1 File(s) 0 bytes
0 Dir(s) 122,124,869,632 bytes free

D:>rbx -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”
mscorlib:0:in `WinIOError’: Access to the path ‘c:\Program
Files\foo.txt’ is denied. (Errno::EACCES)

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:09 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Another way to simulate “sudo” is to use an elevated Command Prompt.
http://www.sevenforums.com/tutorials/11841-run-administrator.html tells
you how. If you are using the command prompt a lot, you only need to
deal with the UAC dialog box once when you open the elevated Command
Prompt. After that, all commands executed from the Command Prompt run
elevated.

Jim, from an elevated Command prompt, I was able to create a new file in
%ProgramFiles% using notepad, and did not get any UAC dialog box. This
would mean that “gem install” should also be able to install gems to
%ProgramFiles%. Not sure how this reconciles with your comment about
TrustedInstaller.

Thibaut, could you try using “igem install –user-install”? (I wonder if
IronRuby needs to catch the System.UnauthorizedAccessException exception
and raise a Ruby exception for RubyGems to do the right thing.)

Could you also separately try running from an elevated Command Prompt?

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 9:18 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There are a couple of differences that would be apparent for this
proposed solution:

1.  Runas /user…. Is much longer than sudo ;)
   

2.  The normal installation directory is owned by TrustedInstaller 
   

and Admins have no rights by default. We wouldn’t have a supported way
to share gems at this time, since that does have security risks. Each
user would have to install their own gems, but (unsupported) you should
be able to move GEM_PATH (assuming we can figure out how to share
between IronRuby and Ruby) to a shared location and change permissions
on it.

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Will G.
Sent: Tuesday, January 26, 2010 9:03 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Yes, that occurred to me this morning.

So, runas /user:mymachine\administrator igem install foo for globals
gems, right?

–
Will G.
http://hotgazpacho.org/
On Tue, Jan 26, 2010 at 4:16 AM, Thibaut Barrère
<[email protected]mailto:[email protected]> wrote:

Per-user gems should not be the default. In RubyInstaller (mingw MRI), as well as MRI on Linux, and I believe OS X, system-wide gems are
the default. This, of course, would require elevation (sudo gem install xxx).
I believe per-user gems is now the default (it wasn’t in the past, but
if I’m right a rubygems update changed that behaviour. Maybe 1.3.0 -
http://rubyforge.org/forum/forum.php?forum_id=27728 => ‘RubyGems now
installs gems into ~/.gem if GEM_HOME is not writable. Use
–no-user-install command-line switch to disable this behavior.’).

Here’s what happens on my machine (OS X):

~$ gem list | grep less
~$ sudo gem list | grep less
~$ gem install less
(…)
~$ gem list | grep less
less (1.2.21)
~$ sudo gem list | grep less
(empty)

~$ gem -v
1.3.5
~$ ruby -v
ruby 1.8.7 (2009-06-12 patchlevel 174) [i686-darwin10.0.0]

– Thibaut

Ironruby-core mailing list
[email protected]mailto:[email protected]
http://rubyforge.org/mailman/listinfo/ironruby-core

That one also repro’s for me even though the notepad case doesn’t…

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 11:54 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Hm, that’s interesting… MRI gets redirected to the virtual store but
IronRuby does not, I wonder if that is more of a .NET issue than a
IronRuby problem…

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:44 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There indeed is a difference in behavior between IronRuby and MRI when
creating a file in %ProgramFiles% from a non-elevated process. MRI
silently writes to USERPROFILE. IronRuby raises Errno::EACCES. I have
opened http://ironruby.codeplex.com/WorkItem/View.aspx?WorkItemId=3685
to track this. I don’t see the System.UnauthorizedAccessException
though.

D:>ruby -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”

D:>dir “c:\Program Files\foo.txt”
File Not Found

D:>dir “%USERPROFILE%\AppData\Local\VirtualStore\Program Files\foo.txt”
01/26/2010 11:39 AM 0 foo.txt
1 File(s) 0 bytes
0 Dir(s) 122,124,869,632 bytes free

D:>rbx -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”
mscorlib:0:in `WinIOError’: Access to the path ‘c:\Program
Files\foo.txt’ is denied. (Errno::EACCES)

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:09 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Another way to simulate “sudo” is to use an elevated Command Prompt.
http://www.sevenforums.com/tutorials/11841-run-administrator.html tells
you how. If you are using the command prompt a lot, you only need to
deal with the UAC dialog box once when you open the elevated Command
Prompt. After that, all commands executed from the Command Prompt run
elevated.

