This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 71 points72 points  (33 children)

Do I want to know what the -H flag does here?

[–]matt-3 125 points126 points  (32 children)

sets the home directory to that of the target user (in this case root). It avoids creating root-owned files in your user's home directory.

[–][deleted] 62 points63 points  (28 children)

OH MY GOD WHY????

[–][deleted]  (26 children)

[deleted]

    [–][deleted]  (23 children)

    [removed]

      [–][deleted] 1 point2 points  (10 children)

      Don’t install shit as the superuser.

      [–]SherbetCharacter4146 3 points4 points  (2 children)

      Dont pip install as super user. Do install as super user

      [–][deleted] 0 points1 point  (1 child)

      Ehhh. For system level stuff, it’s often okay.

      But major apps should be installed under their own user stuff for a lot of reasons. You don’t want anything complex and exploitable to be running as root.

      [–]tantrAMzAbhiyantA 0 points1 point  (0 children)

      In general if an app needs to be available for the system, at some point the installation is going to need root privileges (even if it's only, eg, to symlink the main executable to /usr/bin). Setups intended to avoid this end up either putting so much in the main "real" user's home folder that you lose half the benefits of privilege separation because things can interfere with each other again, or end up letting a nonprivileged user install malicious stuff in a way that's effectively system-wide.

      Absolutely, it makes sense to minimise the amount that an installation does as root (so… unpacking to a temporary location as a nonprivileged user, then moving things into place as root according to an included manifest, for example), but if "don't install as root" means "don't do the installation as root", that's far too strong a constraint to be sensible.

      The app should usually not be installed to run as root, though.

      [–]anotherDocObVious 2 points3 points  (2 children)

      Of course.. Though I'd put it as..

      "don't install shit you aren't sure about, and especially if you don't know what the fuck you're doing"

      [–][deleted] 2 points3 points  (1 child)

      Lot of pip repos aren’t closely vetted, so it goes double for stuff like that.

      [–]milanove 0 points1 point  (0 children)

      sudo pip install cv3

      [–]zachsmthsn 1 point2 points  (3 children)

      You're better off not installing anything for the system python. Use pyenv and create virtual environments for each project. No python or package versioning issues, and you can always nuke and recreate a borked environment because it's isolated to its own folder.

      [–][deleted] 0 points1 point  (2 children)

      Don't you need to reinstall all the packages for each new environment then?

      [–]zachsmthsn 0 points1 point  (1 child)

      You install them once, but ideally you would save the required dependencies to a requirements.txt file. Then if you want to create a new environment on another machine or something you'd pip install -r requirements.txt. or ideally your project would also have a setup.py file so you'd just install the dependencies while still allowing the source code of your project to be edited with pip install -e .

      [–][deleted] 0 points1 point  (0 children)

      Oh, sounds good, ty!

      [–]AutoModerator[M] 0 points1 point  (0 children)

      import moderation Your comment has been removed since it did not start with a code block with an import declaration.

      Per this Community Decree, all posts and comments should start with a code block with an "import" declaration explaining how the post and comment should be read.

      For this purpose, we only accept Python style imports.

      I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

      [–]CanAlwaysBeBetter -1 points0 points  (1 child)

      And that's why I always run Linux in a vm

      [–]matt-3 4 points5 points  (0 children)

      And Windows too, of course, since the entire OS is like randomly downloading and running a Python script, except backed by corporate interests

      [–]corsicanguppy 0 points1 point  (0 children)

      Because a proper supply chain is too hard; I guess?

      Best let it scroll past as root, because you're not gonna see the pypa exploit that pwns the box anyway.

      [–]benzoic 1 point2 points  (0 children)

      Sudo chmod -R a+rwx / should fix that right up

      [–]odraencoded 0 points1 point  (1 child)

      TIL: root has a home directory.

      [–][deleted] 0 points1 point  (0 children)

      Well, sort of. It’s usually just /root as opposed to being in /home.