Administering a multi-user conda installation#

By default, conda and all of the packages it installs are installed locally with a user-specific configuration. Administrative privileges are not required, and no upstream files or other users are affected by the installation.

You can make conda and any number of packages available to a group of one or more users, while preventing these users from installing unwanted packages with conda:

  1. Install conda and the allowed packages, if any, in a location that is under administrator control and accessible to users.

  2. Create a .condarc system configuration file in the root directory of the installation. This system-level configuration file will override any user-level configuration files installed by the user.

Each user accesses the central conda installation, which reads settings from the user .condarc configuration file located in their home directory. The path to the user file is the same as the root environment prefix displayed by conda info, as shown in User configuration file below. The user .condarc file is limited by the system .condarc file.

System configuration settings are commonly used in a system .condarc file but may also be used in a user .condarc file. All user configuration settings may also be used in a system .condarc file.

For information about settings in the .condarc file, see Using the .condarc conda configuration file.

Example administrator-controlled installation#

The following example describes how to view the system configuration file, review the settings, compare it to a user's configuration file, and determine what happens when the user attempts to access a file from a blocked channel. It then describes how the user must modify their configuration file to access the channels allowed by the administrator.

System configuration file#

  1. The system configuration file must be in the top-level conda installation directory. Check the path where conda is located:

    $ which conda
  2. View the contents of the .condarc file in the administrator's directory:

    cat /tmp/miniconda/.condarc

    The following administrative .condarc file uses the #!final flag to specify the channels, default channels, and channel_alias available to the user.

    $ cat /tmp/miniconda/.condarc
    channels:                                   #!final
      - admin
    channel_alias:  #!final

The #!final flag is very similar to the !important rule in CSS; any parameter within the .condarc that is trailed by the #!final cannot be overwritten by any other .condarc source. For more information on this flag, see the Anaconda Blog on the subject.

Because the #!final flag has been used and the channel defaults are not explicitly specified, users are disallowed from downloading packages from the default channels. You can check this in the next procedure.

User configuration file#

  1. Check the location of the user's conda installation:

    $ conda info
    Current conda install:
    . . .
           channel URLs :
           config file : /Users/username/.condarc

    The conda info command shows that conda is using the user's .condarc file, located at /Users/username/.condarc and that the default channels such as are listed as channel URLs.

  2. View the contents of the administrative .condarc file in the directory that was located in step 1:

    $ cat ~/.condarc
      - defaults

    This user's .condarc file specifies only the default channels, but the administrator config file has blocked default channels by specifying that only admin is allowed. If this user attempts to search for a package in the default channels, they get a message telling them what channels are allowed:

    $ conda search flask
    Fetching package metadata:
    Error: URL '' not
    in allowed channels.
    Allowed channels are:

    This error message tells the user to add the admin channel to their configuration file.

  3. The user must edit their local .condarc configuration file to access the package through the admin channel:

      - admin

    The user can now search for packages in the allowed admin channel.