Jim, from an elevated Command prompt, I was able to create a new file in
%ProgramFiles% using notepad, and did not get any UAC dialog box. This
would mean that “gem install” should also be able to install gems to
%ProgramFiles%. Not sure how this reconciles with your comment about
TrustedInstaller.

Thibaut, could you try using “igem install –user-install”? (I wonder if
IronRuby needs to catch the System.UnauthorizedAccessException exception
and raise a Ruby exception for RubyGems to do the right thing.)

Could you also separately try running from an elevated Command Prompt?

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 9:18 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There are a couple of differences that would be apparent for this
proposed solution:

1.  Runas /user…. Is much longer than sudo ;)
   

2.  The normal installation directory is owned by TrustedInstaller 
   

and Admins have no rights by default. We wouldn’t have a supported way
to share gems at this time, since that does have security risks. Each
user would have to install their own gems, but (unsupported) you should
be able to move GEM_PATH (assuming we can figure out how to share
between IronRuby and Ruby) to a shared location and change permissions
on it.

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Will G.
Sent: Tuesday, January 26, 2010 9:03 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Yes, that occurred to me this morning.

So, runas /user:mymachine\administrator igem install foo for globals
gems, right?

–
Will G.
http://hotgazpacho.org/
On Tue, Jan 26, 2010 at 4:16 AM, Thibaut Barrère
<[email protected]mailto:[email protected]> wrote:

Per-user gems should not be the default. In RubyInstaller (mingw MRI), as well as MRI on Linux, and I believe OS X, system-wide gems are
the default. This, of course, would require elevation (sudo gem install xxx).
I believe per-user gems is now the default (it wasn’t in the past, but
if I’m right a rubygems update changed that behaviour. Maybe 1.3.0 -
http://rubyforge.org/forum/forum.php?forum_id=27728 => ‘RubyGems now
installs gems into ~/.gem if GEM_HOME is not writable. Use
–no-user-install command-line switch to disable this behavior.’).

Here’s what happens on my machine (OS X):

~$ gem list | grep less
~$ sudo gem list | grep less
~$ gem install less
(…)
~$ gem list | grep less
less (1.2.21)
~$ sudo gem list | grep less
(empty)

~$ gem -v
1.3.5
~$ ruby -v
ruby 1.8.7 (2009-06-12 patchlevel 174) [i686-darwin10.0.0]

– Thibaut

Ironruby-core mailing list
[email protected]mailto:[email protected]
http://rubyforge.org/mailman/listinfo/ironruby-core

Ironruby-core mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/ironruby-core

Ironruby-core mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/ironruby-core

So how does RubyGems know that the target location is restricted? I
can’t just call File.open and catch the exception. Perhaps it eagerly
checks for permissions.

So where does this leave us? Sounds like we can keep installing to
ProgramFiles by default. Users can then run “gem install” from an
elevated Command Prompt if they want to share gems with other users, or
they can use –user-install if they prefer not to elevate. Sounds like we
are good as is if Thibaut (or someone else) can confirm that
–user-install does work as expected.

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 12:10 PM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Technically, the virtual store is an OS level feature, however, not
using --user-install could imply to people that we are installing in a
shared location when we aren’t.

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 12:06 PM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Might be a .NET issue, but we should work around it in that case.

What I am curious about though is if MRI is installed to Program Files,
will “gem install” also silently install to the virtual store if it is
run without elevation. If the redirecting is done at the Ruby/OS level,
then RubyGems does not need to do anything, and so –user-install should
not be needed at all.

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 11:54 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Hm, that’s interesting… MRI gets redirected to the virtual store but
IronRuby does not, I wonder if that is more of a .NET issue than a
IronRuby problem…

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:44 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There indeed is a difference in behavior between IronRuby and MRI when
creating a file in %ProgramFiles% from a non-elevated process. MRI
silently writes to USERPROFILE. IronRuby raises Errno::EACCES. I have
opened http://ironruby.codeplex.com/WorkItem/View.aspx?WorkItemId=3685
to track this. I don’t see the System.UnauthorizedAccessException
though.

