Getting the warning "Insecure world writable dir /home/chance " in PATH, mode 040777 for rails and gem

ruby-on-rails ruby linux gem rvm
Chance picture Chance · Mar 21, 2011 · Viewed 74.9k times · Source

I've tried this but it didn't work and seemed to be for osx. I have a fresh Ubuntu 10.10 install with rvm, rails 3 and ruby 1.9.2. I have a fresh rails app but using either gem or rails results in the following warnings (with lag).

$ rails -v

/home/chance/.rvm/gems/ruby-1.9.2-p180@global/gems/railties-3.0.5/lib/rails/script_rails_loader.rb:11: warning: Insecure world writable dir /home/chance in PATH, mode 040777
/home/chance/.rvm/gems/ruby-1.9.2-p180@global/gems/bundler-1.0.10/lib/bundler/runtime.rb:136: warning: Insecure world writable dir /home/chance in PATH, mode 040777
Rails 3.0.5

$ gem -v 

/home/chance/.rvm/rubies/ruby-1.9.2-p180/bin/gem:4: warning: Insecure world writable dir /home/chance in PATH, mode 040777
1.6.2

Just incase it matters, here is my Gemfile:

source 'http://rubygems.org'

gem 'rails'
# Bundle edge Rails instead:
# gem 'rails', :git => 'git://github.com/rails/rails.git'
gem 'sqlite3'
gem 'sqlite3-ruby', :require => 'sqlite3'
gem "haml"
gem "formtastic"
gem "will_paginate"
gem "devise"
gem "delayed_job"
gem "whenever"
gem "memcache-client"
gem "capistrano"
group :testing do
  gem "rspec"
  gem "rspec-rails"
  gem "autotest-standalone"
  gem "autotest-rails"
  gem "autotest-growl"
  gem "mocha"
  gem "shoulda"
  gem "factory_girl_rails"
end

group :development do
  gem "cheat"
  gem "bullet"
  gem "ruby-growl"

end

Answer

matt picture matt · Mar 22, 2011

If you tried sudo chmod go-w /usr/local/bin from the other answer, try:

chmod go-w /home/chance

instead.

What seems to have happened is that somehow your home directory (/home/chance) has been added to your $PATH (the list of directories the OS searches when trying to find an executable to launch) and has also had its permissions changed so that anyone can write to it. This is potential a security problem, as another user could put an executable into this directory which you could accidentally launch. Ruby notices this and issues the warning.

This command changes the permissions of the directory so that it is no longer world writable.

In unix, file permissions are specified for three categories, the file owner (user), the group of the file (group), and everyone else (other). (See Google for more on unix file permissions).

So breaking down the command above:

chmod - change the 'mode' of the file (i.e. its permissions)

go - for group(g) and others(o)

-w - (minus w) remove write permission

/home/chance - the file (or directory) in question

In the other answer the directory that was causing the problem was /usr/local/bin, which is owned by root so sudo is required to change permissions on it. /home/chance is your home directory which is owned by the chance user who can change permissions on it - no sudo required.

Related questions

installing rails with gem , error loading command : install undefined method 'invoke_with_build_args`

I'm try to install rails on Debian. when run this command gem install rails I gave this error: ERROR: Loading command: install (LoadError) cannot load such file -- zlib ERROR: While executing gem ... (NoMethodError) undefined method ``invoke_with_build_args' …

Read More
installed ruby using apt-get install ruby 2.0.0 succeeded but not using correct ruby version

Hi I am really new to linux. I am currently deploying an app on digital ocean so I am switching to linux ox temporarily. I did sudo apt-get install ruby 2.0.0 and installed correctly but when I do ruby-v I am …

Read More
Deleting .rbenv from Linux

How can i completely uninstall rbenv ? I want to install rvm and I want to get rid of rbenv completely so they don't clash. This is what I did so far: rm -rf ~/.rbenv cleared all the lines added to …

Read More