Best practice is to isolate packages downloaded from pypi <https://pypi.org> in a virtual environment, and do not mess with the system wide python installation.
As a general rule always avoid “sudo pip install”, and only install system wide python packages via the distribution package manager (apt for debian, pacman for archlinux, yum and dnf for rpm based distros, etc.). Of course the number of wonderful python packages on pypi <https://pypi.org> is amazing, so soon or later you will need some python package which is not available in your distro. Moreover sometimes different packages have conflicting requirements, hence the necessity of isolated virtual environments, explained in <https://docs.python.org/3/library/venv.html> <https://packaging.python.org/tutorials/installing-packages/#creating-virtual-environments> So you should (python == python3 below) $ python -m venv /opt/XXX $ source /opt/XXX/bin/activate $ pip install yyy Now every user wishing to use the XXX virtual env should simply $ source /opt/XXX/bin/activate $ python >>> import yyy One question remains open: should you run "python -m venv /opt/XXX” and the subsequent commands as root, or not? Here the matter become complex, as is security is under all Unix systems. Oversimplifying you have two options. If you blindly trust every package in pypi you can $ sudo python -m venv /opt/XXX $ source /opt/XXX/bin/activate $ sudo pip install yyy or if you are a little paranoid (like myself) you should create a user (say Mousebender) just for managing the virtual environments: $ sudo mkdir /opt/XXX $ sudo chown Mousebender /opt/XXX $ sudo -u Mousebender python -m venv /opt/XXX $ source /opt/XXX/bin/activate $ sudo -u Mousebender pip install yyy (There are also other more advanced options, like building with a non privileged user a set of python wheels and installing them as root, but I will not discuss them here.) I’m not aware of any harmful package on pypi, and I know for sure that most people simply do “sudo pip install” in a virtual environment, but you should be aware that a python source package installation can execute arbitrary code, and that it is usually a bad idea to run foreign code as root, without a security audit first. Regards, Stefano > On 26 Oct 2019, at 12:53, Mick Sulley <m...@sulley.info> wrote: > > I have just discovered that if I install pyownet with > > pip3 install pyownet > > it works fine for programs that I run under my user, but if I run something > with sudo I get > > ModuleNotFoundError: No module named 'pyownet' > > I can overcome this by installing as root with > > sudo pip3 install pyownet > > > Question - is it good practice to always install packages like this as root? > > Thanks > > Mick > > > > _______________________________________________ > Owfs-developers mailing list > Owfs-developers@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/owfs-developers _______________________________________________ Owfs-developers mailing list Owfs-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owfs-developers
