I'm trying to figure out a way to set up a multi-user conda system in which
- There exists a
conda
group - Users can be added to the
conda
group - Users can create shared environments and install packages in the central conda location
The problem is that by default, when a user alters the conda "world," the new additions belong to that users group.
I would like to use ACLs to set the default group.
I set the sticky bit so that files will default to parent permissions, and confirmed this with
(base) [email protected]:/home/conda/conda$ groups
user2 conda
(base) [email protected]:/home/conda/conda$ mkdir test
(base) [email protected]:/home/conda/conda$ ll test
total 8
drwxrwsr-x+ 2 user2 conda 4096 Feb 6 20:43 ./
drwxrwsr-x+ 14 balter conda 4096 Feb 6 20:43 ../
I also applied the following ACLs:
(base) [email protected]:/home/conda$ getfacl conda
# file: conda
# owner: balter
# group: conda
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:conda:rwx
default:mask::rwx
default:other::r-x
However, user2
still cannot create a new environment:
(base) [email protected]:/home/conda$ conda create -n env2
Solving environment: done
NotWritableError: The current user does not have write permissions to a required path.
path: /home/conda/conda/pkgs/cache/2ce54b42.json
uid: 1002
gid: 1002
If you feel that permissions on this path are set incorrectly, you can manually
change them by executing
$ sudo chown 1002:1002 /home/conda/conda/pkgs/cache/2ce54b42.json
In general, it's not advisable to use 'sudo conda'.
[email protected]:/home/conda$ ls -al /home/conda/conda/pkgs/cache/2ce54b42.json
-rwxrwxr-x 1 balter conda 2990059 Feb 6 20:55 /home/conda/conda/pkgs/cache/2ce54b42.json
How do I tweak the ACLs and permissions to allow this?