Add an opt-out for the “running as root” warning

[hholst80]

What's the problem this feature will solve?

I want to be able to manually remove the warning pip spews out during package installation in root environment:

Running pip as the 'root' user can result in broken permissions and conflicting behaviour ..

Describe the solution you'd like

I want to be able to disable this warning through an environment variable like

env PIP_DISABLE_ROOT_WARNING=1 pip install flask

Alternative Solutions

No in tool workaround known to me.

Additional context

We are all adults here, I know what I am doing and I do not want to see a warning every time I run my build system. Let me disable the warning by setting an environment variable. I do not want my users to think there is anything wrong my system just because of the pip tool spews out indiscriminate warning messages.

Code of Conduct

• I agree to follow the PSF Code of Conduct.

[pradyunsg]

This was proposed in #6409, was implemented in #9394 and has been discussed in #10028. There's likely a lot more discussions, but I ain't spending more of my time digging those up.

Quoting myself from #10028 (comment):

I don't think there is a way to make it possible for experienced users to not see this warning while also making sure that it serves the purpose of getting inexperienced users to understand that they should not do this in general.

Do read the linked comment above, before responding.

If you have a response that's different from "I don't like warnings." -> "Gimme an escape hatch." (which will become the top-voted Stackoverflow answer, likely without sufficient context to help inexperienced users) -- color me very interested.

[pradyunsg]

Until something like PEP 668 is implemented and generally available to the point that I am comfortable with dropping this warning, I don't think it is a good idea to provide an escape hatch.

I do not want my users to think there is anything wrong my system just because of the pip tool spews out indiscriminate warning messages.

There is a risk though. If you run sudo pip install that modifies $package and your OS depends on $package, you've quite possibly broken your OS.

I'll note that I'm speaking for myself, and not the other pip maintainers.

[pfmoore]

FWIW, I agree. I think that the warning helps more people than it inconveniences. And anyway, the people who know enough to be sure that they are safe are also capable of suppressing the warning (pip install 2>&1 | grep -v "pip as the 'root' user", for example, although IMO anyone who couldn't have constructed that themselves probably doesn't fully understand the risks of running pip as root...).

[hholst80]

Suggestion: If the log warning is made into a warning via the "warnings" module I can solve this within the existing framework of that. Or, if that is not feasible, check for /.dockerenv and if that exists do not spew out a warning because it is a hosted container environment and most likely the user is running a python environment based on pip, knows what they are doing, or a combination of both.

https://docs.python.org/3/library/warnings.html

[pradyunsg]

pip/src/pip/_internal/cli/req_command.py

Lines 179 to 184 in a07bfb3

	logger.warning(
	"Running pip as the 'root' user can result in broken permissions and "
	"conflicting behaviour with the system package manager. "
	"It is recommended to use a virtual environment instead: "
	"https://pip.pypa.io/warnings/venv"
	)

It's done through the logging module, although, we might change how we output things in the future. :)

[potiuk]

Yeah. Checking if you are in container environment would solve vast majority of problems of people who want this warning removed. I think "running root in container" is equally good reason to skip the warning as "running root in cygwin" or "running on windows". Happy to make PR if I know there is a consensus for that one.

[potiuk]

Or maybe even just changing the message to say "If you are in container, it's usualy OK to run pip as root". That woudl be more "factual".

[pfmoore]

Please, can we not have this debate again? Others have already proposed "disable the warning if you're in a container" and we've responded to that (no, the warning is still valid there - I'm quoting others as my personal experience with containers is limited, so don't bother trying to engage me in debate over this). Repeating arguments that you could have found by searching the tracker for previous discussion on this topic isn't likely to change anyone's mind here...

[potiuk]

Well. I do follow that discussion and I have not noticed that. Really sorry I should have checked more carefully.

But I have not seen anyone propose better error description, one that might help people who wonder if the warning is valid for them or not. I think you should be empathetic towards people who have their own users, and have to continue explaining them "Yeah the warning is there, but this is container so this is right". How about explicitly adding explanation that in container it is likely ok ? Still warning, a more reasonable message actually reflecting the reality. What's wrong with that?