Describe the problem as clearly as you can
If some gems cannot be deleted during bundle clean due to permissions issues, the errors are left unreported. The output and exit code are the same as when all unneeded gems are removed successfully.
Did you try upgrading rubygems & bundler?
Yes.
Post steps to reproduce the problem
Set your Bundler path to an explicit directory (this step can be skipped, but then you may have to use the --force option for bundle clean).
$ bundle config set path '.bundle'
Make sure you have at least one gem installed in the relevant directory that is no longer listed in your Gemfile.lock, and make sure that the file permissions are set such that you don't have the ability to delete that gem's files/directories. Because of #9395, this can happen easily if you have multiple users doing deployments for a project.
For these steps, I set things up so that my Gemfile.lock listed thor 1.5.0, but I also had thor 1.4.0 installed. I manually changed the owner of the thor-1.4.0 directory to root as a simulation, but the more typical situation would be that it's some non-root user other than yourself.
$ ls -l .bundle/ruby/4.0.0/gems
total 8
drwxr-xr-x. 4 root rvm 4096 Mar 13 16:08 thor-1.4.0
drwxr-xr-x. 4 mfelsher rvm 4096 Mar 13 16:12 thor-1.5.0
Which command did you run?
bundle clean
What were you expecting to happen?
If there are permissions errors that stop a directory from being removed during bundle clean, I would expect an error or warning message to be output. I'd probably expect the command to return with an error status as well.
What happened instead?
The command says it's removing thor 1.4.0 without any warnings/errors and returns with a success status, even though the directory and its contents still exist.
$ bundle clean
Removing thor (1.4.0)
$ echo $?
0
$ ls -l .bundle/ruby/4.0.0/gems
total 8
drwxr-xr-x. 4 root rvm 4096 Mar 13 16:08 thor-1.4.0
drwxr-xr-x. 4 mfelsher rvm 4096 Mar 13 16:12 thor-1.5.0
$ ls -l .bundle/ruby/4.0.0/gems/thor-1.4.0/
total 24
drwxrwxr-x. 2 root root 4096 Mar 13 16:08 bin
-rw-r--r--. 1 root root 1030 Mar 13 16:08 CONTRIBUTING.md
drwxrwxr-x. 3 root root 4096 Mar 13 16:08 lib
-rw-r--r--. 1 root root 1075 Mar 13 16:08 LICENSE.md
-rw-r--r--. 1 root root 1410 Mar 13 16:08 README.md
-rw-r--r--. 1 root root 1210 Mar 13 16:08 thor.gemspec
Additional detail
I'm guessing that this is occurring because of the use of FileUtils.rm_rf here, swallowing any permissions errors:
|
Bundler.ui.info "Removing #{output}" |
|
FileUtils.rm_rf(dir) |
If not included with the output of your command, run bundle env and paste the output below
Environment
Bundler 4.0.8
Platforms ruby, x86_64-linux
Ruby 4.0.1p0 (2026-01-13 revision e04267a14b1a5dea2d2c368e48d41bd3db441f4f) [x86_64-linux]
Full Path /usr/local/rvm/rubies/ruby-4.0.1/bin/ruby
Config Dir /usr/local/rvm/rubies/ruby-4.0.1/etc
RubyGems 4.0.8
Gem Home /usr/local/rvm/gems/ruby-4.0.1
Gem Path /usr/local/rvm/gems/ruby-4.0.1:/usr/local/rvm/rubies/ruby-4.0.1/lib/ruby/gems/4.0.0
User Home /home/mfelsher
User Path /home/mfelsher/.local/share/gem/ruby/4.0.0
Bin Dir /usr/local/rvm/gems/ruby-4.0.1/bin
Tools
Git 2.43.7
RVM 1.29.12 (latest)
rbenv not installed
chruby not installed
rubygems-bundler (1.4.5)
Bundler Build Metadata
Timestamp 2026-03-11
Git SHA 1a32b76b73
Bundler settings
path
Set for your local app (/home/mfelsher/bundler_permissions_issue/.bundle/config): ".bundle"
Gemfile
Gemfile
# frozen_string_literal: true
source "https://rubygems.org"
gem 'thor'
Gemfile.lock
GEM
remote: https://rubygems.org/
specs:
thor (1.5.0)
PLATFORMS
ruby
x86_64-linux
DEPENDENCIES
thor
CHECKSUMS
thor (1.5.0) sha256=e3a9e55fe857e44859ce104a84675ab6e8cd59c650a49106a05f55f136425e73
BUNDLED WITH
4.0.8
Describe the problem as clearly as you can
If some gems cannot be deleted during
bundle cleandue to permissions issues, the errors are left unreported. The output and exit code are the same as when all unneeded gems are removed successfully.Did you try upgrading rubygems & bundler?
Yes.
Post steps to reproduce the problem
Set your Bundler path to an explicit directory (this step can be skipped, but then you may have to use the
--forceoption forbundle clean).Make sure you have at least one gem installed in the relevant directory that is no longer listed in your Gemfile.lock, and make sure that the file permissions are set such that you don't have the ability to delete that gem's files/directories. Because of #9395, this can happen easily if you have multiple users doing deployments for a project.
For these steps, I set things up so that my Gemfile.lock listed
thor1.5.0, but I also hadthor1.4.0 installed. I manually changed the owner of thethor-1.4.0directory torootas a simulation, but the more typical situation would be that it's some non-root user other than yourself.Which command did you run?
bundle cleanWhat were you expecting to happen?
If there are permissions errors that stop a directory from being removed during
bundle clean, I would expect an error or warning message to be output. I'd probably expect the command to return with an error status as well.What happened instead?
The command says it's removing thor 1.4.0 without any warnings/errors and returns with a success status, even though the directory and its contents still exist.
Additional detail
I'm guessing that this is occurring because of the use of
FileUtils.rm_rfhere, swallowing any permissions errors:rubygems/bundler/lib/bundler/runtime.rb
Lines 306 to 307 in bcc4469
If not included with the output of your command, run
bundle envand paste the output belowEnvironment
Bundler Build Metadata
Bundler settings
Gemfile
Gemfile
Gemfile.lock