easybuilders / easybuild-docs

EasyBuild documentation (mkdocs)
https://docs.easybuild.io
GNU General Public License v2.0
3 stars 23 forks source link

python software should really be installed in an environment - and not system wide (documentation improvement needed in my eyes) #254

Open DetlevCM opened 6 months ago

DetlevCM commented 6 months ago

Testing EasyBuild for work, the documentation concerning the installation here ( http://docs.easybuild.io/installation/#sanity-check ) has left me a bit incredulous...

Python software should really only ever be installed in an environment - especially when pip is involved - that creating a dedicated environment is not recommended is quite disappointin to me.

Further, the idea of installing it system wide using pip under sudo sounds like an even worse idea to me... - There should never ever be a need to install something like EasyBuild using root privileges... This can be be installed in a directory that is readable to other users if needed. For example one could create a directory in /opt, make it writable to the main user with world read/execute permissions is this is needed on a system wide basis (ideally again in an environment). But this really should not be installed using sudo...

ocaisa commented 6 months ago

Where does it say it should be installed with sudo?

ocaisa commented 6 months ago

Sorry, I see it now. But of course you would never have rights to do this as a normal user. That indeed should not be presented like that

ocaisa commented 6 months ago

Of course we are well aware that you shouldn't install things with root, and EasyBuild installations are not meant to be installed with root. Per user request, we do have an option for EasyBuild that allows you to do that, --allow-use-as-root-and-accept-consequences which hopefully makes clear what a bad idea we think that is

DetlevCM commented 6 months ago

Sorry, I see it now. But of course you would never have rights to do this as a normal user. That indeed should not be presented like that

Well, I do have the ability to install things are root, so...

Following up on your second response, I don't see any mention of the "allow as root" on the page I linked.

Indeed, at times things need to be run as root when they should not be, and in this case having the option is good. Though that needs appropriate warnings.

And as mentioned, I'd also worry about setting anything in python up without a (virtual) environment. It would be best practice to set up an easy build virtual environment and install easybuild within this environment (as I have done).

ocaisa commented 6 months ago

I think you are in danger of conflating the EasyBuild installation (a python package) with the installations that EasyBuild does. Our spectrum of users have different preferences, some might install EasyBuild with a virtualenv, some systemwide, some bootstrap with a virtualenv and install EasyBuild with EasyBuild so that EasyBuild can manage itself (my personal preference). We can support all these preferences so we do.

This is completely separate to what EasyBuild itself does when installing software packages. What happens exactly at that point depends on your configuration of EasyBuild (for which there are a huge number of options, including the unrecommended --allow-use-as-root-and-accept-consequences).

DetlevCM commented 6 months ago

(Apologies @DetlevCM I accidentally edited your response rather than hit Quote reply, restored based on what I received in my Inbox)

I think you are in danger of conflating the EasyBuild installation (a python package) with the installations that EasyBuild does. Our spectrum of users have different preferences, some might install EasyBuild with a virtualenv, some systemwide, some bootstrap with a virtualenv and install EasyBuild with EasyBuild so that EasyBuild can manage itself (my personal preference). We can support all these preferences so we do.

This is completely separate to what EasyBuild itself does when installing software packages. What happens exactly at that point depends on your configuration of EasyBuild (for which there are a huge number of options, including the unrecommended --allow-use-as-root-and-accept-consequences).

I think that (actively maintained) open source projects should suggest best practices and not risk creating a mess on user's systems - which is highly likely with Python... (Between version changes, dependency management that installs and accumulates packages with pip...) Then there is the security aspect too: unless I start and review all code (and there is no chance of that happening) I have to trust you (the developers) that the installation of EasyBuild via pip will not have any unintended consequences or malicious side effects. -> Running it as a user reduces this problem because it limits the scope to user space. So again, we come back to the best practice to ideally not running thing as root unless truly necessary.

And EasyBuild does not need root: not for installing EasyBuild itself, not for the later installation of modules (if correctly configured).

ocaisa commented 6 months ago

I think that (actively maintained) open source projects should suggest best practices and not risk creating a mess on user's systems - which is highly likely with Python... (Between version changes, dependency management that installs and accumulates packages with pip...)

You are (most likely) an experienced Python user, and have experience with venv. There are many EasyBuild users who are not and we have to meet them where they are, not where we want them to be. In the documentation we explicitly call out what you have mentioned in a Note block under the installation with pip section. If you think this is not clear enough, then we are open to suggestions (and PRs).

Then there is the security aspect too: unless I start and review all code (and there is no chance of that happening) I have to trust you (the developers) that the installation of EasyBuild via pip will not have any unintended consequences or malicious side effects.

Of course, this is also true of any package that gets installed on the system, including via a package manager.

-> Running it as a user reduces this problem because it limits the scope to user space. So again, we come back to the best practice to ideally not running thing as root unless truly necessary.

We are very aware of this, EasyBuild is a tool that has always been intended to run in user space. It's clear that you are most likely an experienced Linux user, We are completely open to pull requests for improvements to our documentation. Like many other open source projects it is one part of our project that perhaps doesn't get enough attention. Remember that we have many users who are not as experienced as you though.