标签归档:sudo

在sudo下运行pip install是否可以接受并且安全?

问题:在sudo下运行pip install是否可以接受并且安全?

我已经开始使用Mac来安装Python软件包,就像在工作中使用Windows PC一样。但是,在Mac上,我在写入日志文件或站点程序包时经常遇到权限被拒绝的错误。

因此,我考虑过pip install <package>sudosudo 下运行,但是考虑到我只是想将其安装在当前用户帐户下,是否安全/可接受地使用sudo?

日志文件I / O错误的示例回溯:

Command /usr/bin/python -c "import setuptools;__file__='/Users/markwalker/build/pycrypto/setup.py';exec(compile(open(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --single-version-externally-managed --record /var/folders/tq/hy1fz_4j27v6rstzzw4vymnr0000gp/T/pip-k6f2FU-record/install-record.txt failed with error code 1 in /Users/markwalker/build/pycrypto
Storing complete log in /Users/markwalker/Library/Logs/pip.log
Traceback (most recent call last):
  File "/usr/local/bin/pip", line 8, in <module>
    load_entry_point('pip==1.1', 'console_scripts', 'pip')()
  File "/Library/Python/2.7/site-packages/pip-1.1-py2.7.egg/pip/__init__.py", line 116, in main
    return command.main(args[1:], options)
  File "/Library/Python/2.7/site-packages/pip-1.1-py2.7.egg/pip/basecommand.py", line 141, in main
    log_fp = open_logfile(log_fn, 'w')
  File "/Library/Python/2.7/site-packages/pip-1.1-py2.7.egg/pip/basecommand.py", line 168, in open_logfile
    log_fp = open(filename, mode)
IOError: [Errno 13] Permission denied: '/Users/markwalker/Library/Logs/pip.log'

更新 这可能取决于权限,但是最好的方法是为您的python项目使用虚拟环境。sudo pip除非绝对必要,否则应避免运行。

I’ve started to use my Mac to install Python packages in the same way I do with my Windows PC at work; however on my Mac I’ve come across frequent permission denied errors while writing to log files or site-packages.

Therefore I thought about running pip install <package> under sudo but is that a safe/acceptable use of sudo considering I’m just wanting this to be installed under my current user account?

Example traceback from a logfile I/O error:

Command /usr/bin/python -c "import setuptools;__file__='/Users/markwalker/build/pycrypto/setup.py';exec(compile(open(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --single-version-externally-managed --record /var/folders/tq/hy1fz_4j27v6rstzzw4vymnr0000gp/T/pip-k6f2FU-record/install-record.txt failed with error code 1 in /Users/markwalker/build/pycrypto
Storing complete log in /Users/markwalker/Library/Logs/pip.log
Traceback (most recent call last):
  File "/usr/local/bin/pip", line 8, in <module>
    load_entry_point('pip==1.1', 'console_scripts', 'pip')()
  File "/Library/Python/2.7/site-packages/pip-1.1-py2.7.egg/pip/__init__.py", line 116, in main
    return command.main(args[1:], options)
  File "/Library/Python/2.7/site-packages/pip-1.1-py2.7.egg/pip/basecommand.py", line 141, in main
    log_fp = open_logfile(log_fn, 'w')
  File "/Library/Python/2.7/site-packages/pip-1.1-py2.7.egg/pip/basecommand.py", line 168, in open_logfile
    log_fp = open(filename, mode)
IOError: [Errno 13] Permission denied: '/Users/markwalker/Library/Logs/pip.log'

Update This was likely down to permissions, however the best approach is to use virtual environments for your python projects. Running sudo pip should be avoided unless absolutely necessary.


