Linked Questions

Popular Questions

How to use ACLs to facilitate multi-user conda system

Asked by At

I'm trying to figure out a way to set up a multi-user conda system in which

  • There exists a conda group
  • Users can be added to the conda group
  • Users can create shared environments and install packages in the central conda location

The problem is that by default, when a user alters the conda "world," the new additions belong to that users group.

I would like to use ACLs to set the default group.

I set the sticky bit so that files will default to parent permissions, and confirmed this with

(base) [email protected]:/home/conda/conda$ groups
user2 conda
(base) [email protected]:/home/conda/conda$ mkdir test
(base) [email protected]:/home/conda/conda$ ll test
total 8
drwxrwsr-x+  2 user2  conda 4096 Feb  6 20:43 ./
drwxrwsr-x+ 14 balter conda 4096 Feb  6 20:43 ../

I also applied the following ACLs:

(base) [email protected]:/home/conda$ getfacl conda
# file: conda
# owner: balter
# group: conda
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:conda:rwx
default:mask::rwx
default:other::r-x

However, user2 still cannot create a new environment:

(base) [email protected]:/home/conda$ conda create -n env2
Solving environment: done

NotWritableError: The current user does not have write permissions to a required path.
  path: /home/conda/conda/pkgs/cache/2ce54b42.json
  uid: 1002
  gid: 1002

If you feel that permissions on this path are set incorrectly, you can manually
change them by executing

  $ sudo chown 1002:1002 /home/conda/conda/pkgs/cache/2ce54b42.json

In general, it's not advisable to use 'sudo conda'.


[email protected]:/home/conda$ ls -al /home/conda/conda/pkgs/cache/2ce54b42.json
-rwxrwxr-x 1 balter conda 2990059 Feb  6 20:55 /home/conda/conda/pkgs/cache/2ce54b42.json

How do I tweak the ACLs and permissions to allow this?

Related Questions