Administering a multi-user conda installation#
By default, conda and all packages it installs, including Anaconda, are installed locally with a user-specific configuration. Administrative privileges are not required, and no upstream files or other users are affected by the installation.
You can make conda and any number of packages available to a group of one or more users, while preventing these users from installing unwanted packages with conda:
Install conda and the allowed packages, if any, in a location that is under administrator control and accessible to users.
Create a .condarc system configuration file in the root directory of the installation. This system-level configuration file will override any user-level configuration files installed by the user.
Each user accesses the central conda installation, which reads
settings from the user
.condarc configuration file located
in their home directory. The path to the user file is the same
as the root environment prefix displayed by
as shown in User configuration file below. The user
.condarc file is limited by the system
System configuration settings are commonly used in a
.condarc file but may also be used in a
.condarc file. All user configuration settings may
also be used in a system
For information about settings in the
see Using the .condarc conda configuration file.
Example administrator-controlled installation#
The following example describes how to view the system configuration file, review the settings, compare it to a user's configuration file, and determine what happens when the user attempts to access a file from a blocked channel. It then describes how the user must modify their configuration file to access the channels allowed by the administrator.
System configuration file#
The system configuration file must be in the top-level conda installation directory. Check the path where conda is located:
$ which conda /tmp/miniconda/bin/conda
View the contents of the
.condarcfile in the administrator's directory:
The following administrative
.condarcfile uses the
#!finalflag to specify the channels, default channels, and channel_alias available to the user.
$ cat /tmp/miniconda/.condarc channels: #!final - admin channel_alias: https://conda.anaconda.org/ #!final
#!final flag is very similar to the
rule in CSS; any parameter within the
.condarc that is
trailed by the
#!final cannot be overwritten by any other
.condarc source. For more information on this flag, see the
on the subject.
#!final flag has been used and the channel
defaults are not explicitly specified, users are disallowed
from downloading packages from the default channels. You can
check this in the next procedure.
User configuration file#
Check the location of the user's conda installation:
$ conda info Current conda install: . . . channel URLs : https://repo.anaconda.com/pkgs/free/osx-64/ https://repo.anaconda.com/pkgs/pro/osx-64/ config file : /Users/username/.condarc
conda infocommand shows that conda is using the user's
.condarcfile, located at
/Users/username/.condarcand that the default channels such as
repo.anaconda.comare listed as channel URLs.
View the contents of the administrative
.condarcfile in the directory that was located in step 1:
$ cat ~/.condarc channels: - defaults
.condarcfile specifies only the default channels, but the administrator config file has blocked default channels by specifying that only
adminis allowed. If this user attempts to search for a package in the default channels, they get a message telling them what channels are allowed:
$ conda search flask Fetching package metadata: Error: URL 'http://repo.anaconda.com/pkgs/pro/osx-64/' not in allowed channels. Allowed channels are: - https://conda.anaconda.org/admin/osx-64/
This error message tells the user to add the
adminchannel to their configuration file.
The user must edit their local
.condarcconfiguration file to access the package through the admin channel:
channels: - admin
The user can now search for packages in the allowed