D:>ruby -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”

D:>dir “c:\Program Files\foo.txt”
File Not Found

D:>dir “%USERPROFILE%\AppData\Local\VirtualStore\Program Files\foo.txt”
01/26/2010 11:39 AM 0 foo.txt
1 File(s) 0 bytes
0 Dir(s) 122,124,869,632 bytes free

D:>rbx -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”
mscorlib:0:in `WinIOError’: Access to the path ‘c:\Program
Files\foo.txt’ is denied. (Errno::EACCES)

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:09 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Another way to simulate “sudo” is to use an elevated Command Prompt.
http://www.sevenforums.com/tutorials/11841-run-administrator.html tells
you how. If you are using the command prompt a lot, you only need to
deal with the UAC dialog box once when you open the elevated Command
Prompt. After that, all commands executed from the Command Prompt run
elevated.

Jim, from an elevated Command prompt, I was able to create a new file in
%ProgramFiles% using notepad, and did not get any UAC dialog box. This
would mean that “gem install” should also be able to install gems to
%ProgramFiles%. Not sure how this reconciles with your comment about
TrustedInstaller.

Thibaut, could you try using “igem install –user-install”? (I wonder if
IronRuby needs to catch the System.UnauthorizedAccessException exception
and raise a Ruby exception for RubyGems to do the right thing.)

Could you also separately try running from an elevated Command Prompt?

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 9:18 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There are a couple of differences that would be apparent for this
proposed solution:

1.  Runas /user…. Is much longer than sudo ;)
   

2.  The normal installation directory is owned by TrustedInstaller 
   

and Admins have no rights by default. We wouldn’t have a supported way
to share gems at this time, since that does have security risks. Each
user would have to install their own gems, but (unsupported) you should
be able to move GEM_PATH (assuming we can figure out how to share
between IronRuby and Ruby) to a shared location and change permissions
on it.

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Will G.
Sent: Tuesday, January 26, 2010 9:03 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Yes, that occurred to me this morning.

So, runas /user:mymachine\administrator igem install foo for globals
gems, right?

–
Will G.
http://hotgazpacho.org/
On Tue, Jan 26, 2010 at 4:16 AM, Thibaut Barrère
<[email protected]mailto:[email protected]> wrote:

Per-user gems should not be the default. In RubyInstaller (mingw MRI), as well as MRI on Linux, and I believe OS X, system-wide gems are
the default. This, of course, would require elevation (sudo gem install xxx).
I believe per-user gems is now the default (it wasn’t in the past, but
if I’m right a rubygems update changed that behaviour. Maybe 1.3.0 -
http://rubyforge.org/forum/forum.php?forum_id=27728 => ‘RubyGems now
installs gems into ~/.gem if GEM_HOME is not writable. Use
–no-user-install command-line switch to disable this behavior.’).

Here’s what happens on my machine (OS X):

~$ gem list | grep less
~$ sudo gem list | grep less
~$ gem install less
(…)
~$ gem list | grep less
less (1.2.21)
~$ sudo gem list | grep less
(empty)

~$ gem -v
1.3.5
~$ ruby -v
ruby 1.8.7 (2009-06-12 patchlevel 174) [i686-darwin10.0.0]

– Thibaut

Ironruby-core mailing list
[email protected]mailto:[email protected]
http://rubyforge.org/mailman/listinfo/ironruby-core

With RC1 (installed to Program Files by default), I was able to do “igem
install” from an elevated Command Prompt.

From a normal prompt, “igem install” failed with the
System.UnauthorizedAccessException with or without –user-install. We
should track down why this is happening.

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 12:18 PM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

So how does RubyGems know that the target location is restricted? I
can’t just call File.open and catch the exception. Perhaps it eagerly
checks for permissions.

So where does this leave us? Sounds like we can keep installing to
ProgramFiles by default. Users can then run “gem install” from an
elevated Command Prompt if they want to share gems with other users, or
they can use –user-install if they prefer not to elevate. Sounds like we
are good as is if Thibaut (or someone else) can confirm that
–user-install does work as expected.

