I've tried this but it didn't work and seemed to be for osx. I have a fresh Ubuntu 10.10 (x64) install with rvm, rails 3 and ruby 1.9.2. I have a new rails app but using either gem or rails results in the following warnings (with lag).
$ rails -v
/home/chance/.rvm/gems/ruby-1.9.2-p180@global/gems/railties-3.0.5/lib/rails/script_rails_loader.rb:11: warning: Insecure world writable dir /home/chance in PATH, mode 040777
/home/chance/.rvm/gems/ruby-1.9.2-p180@global/gems/bundler-1.0.10/lib/bundler/runtime.rb:136: warning: Insecure world writable dir /home/chance in PATH, mode 040777
Rails 3.0.5
$ gem -v
/home/chance/.rvm/rubies/ruby-1.9.2-p180/bin/gem:4: warning: Insecure world writable dir /home/chance in PATH, mode 040777
1.6.2
Just incase it matters, here is my Gemfile:
source 'http://rubygems.org'
gem 'rails'
# Bundle edge Rails instead:
# gem 'rails', :git => 'git://github.com/rails/rails.git'
gem 'sqlite3'
gem 'sqlite3-ruby', :require => 'sqlite3'
gem "haml"
gem "formtastic"
gem "will_paginate"
gem "devise"
gem "delayed_job"
gem "whenever"
gem "memcache-client"
gem "capistrano"
group :testing do
gem "rspec"
gem "rspec-rails"
gem "autotest-standalone"
gem "autotest-rails"
gem "autotest-growl"
gem "mocha"
gem "shoulda"
gem "factory_girl_rails"
end
group :development do
gem "cheat"
gem "bullet"
gem "ruby-growl"
end
The message indicates that the directory
/home/chance
can be written to by everyone, which is a potential security hole. That could allow malicious users to put files in that directory and then the owner of the directory could use the accidentally.To fix, remove the world-writable bit from
/home/chance
:If you aren't the owner of
/home/chance
, you will need to do this as root via sudo: