

Installing gems - ckolderup
http://mwunsch.tumblr.com/post/8645762505/installing-gems

======
Xylakant
Actually, I don't get what's wrong with using sudo for the use-case of
installing an executable system-wide? In principle that's what every installer
does, even the MacOS-installer when installing system-wide applications. The
only other option would be to install system-wide apps in a directory where
every user has write access - a situation I'd find far more problematic.

However, if you'd like to install the gem just for yourself set the proper
environment variables and install to your home folder.

------
vitus
I haven't really used Ruby much until recently, but what's wrong with just
setting the GEM_HOME environment variable?

Wholeheartedly agree with not using sudo if not necessary, though. That seems
to have become a bad habit for a lot of people.

~~~
guns
While I agree that installing programs as an unprivileged user is appropriate,
installing programs as an unprivileged user to a global executable directory
is misguided.

`/usr/local/bin` is typically in root's PATH, so root will faithfully search
for programs in this directory. If root (or an admin group) does not have sole
write privileges to that directory, it becomes a very easy to exploit
privilege escalation vulnerability.

What _is_ risky about running `sudo make install` and the like, is that the
Makefile may have malicious / risky code that may get executed as root.

Summary:

If you trust / verify the code you are installing, and you want it to be
globally available, install it with sudo.

If you aren't willing to install as root, but want it to be available to a
group of users, install to another directory not in root's PATH.

Otherwise just install to ~/bin

------
Vitaly
BS.

RVM is not an overkill. It is simply the right tool for the job in case you
are doing ANY ruby related development.

If you don't, then it's "sudo gem nstall". It will install it system wide
using system provided ruby binaries.