回答 0

使用虚拟环境

$ virtualenv myenv
.. some output ..
$ source myenv/bin/activate
(myenv) $ pip install what-i-want

sudo当您要为全局的系统级Python安装安装内容时,才使用或提升权限。

最好使用虚拟环境为您隔离软件包。这样一来,您就可以畅玩而不会污染全局python安装。

另外,virtualenv不需要提升的权限。

Use a virtual environment:

$ virtualenv myenv
.. some output ..
$ source myenv/bin/activate
(myenv) $ pip install what-i-want

You only use sudo or elevated permissions when you want to install stuff for the global, system-wide Python installation.

It is best to use a virtual environment which isolates packages for you. That way you can play around without polluting the global python install.

As a bonus, virtualenv does not need elevated permissions.


回答 1

它是可接受的安全运行pip installsudo

它不安全并且被皱着眉头–请参阅运行“ sudo pip”有什么风险? 要在主目录中安装Python软件包,您不需要root特权。见描述--user选项点子。

Is it acceptable & safe to run pip install under sudo?

It’s not safe and it’s being frowned upon – see What are the risks of running ‘sudo pip’? To install Python package in your home directory you don’t need root privileges. See description of --user option to pip.


回答 2

您最初的问题是pip无法将日志写入文件夹。

IOError: [Errno 13] Permission denied: '/Users/markwalker/Library/Logs/pip.log'

您需要将cd放入一个文件夹,在该文件夹中,调用的进程可以像/tmp这样写,cd /tmp然后重新调用该命令可能会起作用,但这不是您想要的。

实际上对于这种特殊情况(您不希望sudo用于安装python软件包)并且不需要全局软件包安装,可以使用如下--user标记:

pip install --user <packagename>

它会很好地工作。

我假设您具有一个用户python python安装,并且不想打扰有关virtualenv(不是很用户友好)或pipenv的阅读

正如评论部分中的某些人指出的那样,除非您不知道该怎么办并陷入困境,否则下一个方法不是一个好主意:

针对全局包的另一种方法例如您要执行的操作:

chown -R $USER /Library/Python/2.7/site-packages/

或更一般地

chown -R $USER <path to your global pip packages>

Your original problem is that pip cannot write the logs to the folder.

IOError: [Errno 13] Permission denied: '/Users/markwalker/Library/Logs/pip.log'

You need to cd into a folder in which the process invoked can write like /tmp so a cd /tmp and re invoking the command will probably work but is not what you want.

BUT actually for this particular case (you not wanting to use sudo for installing python packages) and no need for global package installs you can use the --user flag like this :

pip install --user <packagename>

and it will work just fine.

I assume you have a one user python python installation and do not want to bother with reading about virtualenv (which is not very userfriendly) or pipenv.

As some people in the comments section have pointed out the next approach is not a very good idea unless you do not know what to do and got stuck:

Another approach for global packages like in your case you want to do something like :

chown -R $USER /Library/Python/2.7/site-packages/

or more generally

chown -R $USER <path to your global pip packages>

回答 3

因为我遇到了同样的问题,所以我想强调一下,布莱恩·凯恩的第一条评论实际上是“ IOError:[Errno 13]”问题的解决方案:

如果在temp目录(cd /tmp)中执行,那么如果我运行IOError就不会再发生sudo pip install foo

Because I had the same problem, I want to stress that actually the first comment by Brian Cain is the solution to the “IOError: [Errno 13]”-problem:

If executed in the temp directory (cd /tmp), the IOError does not occur anymore if I run sudo pip install foo.


回答 4

virtualenvwrapper成功安装后,我在安装时遇到问题virtualenv

执行此操作后,我的终端抱怨:

pip install virtualenvwrapper

因此,我尝试失败(不推荐)

sudo pip install virtualenvwrapper

然后,我成功安装了它:

pip install --user virtualenvwrapper

I had a problem installing virtualenvwrapper after successfully installing virtualenv.

My terminal complained after I did this:

pip install virtualenvwrapper

So, I unsuccessfully tried this (NOT RECOMMENDED):

sudo pip install virtualenvwrapper

Then, I successfully installed it with this:

pip install --user virtualenvwrapper

回答 5

看来您的权限搞砸了。键入chown -R markwalker ~在终端和尝试pip一次?让我知道您是否已排序。

It looks like your permissions are messed up. Type chown -R markwalker ~ in the Terminal and try pip again? Let me know if you’re sorted.