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 12:10 PM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Technically, the virtual store is an OS level feature, however, not
using --user-install could imply to people that we are installing in a
shared location when we aren’t.

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 12:06 PM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Might be a .NET issue, but we should work around it in that case.

What I am curious about though is if MRI is installed to Program Files,
will “gem install” also silently install to the virtual store if it is
run without elevation. If the redirecting is done at the Ruby/OS level,
then RubyGems does not need to do anything, and so –user-install should
not be needed at all.

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 11:54 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Hm, that’s interesting… MRI gets redirected to the virtual store but
IronRuby does not, I wonder if that is more of a .NET issue than a
IronRuby problem…

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:44 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There indeed is a difference in behavior between IronRuby and MRI when
creating a file in %ProgramFiles% from a non-elevated process. MRI
silently writes to USERPROFILE. IronRuby raises Errno::EACCES. I have
opened http://ironruby.codeplex.com/WorkItem/View.aspx?WorkItemId=3685
to track this. I don’t see the System.UnauthorizedAccessException
though.

D:>ruby -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”

D:>dir “c:\Program Files\foo.txt”
File Not Found

D:>dir “%USERPROFILE%\AppData\Local\VirtualStore\Program Files\foo.txt”
01/26/2010 11:39 AM 0 foo.txt
1 File(s) 0 bytes
0 Dir(s) 122,124,869,632 bytes free

D:>rbx -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”
mscorlib:0:in `WinIOError’: Access to the path ‘c:\Program
Files\foo.txt’ is denied. (Errno::EACCES)

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:09 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Another way to simulate “sudo” is to use an elevated Command Prompt.
http://www.sevenforums.com/tutorials/11841-run-administrator.html tells
you how. If you are using the command prompt a lot, you only need to
deal with the UAC dialog box once when you open the elevated Command
Prompt. After that, all commands executed from the Command Prompt run
elevated.

Jim, from an elevated Command prompt, I was able to create a new file in
%ProgramFiles% using notepad, and did not get any UAC dialog box. This
would mean that “gem install” should also be able to install gems to
%ProgramFiles%. Not sure how this reconciles with your comment about
TrustedInstaller.

Thibaut, could you try using “igem install –user-install”? (I wonder if
IronRuby needs to catch the System.UnauthorizedAccessException exception
and raise a Ruby exception for RubyGems to do the right thing.)

Could you also separately try running from an elevated Command Prompt?

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 9:18 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There are a couple of differences that would be apparent for this
proposed solution:

1.  Runas /user…. Is much longer than sudo ;)
   

2.  The normal installation directory is owned by TrustedInstaller 
   

and Admins have no rights by default. We wouldn’t have a supported way
to share gems at this time, since that does have security risks. Each
user would have to install their own gems, but (unsupported) you should
be able to move GEM_PATH (assuming we can figure out how to share
between IronRuby and Ruby) to a shared location and change permissions
on it.

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Will G.
Sent: Tuesday, January 26, 2010 9:03 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Yes, that occurred to me this morning.

So, runas /user:mymachine\administrator igem install foo for globals
gems, right?

–
Will G.
http://hotgazpacho.org/
On Tue, Jan 26, 2010 at 4:16 AM, Thibaut Barrère
<[email protected]mailto:[email protected]> wrote:

Per-user gems should not be the default. In RubyInstaller (mingw MRI), as well as MRI on Linux, and I believe OS X, system-wide gems are
the default. This, of course, would require elevation (sudo gem install xxx).
I believe per-user gems is now the default (it wasn’t in the past, but
if I’m right a rubygems update changed that behaviour. Maybe 1.3.0 -
http://rubyforge.org/forum/forum.php?forum_id=27728 => ‘RubyGems now
installs gems into ~/.gem if GEM_HOME is not writable. Use
–no-user-install command-line switch to disable this behavior.’).

