Document that pipenv is not designed to run as privileged user (root, administrator)
See original GitHub issueFrom https://github.com/pypa/pipenv/issues/3128#issuecomment-434286020
Pipenv is not supposed to run as root either. If people are doing that, they’re using it wrong.
The official documentation of pipenv does not warn that pipenv is not designed to be executed as privileged user. As bare minimum, please advise consumers of pipenv, that pipenv must not be executed as root. Please also inform the user, that most container runtimes (e.g. Docker) execute all commands as root user by default. Users must switch to an unprivileged user with e.g. USER
command https://docs.docker.com/engine/reference/builder/#user.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:2
- Comments:8 (3 by maintainers)
Top Results From Across the Web
Getting "Permission Denied" when running pip as root on ...
I assume you have a one user python python installation and do not want to bother with reading about virtualenv (which is not...
Read more >pipenv Documentation
Note: Pipenv is designed to be used by non-privileged OS users. ... Once again, you should not run pipenv as root (or Admin...
Read more >Understanding Python Virtual Environments | by Mike Brown
Pipenv is another option for creating virtual environments, ... and does not require administrator or root privileges for installation.
Read more >Configure a Pipenv environment | PyCharm Documentation
Install pipenv by running the following command: $ pip install --user pipenv · For your convenience, you might add the user base's binary...
Read more >How To Set Up Django with Postgres, Nginx, and Gunicorn ...
To complete this tutorial you will need an Ubuntu 18.04 server set up, a non-root user with sudo privileges configured, and a firewall ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I’m not super knowledgeable about docker deployments and I agree that it is a good idea to warn against it, but I’m not sure that it must not be used as root. Many people use pip in docker as root, and many people use
pipenv install --system --deploy
to deploy their dependency state to their docker system python installation.I have no idea why this is a common practice, and it definitely continues to confuse me whenever I try to use docker, but my impression was that since containers themselves are throwaways, the tradeoff is between managing additional tools/tooling for user access management inside the container vs the infrastructure to just scrap the whole thing and start over (which is how I think people are using pipenv atm?).
On the other hand, I know security is your area of expertise, and while the commenter in question isn’t a maintainer of pipenv unfortunately, I can see that they are obviously knowledgeable in this space as well. My primary concern is that this would be confusing to many users who already have established workflows around the whole python ecosystem (pipenv included) which relies on root permissions to deploy system level python packages. I think we need to be careful with wording something like this to provide a clear path forward for those users
@TTimo, you should be able to run pipenv as root, or Administrator on Windows. However, this is discouraged. You could end up breaking your Python installation.