4

I have a node application running on Windows, which I want to be able to update automatically. When I run npm install -d as the Administrator account - it works fine, but when I try to run it through my automation software (that is running as local system), I get errors when I try to install a private module from a private git repository:

    npm ERR! git clone git@bitbucket.org:team/repository.git fatal: Could not change back to 'C:/Windows/system32/config/systemprofile/AppData/Roaming/npm-cache/_git-remotes/git-bitbucket-org-team-repository-git-06356f5b': No such file or directory
    npm ERR! Error: Command failed: fatal: Could not change back to 'C:/Windows/system32/config/systemprofile/AppData/Roaming/npm-cache/_git-remotes/git-bitbucket-org-team-repository-git-06356f5b': No such file or directory
    npm ERR! 
    npm ERR!     at ChildProcess.exithandler (child_process.js:637:15)
    npm ERR!     at ChildProcess.EventEmitter.emit (events.js:98:17)
    npm ERR!     at maybeClose (child_process.js:735:16)
    npm ERR!     at Socket.<anonymous> (child_process.js:948:11)
    npm ERR!     at Socket.EventEmitter.emit (events.js:95:17)
    npm ERR!     at Pipe.close (net.js:451:12)
    npm ERR! If you need help, you may report this log at:
    npm ERR!     <http://github.com/isaacs/npm/issues>
    npm ERR! or email it to:
    npm ERR!     <npm-@googlegroups.com>

    npm ERR! System Windows_NT 6.1.7601
    npm ERR! command "C:\\Program Files\\nodejs\\\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "-d"
    npm ERR! cwd D:\nodeapp
    npm ERR! node -v v0.10.8
    npm ERR! npm -v 1.2.23
    npm ERR! code 128

Just running git clone using the same system works fine. Any ideas?

Update: Here are the permissions on the _git_remotes directory:

> get-acl C:\Windows\system32\config\systemprofile\AppData\Roaming\npm-cache\_git-remotes |Format-list

Path   : Microsoft.PowerShell.Core\FileSystem::C:\Windows\system32\config\systemprofile\AppData\Roaming\npm-cache\_git-remotes
Owner  : BUILTIN\Administrators
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         BUILTIN\Administrators Allow  FullControl
Audit  :
Sddl   : O:BAG:SYD:AI(A;OICIID;FA;;;SY)(A;OICIID;FA;;;BA)
Guss
  • 2,520
  • 5
  • 32
  • 55

1 Answers1

1

Don't run the automation software as local system. Instead, create a new dedicated service account (admin level if needed). You can also make it so that this account can only log on from this system and not remotely. I'd would try running the software as non-admin first.

jftuga
  • 5,572
  • 4
  • 39
  • 50
  • Thanks, but doesn't really answer my question :-). I'm using SaltStack as the automation software, and there is good reason for it to run as `system`. – Guss Jun 01 '14 at 15:18
  • 1
    But no where in the installation doc does it tell you to run as the `system` account. It is a very bad idea (bordering on negligence) to run any application service as the `system`. Do you see the first few lines of your error log? I would guess that's a permissions error, try disabling `User Access Control`, windows is picky about these things. It's still a bad idea. – Joseph Kern Aug 20 '14 at 12:55
  • 1) The SaltStack installer basically sets this up. I can manually change the configuration after the install, and that indeed solves the problem, but as I'm deploying these systems automatically I'd rather not add another custom setting that could break. 2) UAC is disabled on the system. – Guss Aug 23 '14 at 13:54
  • UAC being enabled or disabled will never affect how a process running as LOCAL SYSTEM runs. – Warren Rumak Sep 11 '14 at 18:39
  • I've eventually replaced the Salt Stack setup with a custom scripting infrastructure and that uses the Administrator account. with the admin account this works fine. – Guss Sep 21 '15 at 15:18