运行“ sudo pip”有什么风险?

问题:运行“ sudo pip”有什么风险?

有时,我会遇到一些评论或回应,它们强调说pipsudo“错误”或“不良”情况下运行,但在某些情况下(包括我设置了一堆工具的方式),情况可能要简单得多,甚至有必要这样运行。

什么是与运行相关的风险pipsudo


请注意,这个问题与这个问题不同,尽管有标题,但没有提供有关风险的信息。这也不是关于如何避免使用的问题sudo,而是关于为什么要使用的问题。

Occasionally I run into comments or responses that state emphatically that running pip under sudo is “wrong” or “bad”, but there are cases (including the way I have a bunch of tools set up) where it is either much simpler, or even necessary to run it that way.

What are the risks associated with running pip under sudo?


Note that this in not the same question as this one, which, despite the title, provides no information about risks. This also isn’t a question about how to avoid using sudo, but about specifically why one would want to.


回答 0

当您pip使用时sudo,您会setup.py使用sudo。换句话说,您可以从互联网上以根用户身份运行任意Python代码。如果有人在PyPI上放置了一个恶意项目,然后安装了该项目,则可以使攻击者具有对计算机的根访问权限。在对pipPyPI和PyPI 进行一些最新修复之前,攻击者还可能在您下载值得信赖的项目时,在中间攻击中让一名男子注入他们的代码。

When you run pip with sudo, you run setup.py with sudo. In other words, you run arbitrary Python code from the Internet as root. If someone puts up a malicious project on PyPI and you install it, you give an attacker root access to your machine. Prior to some recent fixes to pip and PyPI, an attacker could also run a man in the middle attack to inject their code when you download a trustworthy project.


回答 1

除了明显的安全风险(我认为安装已知的软件时,风险实际上较低)之外,还有其他原因。系统随附的Python是该系统的一部分,当您要管理系统时,可以使用专为系统维护而设计的工具,例如在安装/升级/卸载软件时的软件包管理器。当您开始使用第三方工具(在本例中为pip)修改系统软件时,就无法保证系统状态。另一个原因是,sudo可能会给您带来问题,否则您将没有机会或很少会有其他问题。例如,请参阅python中sys.executable和sys.version之间的不匹配

发行版已意识到此问题,并尝试减轻它。例如,Fedora – 使sudo pip安全; Debian – dist-packages而不是site-packages

Besides obvious security risks (which I think are in fact low when you install software you know) brought in other answers there is another reason. Python that comes with the system is part of this system and when you want to manage system you use tools designated for system maintenance like package manager in case of installing/upgrading/uninstalling software. When you start to modify system’s software with third party tools (pip in this instance) then you have no guarantee about the state of your system. Yet another reason is that sudo can bring you problems you wouldn’t have a chance or have a very small chance to have otherwise. See for example Mismatch between sys.executable and sys.version in Python

Distros are aware of this problem and try to mitigate it. For example Fedora – Making sudo pip safe and Debian – dist-packages instead of site-packages.


回答 2

以这种方式使用pip意味着您可以信任它到允许它对系统进行任何操作的程度。不仅是点子,而且还会从您可能不信任的来源下载并执行的任何代码,这可能是恶意的。

pip不需要所有这些特权,只需要对特定文件和目录的写权限。如果您不能使用系统的程序包管理器并且不想使用虚拟环境,则可以创建一个对python安装目录具有写权限的特定用户,并将其用于pip。这样,您可以更好地控制可以做什么和不可以做什么。您可以使用sudo -u它!

Using pip that way means you trust it to the level you allow it to make anything to your system. Not only pip, but also any code it will download and execute from sources you may not trust and that can be malicious.