Here’s what happens on my machine (OS X):

~$ gem list | grep less
~$ sudo gem list | grep less
~$ gem install less
(…)
~$ gem list | grep less
less (1.2.21)
~$ sudo gem list | grep less
(empty)

~$ gem -v
1.3.5
~$ ruby -v
ruby 1.8.7 (2009-06-12 patchlevel 174) [i686-darwin10.0.0]

– Thibaut

Ironruby-core mailing list
[email protected]mailto:[email protected]
http://rubyforge.org/mailman/listinfo/ironruby-core

The following raises System.UnauthorizedAccessException with IronRuby,
but works with MRI.

require “fileutils”
FileUtils.mkdir_p “c:/Program Files/foo”

If we make this work with IronRuby or atleast throw Errno::EACCES, I
think –user-install will work from non-elevated prompt

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 12:40 PM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

With RC1 (installed to Program Files by default), I was able to do “igem
install” from an elevated Command Prompt.

From a normal prompt, “igem install” failed with the
System.UnauthorizedAccessException with or without –user-install. We
should track down why this is happening.

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 12:18 PM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

So how does RubyGems know that the target location is restricted? I
can’t just call File.open and catch the exception. Perhaps it eagerly
checks for permissions.

So where does this leave us? Sounds like we can keep installing to
ProgramFiles by default. Users can then run “gem install” from an
elevated Command Prompt if they want to share gems with other users, or
they can use –user-install if they prefer not to elevate. Sounds like we
are good as is if Thibaut (or someone else) can confirm that
–user-install does work as expected.

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 12:10 PM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Technically, the virtual store is an OS level feature, however, not
using --user-install could imply to people that we are installing in a
shared location when we aren’t.

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 12:06 PM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Might be a .NET issue, but we should work around it in that case.

What I am curious about though is if MRI is installed to Program Files,
will “gem install” also silently install to the virtual store if it is
run without elevation. If the redirecting is done at the Ruby/OS level,
then RubyGems does not need to do anything, and so –user-install should
not be needed at all.

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 11:54 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Hm, that’s interesting… MRI gets redirected to the virtual store but
IronRuby does not, I wonder if that is more of a .NET issue than a
IronRuby problem…

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:44 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There indeed is a difference in behavior between IronRuby and MRI when
creating a file in %ProgramFiles% from a non-elevated process. MRI
silently writes to USERPROFILE. IronRuby raises Errno::EACCES. I have
opened http://ironruby.codeplex.com/WorkItem/View.aspx?WorkItemId=3685
to track this. I don’t see the System.UnauthorizedAccessException
though.

D:>ruby -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”

D:>dir “c:\Program Files\foo.txt”
File Not Found

D:>dir “%USERPROFILE%\AppData\Local\VirtualStore\Program Files\foo.txt”
01/26/2010 11:39 AM 0 foo.txt
1 File(s) 0 bytes
0 Dir(s) 122,124,869,632 bytes free

D:>rbx -e “File.open(‘c:/Program Files/foo.txt’, ‘w+’) {}”
mscorlib:0:in `WinIOError’: Access to the path ‘c:\Program
Files\foo.txt’ is denied. (Errno::EACCES)

From: [email protected]
[mailto:[email protected]] On Behalf Of Shri B.
Sent: Tuesday, January 26, 2010 11:09 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Another way to simulate “sudo” is to use an elevated Command Prompt.
http://www.sevenforums.com/tutorials/11841-run-administrator.html tells
you how. If you are using the command prompt a lot, you only need to
deal with the UAC dialog box once when you open the elevated Command
Prompt. After that, all commands executed from the Command Prompt run
elevated.

Jim, from an elevated Command prompt, I was able to create a new file in
%ProgramFiles% using notepad, and did not get any UAC dialog box. This
would mean that “gem install” should also be able to install gems to
%ProgramFiles%. Not sure how this reconciles with your comment about
TrustedInstaller.

Thibaut, could you try using “igem install –user-install”? (I wonder if
IronRuby needs to catch the System.UnauthorizedAccessException exception
and raise a Ruby exception for RubyGems to do the right thing.)

Could you also separately try running from an elevated Command Prompt?

From: [email protected]
[mailto:[email protected]] On Behalf Of Jim D.
Sent: Tuesday, January 26, 2010 9:18 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

There are a couple of differences that would be apparent for this
proposed solution:

1.  Runas /user…. Is much longer than sudo ;)
   

2.  The normal installation directory is owned by TrustedInstaller 
   

and Admins have no rights by default. We wouldn’t have a supported way
to share gems at this time, since that does have security risks. Each
user would have to install their own gems, but (unsupported) you should
be able to move GEM_PATH (assuming we can figure out how to share
between IronRuby and Ruby) to a shared location and change permissions
on it.

