pip as root

[Cecil Westerhof]

I have been using pip as root for years to keep my python packages up
to date. For a while I have been getting (I think since I switched to
Debian 11) the following warning:
WARNING: Running pip as the 'root' user can result in broken
permissions and conflicting behaviour with the system package manager.
It is recommended to use a virtual environment instead:
https://pip.pypa.io/warnings/venv

As far as I can tell I have no problems with installing the latest
packages as root. (Except that sometimes I have to remove a system
package and install it manually, but that is also a long time ago.)
But is it potentially dangerous what I am doing?

--
Cecil Westerhof
Senior Software Engineer
LinkedIn: http://www.linkedin.com/in/cecilwesterhof

[Aragorn]

On 19.08.2022 at 08:57, Cecil Westerhof scribbled:

> I have been using pip as root for years to keep my python packages up
> to date. For a while I have been getting (I think since I switched to
> Debian 11) the following warning:
> WARNING: Running pip as the 'root' user can result in broken
> permissions and conflicting behaviour with the system package manager.
> It is recommended to use a virtual environment instead:
> https://pip.pypa.io/warnings/venv
>
> As far as I can tell I have no problems with installing the latest
> packages as root. (Except that sometimes I have to remove a system
> package and install it manually, but that is also a long time ago.)
> But is it potentially dangerous what I am doing?

Not necessarily dangerous, but it makes no sense. pip was specifically
designed to be used as an unprivileged user and to install those python
packages in the user's home directory. If you run it as root, the
user's home directory will be /root, and that's not going to be doing
anyone any good.

UNIX is a multiuser platform, and the root account should not be used
in vain. ;)

--
With respect,
= Aragorn =

[Cecil Westerhof]

Aragorn <thor...@telenet.be> writes:

> On 19.08.2022 at 08:57, Cecil Westerhof scribbled:
>
>> I have been using pip as root for years to keep my python packages up
>> to date. For a while I have been getting (I think since I switched to
>> Debian 11) the following warning:
>> WARNING: Running pip as the 'root' user can result in broken
>> permissions and conflicting behaviour with the system package manager.
>> It is recommended to use a virtual environment instead:
>> https://pip.pypa.io/warnings/venv
>>
>> As far as I can tell I have no problems with installing the latest
>> packages as root. (Except that sometimes I have to remove a system
>> package and install it manually, but that is also a long time ago.)
>> But is it potentially dangerous what I am doing?
>
> Not necessarily dangerous, but it makes no sense. pip was specifically
> designed to be used as an unprivileged user and to install those python
> packages in the user's home directory. If you run it as root, the
> user's home directory will be /root, and that's not going to be doing
> anyone any good.

I disagree. By doing it like this the newest packages are installed
for ALL users. Exactly what I want: instead of having the official
Debian python package I have the latest package system wide.
Why do you think I am a moron?

[Cecil Westerhof]

Sorry. I should not have used the last sentence.
I got a bit of a short fuse.
This week I was told several times I did things wrong to see every
time after checking (because it is of-course possible that I make a
mistake) that I did not. It got the better of me. :'-(

[Aragorn]

On 19.08.2022 at 15:40, Cecil Westerhof scribbled:

Why do you think that I would be regarding you as a moron, or perhaps
even worse, that I would have called you one?

That's a very odd reaction, especially in light of the fact that it has
only been a few days since I stood up for you in comp.unix.shell.

[Richard Kettlewell]

Cecil Westerhof <Ce...@decebal.nl> writes:
> I have been using pip as root for years to keep my python packages up
> to date. For a while I have been getting (I think since I switched to
> Debian 11) the following warning:
> WARNING: Running pip as the 'root' user can result in broken
> permissions and conflicting behaviour with the system package manager.
> It is recommended to use a virtual environment instead:
> https://pip.pypa.io/warnings/venv
>
> As far as I can tell I have no problems with installing the latest
> packages as root. (Except that sometimes I have to remove a system
> package and install it manually, but that is also a long time ago.)
> But is it potentially dangerous what I am doing?

The answer’s in the message; it can cause a conflict with the system
package manager.

THat doesn’t necessarily mean files are overwritten, since the system
package manager will normally install under /usr/lib while pip will put
them under /usr/local/lib (unless you have a version that enables --user
by default). However if there are multiple versions of a package
installed, then it’s easy to see how something that depends on it may
get the wrong version at runtime.

How much this matters is situational but the view from the
maintainers[1] is that this practice causes them a significant support
load.

If you’re sure you know what you’re doing then just ignore the warning.

[1] https://github.com/pypa/pip/issues/6409 and
https://github.com/pypa/pip/pull/9394

--
https://www.greenend.org.uk/rjk/

[Cecil Westerhof]

Richard Kettlewell <inv...@invalid.invalid> writes:

> Cecil Westerhof <Ce...@decebal.nl> writes:
>> I have been using pip as root for years to keep my python packages up
>> to date. For a while I have been getting (I think since I switched to
>> Debian 11) the following warning:
>> WARNING: Running pip as the 'root' user can result in broken
>> permissions and conflicting behaviour with the system package manager.
>> It is recommended to use a virtual environment instead:
>> https://pip.pypa.io/warnings/venv
>>
>> As far as I can tell I have no problems with installing the latest
>> packages as root. (Except that sometimes I have to remove a system
>> package and install it manually, but that is also a long time ago.)
>> But is it potentially dangerous what I am doing?
>
> The answer’s in the message; it can cause a conflict with the system
> package manager.
>
> THat doesn’t necessarily mean files are overwritten, since the system
> package manager will normally install under /usr/lib while pip will put
> them under /usr/local/lib (unless you have a version that enables --user
> by default). However if there are multiple versions of a package
> installed, then it’s easy to see how something that depends on it may
> get the wrong version at runtime.

I do it all for many years and as far as I can see it never gave me
any problems.
I do of-course afterwards always a 'pip3 check' and if that mentions
broken requirements I do a rollback.

> How much this matters is situational but the view from the
> maintainers[1] is that this practice causes them a significant support
> load.
>
> If you’re sure you know what you’re doing then just ignore the warning.

Not completely sure, otherwise I would not have asked. ;-) But
reasonably.

[Cecil Westerhof]

Aragorn <thor...@telenet.be> writes:

>> Why do you think I am a moron?
>
> Why do you think that I would be regarding you as a moron, or perhaps
> even worse, that I would have called you one?
>
> That's a very odd reaction, especially in light of the fact that it has
> only been a few days since I stood up for you in comp.unix.shell.

Sorry, as I explained in my own reply I got triggered. I did not even
see that you wrote the reply. This week I have been several times told
that I did things wrong, to find out when checking that that it was
not true.
I got fed up and reacted out of emotion. I should have counted to (at
least) ten. :'-{