And pip doesn’t need all that privileges, only the write access to specific files and directories. If you can’t use your system’s package manager and do not want to go the virtual environment way, you may create a specific user that has write privilege to the python installation directory and use it for pip. That way you better control what can pip do and not do. And you can use sudo -u for that!


回答 3

唯一“错误”的地方sudo是,它确实是以超级用户ala根身份运行的,这意味着您可能使用错误的命令破坏安装。由于PIP是特定程序的软件包维护,因此无论如何都需要这种访问权限才能进行更改…

The only thing “wrong” with sudo is that it, well, DOes as Super User ala root meaning you can potentially destroy an installation with the wrong command. As PIP is a package maintenance for a particular program you would need such access anyhow to make changes…


pip安装:请检查该目录的权限和所有者

问题:pip安装:请检查该目录的权限和所有者

在安装pip和python时,我遇到了一个提示:

目录“ / Users / Parthenon / Library / Logs / pi”或其父目录不属于当前用户,并且调试日志已禁用。请检查该目录的权限和所有者。如果使用sudo执行pip,则可能需要-H标志。

因为我现在必须使用安装sudo

我的Mac上已经安装了python和一些库,我正在运行Yosemite。最近,我不得不进行彻底擦拭,然后重新安装操作系统。现在,我收到此提示,并且在弄清楚如何更改它时遇到了麻烦

我的命令行是以前Parthenon$,现在是Philips-MBP:~ Parthenon$

我是这台计算机的唯一所有者,这是计算机上的唯一帐户。升级到python 3.4时,这似乎是个问题,似乎什么都没在正确的地方,virtualenv不会到达我期望的位置,等等。

While installing pip and python I have ran into a that says:

The directory ‘/Users/Parthenon/Library/Logs/pi’ or its parent directory is not owned by the current user and the debug log has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want the -H flag.

because I now have to install using sudo.

I had python and a handful of libraries already installed on my Mac, I’m running Yosemite. I recently had to do a clean wipe and then reinstall of the OS. Now I’m getting this prompt and I’m having trouble figuring out how to change it

Before my command line was Parthenon$ now it’s Philips-MBP:~ Parthenon$

I am the sole owner of this computer and this is the only account on it. This seems to be a problem when upgrading to python 3.4, nothing seems to be in the right place, virtualenv isn’t going where I expect it to, etc.


回答 0

从运行pip到Windows时,我在Mac上也看到了这种变化sudo pip。添加-H到sudo会使该消息对我消失。例如

sudo -H pip install foo

man sudo告诉我-H原因sudo设置$HOME为目标用户(在这种情况下为root)。

因此,似乎pip正在调查,$HOME/Library/Log并且sudo默认情况下未将其设置$HOME/root/。毫不奇怪~/Library/Log,您是用户而不是root。

我怀疑这是最近的点差变化。我现在将其运行sudo -H以解决该问题。

I also saw this change on my Mac when I went from running pip to sudo pip. Adding -H to sudo causes the message to go away for me. E.g.

sudo -H pip install foo

man sudo tells me that -H causes sudo to set $HOME to the target users (root in this case).

So it appears pip is looking into $HOME/Library/Log and sudo by default isn’t setting $HOME to /root/. Not surprisingly ~/Library/Log is owned by you as a user rather than root.

I suspect this is some recent change in pip. I’ll run it with sudo -H for now to work around.


回答 1

这里的问题是,您以某种方式将其安装到virtualenv中sudo。可能是偶然的。这意味着root用户将重写Python软件包数据,从而使所有文件均由root拥有,而您的普通用户将无法再写入这些文件。通常,virtualenv仅应由普通的UNIX用户使用和拥有。

您可以通过将UNIX文件权限包更改为用户来解决此问题。尝试:

$ sudo chown -R USERNAME /Users/USERNAME/Library/Logs/pip
$ sudo chown -R USERNAME /Users/USERNAME/Library/Caches/pip

然后pip应该能够再次写入这些文件。

有关UNIX文件权限管理的更多信息

What is the problem here is that you somehow installed into virtualenv using sudo. Probably by accident. This means root user will rewrite Python package data, making all file owned by root and your normal user cannot write those files anymore. Usually virtualenv should be used and owned by your normal UNIX user only.

