Important flag to lock admin configuration missing in documentation
Current Behavior
For a conda installation administered by root all settings in .condarc can be overwritten by the same setting in a .condarc file located in a non-privileged user's home.
E.g. settings in
$CONDA_ROOT/.condarc/var/lib/conda/.condarc/etc/conda/.condarc
are all overwritten by ~/.condarc
Including but not limited to important settings like non_admin_enabled, offline and allow_other_channels.
Steps to Reproduce
- install conda into /opt/ as root (or change permissions of existing installation)
- create a .condarc file in /etc/conda/ or /opt/miniconda3/ and set
non_admin_enabled: false
(or run as root:conda config --set non_admin_enabled false) - create the same file in a user's home dir but set
non_admin_enabled: true
Expected Behavior
In no case should the user be able to override this setting, i.e. execute any install/create/remove operations. The same applies to any other setting.
In the unlikely event that this is by design it would have been great if this would have been mentioned here or here (@kalefranz).
Environment Information
`conda info`
active environment : None
shell level : 0
user config file : /home/user/.condarc
populated config files : /etc/conda/.condarc
/home/user/.condarc
conda version : 4.10.3
conda-build version : not installed
python version : 3.9.5.final.0
virtual packages : __linux=5.8.0=0
__glibc=2.31=0
__unix=0=0
__archspec=1=x86_64
base environment : /opt/miniconda3 (read only)
conda av data dir : /opt/miniconda3/etc/conda
conda av metadata url : None
channel URLs : https://repo.anaconda.com/pkgs/main/linux-64
https://repo.anaconda.com/pkgs/main/noarch
https://repo.anaconda.com/pkgs/r/linux-64
https://repo.anaconda.com/pkgs/r/noarch
package cache : /opt/miniconda3/pkgs
/home/user/.conda/pkgs
envs directories : /home/user/.conda/envs
/opt/miniconda3/envs
platform : linux-64
user-agent : conda/4.10.3 requests/2.25.1 CPython/3.9.5 Linux/5.8.0-63-generic ubuntu/20.04.2 glibc/2.31
UID:GID : 1000:1001
netrc file : None
offline mode : False
`conda config --show-sources`
==> /etc/conda/.condarc <==
non_admin_enabled: False
==> /home/user/.condarc <==
non_admin_enabled: True
`conda list --show-channel-urls`
# packages in environment at /opt/miniconda3:
#
# Name Version Build Channel
_libgcc_mutex 0.1 main defaults
_openmp_mutex 4.5 1_gnu defaults
brotlipy 0.7.0 py39h27cfd23_1003 defaults
ca-certificates 2021.7.5 h06a4308_1 defaults
certifi 2021.5.30 py39h06a4308_0 defaults
cffi 1.14.6 py39h400218f_0 defaults
chardet 4.0.0 py39h06a4308_1003 defaults
conda 4.10.3 py39h06a4308_0 defaults
conda-content-trust 0.1.1 pyhd3eb1b0_0 defaults
conda-package-handling 1.7.3 py39h27cfd23_1 defaults
cryptography 3.4.7 py39hd23ed53_0 defaults
idna 2.10 pyhd3eb1b0_0 defaults
ld_impl_linux-64 2.35.1 h7274673_9 defaults
libffi 3.3 he6710b0_2 defaults
libgcc-ng 9.3.0 h5101ec6_17 defaults
libgomp 9.3.0 h5101ec6_17 defaults
libstdcxx-ng 9.3.0 hd4cf53a_17 defaults
ncurses 6.2 he6710b0_1 defaults
openssl 1.1.1k h27cfd23_0 defaults
pip 21.1.3 py39h06a4308_0 defaults
pycosat 0.6.3 py39h27cfd23_0 defaults
pycparser 2.20 py_2 defaults
pyopenssl 20.0.1 pyhd3eb1b0_1 defaults
pysocks 1.7.1 py39h06a4308_0 defaults
python 3.9.5 h12debd9_4 defaults
readline 8.1 h27cfd23_0 defaults
requests 2.25.1 pyhd3eb1b0_0 defaults
ruamel_yaml 0.15.100 py39h27cfd23_0 defaults
setuptools 52.0.0 py39h06a4308_0 defaults
six 1.16.0 pyhd3eb1b0_0 defaults
sqlite 3.36.0 hc218d9a_0 defaults
tk 8.6.10 hbc83047_0 defaults
tqdm 4.61.2 pyhd3eb1b0_1 defaults
tzdata 2021a h52ac0ba_0 defaults
urllib3 1.26.6 pyhd3eb1b0_1 defaults
wheel 0.36.2 pyhd3eb1b0_0 defaults
xz 5.2.5 h7b6447c_0 defaults
yaml 0.2.5 h7b6447c_0 defaults
zlib 1.2.11 h7b6447c_3 defaults