accidentally installed pip or pip3 as root

Discussion:

(too old to reply)

Jake M

2024-01-17 08:42:58 UTC

I accidentally installed pip or pip3 as root and got the warning about
possible danger to my system. Therefore, I'd like to remove it. Please
let me know the best commands and thanks in advance.

Paul

2024-01-17 14:09:54 UTC

Permalink

Post by Jake M
I accidentally installed pip or pip3 as root and got the warning about
possible danger to my system. Therefore, I'd like to remove it. Please
let me know the best commands and thanks in advance.

https://www.getpagespeed.com/server-setup/do-not-run-pip-as-root

"Now, pip is the installer/manager for Python modules available via PyPI.

But it has no idea whatsoever about your package manager.
It has no idea about RPM format either, nor about what you already
have installed through the system (yum) packages.

So when you invoke pip as root, it will more than likely overwrite Python modules
that were installed via system packages.

The result of running pip as root, would be a dirty mix of Python modules
installed via yum package management, and pip installed Python modules.

Example of breakage
...
"

So if you ran "pip" as root again, did "pip remove",
then I would expect damage where a system version of a
file would be removed. Then if you used the package management
to remove pip locally, now you'd have a gap-toothed set of
system python packages.

Which is better then ? To have "pip remove" the erroneous files,
or have non-root "pip remove" leave the tainted (unknown version)
of a file put there instead ? Now you need a means to have your
package manager reinstall all the system modules.

When a software developer knows that root usage is destructive,
not only should they issue a warning, they should "drop dead" on
the spot, and stop doing shit. If the activity serves no useful
purpose (damaging tree-installed content), what the hell ? There
are already some other softwares on your machine, that check for
root invocation and deny it.

( Um, yeah, this looks safe. An official version of this approach might be nice. )

https://askubuntu.com/questions/57682/find-and-reinstall-packages-with-corrupted-files-without-breaking-anything

Summary: All I've tried to do here, is find an example of what the
damage mechanism is. You're the administrator, and now it
is up to you to deal with a malicious case of tree damage.
Reinstalling packages is one way to un-taint them.

Even modifying a script to just produce a scan of the tree
without fixing anything, is a start.

Paul

Henry Crun

2024-01-17 14:54:34 UTC

Permalink

I accidentally installed pip or pip3 as root and got the warning about possible danger to my system. Therefore, I'd
like to remove it. Please let me know the best commands and thanks in advance.

Easiest: How old is your latest full backup? (solution left as an exercise for the administrator.)
Otherwise you are liable to find youself in a maze of twisty passages, all alike...

--
No Micro$oft products were used in the URLs above, or in preparing this message. Recommended reading:
http://www.catb.org/~esr/faqs/smart-questions.html#befor

Jake M

2024-01-17 20:29:26 UTC

Permalink

Post by Henry Crun

Post by Jake M
I accidentally installed pip or pip3 as root and got the warning about
possible danger to my system. Therefore, I'd like to remove it.
Please let me know the best commands and thanks in advance.

Easiest: How old is your latest full backup? (solution left as an
exercise for the administrator.)
Otherwise you are liable to find youself in a maze of twisty passages, all alike...

backup is a few months old, but hard drive to hard drive thorough
Clonezilla, so backing up this hard drive first on a separate external
hard drive. Once the slightly older back up is restored from another
hard drive, I'll have the current hard drive already backed up and
available to transfer files. Not much has changed other than a couple
of new programs and some program configurations.

What a shame that I got the warning after the fact as I think Paul was
alluding to. Oh well, lesson learned. I didn't even have pip installed
anyway and only did so for a recent script requirement, but won't be
running the

Jake M

2024-01-17 21:20:33 UTC

Permalink

Post by Henry Crun

Post by Jake M
I accidentally installed pip or pip3 as root and got the warning about
possible danger to my system. Therefore, I'd like to remove it.
Please let me know the best commands and thanks in advance.

Easiest: How old is your latest full backup? (solution left as an
exercise for the administrator.)
Otherwise you are liable to find youself in a maze of twisty passages, all alike...

One last thing I forgot to ask is how I can determine where pip was
installed? It's possible I did not install it (or pip3) to root, so it
wouldn't hurt to be sure before reinstalling my backup. Thank

Jonathan N. Little

2024-01-18 01:29:23 UTC

Permalink

Post by Jake M
One last thing I forgot to ask is how I can determine where pip was
installed? It's possible I did not install it (or pip3) to root, so it
wouldn't hurt to be sure before reinstalling my backup. Thanks.

which pip3
/usr/bin/pip3

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Jake M

2024-01-18 01:43:59 UTC

Permalink

Post by Jonathan N. Little

which pip3
/usr/bin/pip3

Thanks. I get both /usr/bin/pip and /usr/bin/pip3 so it

Jonathan N. Little

2024-01-18 17:07:43 UTC

Permalink

Post by Jonathan N. Little

which pip3
/usr/bin/pip3

Thanks. I get both /usr/bin/pip and /usr/bin/pip3 so it looks like it's
on root after all, correct?

Yep. It is installed via package:

sudo apt install python3-pip

I think where the security issue may be if you are installing packages
globally or local to your user profile.

sudo pip3 install PACKAGE

will install it globally, whereas:

pip3 install PACKAGE

installs it only for your profile under ~/.local/bin/

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com