Document that pipenv is not designed to run as privileged user (root, administrator)

pipenv must not be executed as root

I’m not super knowledgeable about docker deployments and I agree that it is a good idea to warn against it, but I’m not sure that it must not be used as root. Many people use pip in docker as root, and many people use pipenv install --system --deploy to deploy their dependency state to their docker system python installation.

I have no idea why this is a common practice, and it definitely continues to confuse me whenever I try to use docker, but my impression was that since containers themselves are throwaways, the tradeoff is between managing additional tools/tooling for user access management inside the container vs the infrastructure to just scrap the whole thing and start over (which is how I think people are using pipenv atm?).

On the other hand, I know security is your area of expertise, and while the commenter in question isn’t a maintainer of pipenv unfortunately, I can see that they are obviously knowledgeable in this space as well. My primary concern is that this would be confusing to many users who already have established workflows around the whole python ecosystem (pipenv included) which relies on root permissions to deploy system level python packages. I think we need to be careful with wording something like this to provide a clear path forward for those users

@TTimo, you should be able to run pipenv as root, or Administrator on Windows. However, this is discouraged. You could end up breaking your Python installation.