JD

From: [email protected]
[mailto:[email protected]] On Behalf Of Will G.
Sent: Tuesday, January 26, 2010 9:03 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

Yes, that occurred to me this morning.

So, runas /user:mymachine\administrator igem install foo for globals
gems, right?

–
Will G.
http://hotgazpacho.org/
On Tue, Jan 26, 2010 at 4:16 AM, Thibaut Barrère
<[email protected]mailto:[email protected]> wrote:

Per-user gems should not be the default. In RubyInstaller (mingw MRI), as well as MRI on Linux, and I believe OS X, system-wide gems are
the default. This, of course, would require elevation (sudo gem install xxx).
I believe per-user gems is now the default (it wasn’t in the past, but
if I’m right a rubygems update changed that behaviour. Maybe 1.3.0 -
http://rubyforge.org/forum/forum.php?forum_id=27728 => ‘RubyGems now
installs gems into ~/.gem if GEM_HOME is not writable. Use
–no-user-install command-line switch to disable this behavior.’).

Here’s what happens on my machine (OS X):

~$ gem list | grep less
~$ sudo gem list | grep less
~$ gem install less
(…)
~$ gem list | grep less
less (1.2.21)
~$ sudo gem list | grep less
(empty)

~$ gem -v
1.3.5
~$ ruby -v
ruby 1.8.7 (2009-06-12 patchlevel 174) [i686-darwin10.0.0]

– Thibaut

Ironruby-core mailing list
[email protected]mailto:[email protected]
http://rubyforge.org/mailman/listinfo/ironruby-core

Hi,

I’ll be able to do another test tomorrow if it’s still needed (is it
?), I’ll have access to my W7 machine then.

On the whole thing: I believe that the newcomer, using a regular
account, installing the MSI for IronRuby 1.0 (not RC) in the default
provided path, should be able to use “igem install xxx” (on xp, vista,
w7) without any specific tweak.

I’m not saying that it’s easy to enable this though :), just that it
will be the expected polish from people trying IR out, in my opinion.

Is this behaviour the target ?

– Thibaut

Ironruby-core mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/ironruby-core

With yesterday’s fix for System.UnauthorizedAccessException and another
fix I will do today for File.basename, “igem install” works in either
elevated or unelevated mode. In the former case, it will install to
%ProgramFiles% allowing for sharing with other users. In the second
mode, it falls back to installing to ~/.gems. This sounds like good
behavior.

In MRI, when you attempt to gem install, but don’t have access to the
system
gems path, you get a warning before putting them in ~/.gems

Is this behavior preserved for IronRuby?

–
Will G.
http://hotgazpacho.org/

Yup, it is.

From: [email protected]
[mailto:[email protected]] On Behalf Of Will G.
Sent: Friday, January 29, 2010 9:40 AM
To: [email protected]
Subject: Re: [Ironruby-core] “igem install rake” raise an
System.UnauthorizedAccessException (Windows 7)

In MRI, when you attempt to gem install, but don’t have access to the
system gems path, you get a warning before putting them in ~/.gems

Is this behavior preserved for IronRuby?

–
Will G.
http://hotgazpacho.org/

On Wed, Jan 27, 2010 at 1:26 PM, Shri B.
<[email protected]mailto:[email protected]> wrote:
With yesterday’s fix for System.UnauthorizedAccessException and another
fix I will do today for File.basename, “igem install” works in either
elevated or unelevated mode. In the former case, it will install to
%ProgramFiles% allowing for sharing with other users. In the second
mode, it falls back to installing to ~/.gems. This sounds like good
behavior.

With yesterday’s fix for System.UnauthorizedAccessException and another fix
I will do today for File.basename, “igem install” works in either elevated
or unelevated mode. In the former case, it will install to %ProgramFiles%
allowing for sharing with other users. In the second mode, it falls back to
installing to ~/.gems. This sounds like good behavior.

yep - sounds perfect. I’ll be able to do more test once the new MSI is
pushed out.

thanks for the discussion and fixes

– Thibaut