You can fix the issue by changing UNIX file permissions pack to your user. Try:

$ sudo chown -R USERNAME /Users/USERNAME/Library/Logs/pip
$ sudo chown -R USERNAME /Users/USERNAME/Library/Caches/pip

then pip should be able to write those files again.

More information about UNIX file permission management


回答 2

pip install --user <package name> (无需sudo)为我解决了一个非常类似的问题。

pip install --user <package name> (no sudo needed) worked for me for a very similar problem.


回答 3

基本信息

  • 系统:mac os 18.0.0
  • 当前用户:yutou

钥匙

  1. 将当前帐户添加到车轮组
sudo dscl . -append /Groups/wheel wheel $(whoami)
  1. 将python封装模式修改为775。
chmod -R 775 ${this_is_your_python_package_path}

整个东西

  • 当python3编译良好时,信息就像问题所言。
  • 我尝试使用pip3 install requests并得到:
File "/usr/local/python3/lib/python3.6/os.py", line 220, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: 
'/usr/local/python3/lib/python3.6/site-packages/requests'
  • 所以我cd /usr/local/python3/lib/python3.6/site-packages,然后ls -al得到:
drwxr-xr-x    6 root   wheel   192B  2 27 18:06 requests/

当我看到此消息时,我了解到,makedirs是写操作,但是drwxrwxr-x只有用户root才能显示的请求模式才能写入请求文件。如果将yutou(whoami)添加到组合轮,然后将包修改为组合轮可以写,那么我可以写,并且问题解决了。

如何在组轮中添加yutou?+检测车轮sudo dscl . -list /groups GroupMembership,,您会发现:

wheel                    root

小组轮只有一个成员根。+将yutou添加到分组轮,sudo dscl . -append /Groups/wheel wheel yutou。+检查sudo dscl . -list /groups GroupMembership

wheel                    root yutou

修改python包模式

chmod -R 775 /usr/local/python3/lib/python3.6

basic info

  • system: mac os 18.0.0
  • current user: yutou

the key

  1. add the current account to wheel group
sudo dscl . -append /Groups/wheel wheel $(whoami)
  1. modify python package mode to 775.
chmod -R 775 ${this_is_your_python_package_path}

the whole thing

  • when python3 compiled well, the infomation is just like the question said.
  • I try to use pip3 install requests and got:
File "/usr/local/python3/lib/python3.6/os.py", line 220, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: 
'/usr/local/python3/lib/python3.6/site-packages/requests'
  • so i cd /usr/local/python3/lib/python3.6/site-packages, then ls -al and got:
drwxr-xr-x    6 root   wheel   192B  2 27 18:06 requests/

when i saw this, i understood, makedirs is an action of write, but the requests mode drwxrwxr-x displaied only user root can write the requests file. If add yutou(whoami) to the group wheel, and modify the package to the group wheel can write, then i can write, and the problem solved.

How to add yutou to group wheel? + detect group wheel, sudo dscl . -list /groups GroupMembership, you will find:

wheel                    root

the group wheel only one member root. + add yutou to group wheel, sudo dscl . -append /Groups/wheel wheel yutou. + check, sudo dscl . -list /groups GroupMembership:

wheel                    root yutou

modify the python package mode

chmod -R 775 /usr/local/python3/lib/python3.6

回答 4

如果您更改了$ PATH变量,也可能会导致问题。如果您认为可能是问题所在,请检查〜/ .bash_profile或〜/ .bashrc

If you altered your $PATH variable that could also cause the problem. If you think that might be the issue, check your ~/.bash_profile or ~/.bashrc