Forum: War Ensemble BBS

accidentally installed pip or pip3 as root

From Jake M@mill45@fla.net to alt.os.linux.ubuntu on Wed Jan 17 03:42:58 2024

From Newsgroup: alt.os.linux.ubuntu

I accidentally installed pip or pip3 as root and got the warning about possible danger to my system. Therefore, I'd like to remove it. Please
let me know the best commands and thanks in advance.
--- Synchronet 3.20a-Linux NewsLink 1.114

From Paul@nospam@needed.invalid to alt.os.linux.ubuntu on Wed Jan 17 09:09:54 2024

From Newsgroup: alt.os.linux.ubuntu

On 1/17/2024 3:42 AM, Jake M wrote:

I accidentally installed pip or pip3 as root and got the warning about possible danger to my system. Therefore, I'd like to remove it. Please let me know the best commands and thanks in advance.

https://www.getpagespeed.com/server-setup/do-not-run-pip-as-root

"Now, pip is the installer/manager for Python modules available via PyPI.

But it has no idea whatsoever about your package manager.
It has no idea about RPM format either, nor about what you already
have installed through the system (yum) packages.

So when you invoke pip as root, it will more than likely overwrite Python modules
that were installed via system packages.

The result of running pip as root, would be a dirty mix of Python modules
installed via yum package management, and pip installed Python modules.

Example of breakage
...
"

So if you ran "pip" as root again, did "pip remove",
then I would expect damage where a system version of a
file would be removed. Then if you used the package management
to remove pip locally, now you'd have a gap-toothed set of
system python packages.

Which is better then ? To have "pip remove" the erroneous files,
or have non-root "pip remove" leave the tainted (unknown version)
of a file put there instead ? Now you need a means to have your
package manager reinstall all the system modules.

When a software developer knows that root usage is destructive,
not only should they issue a warning, they should "drop dead" on
the spot, and stop doing shit. If the activity serves no useful
purpose (damaging tree-installed content), what the hell ? There
are already some other softwares on your machine, that check for
root invocation and deny it.

( Um, yeah, this looks safe. An official version of this approach might be nice. )

https://askubuntu.com/questions/57682/find-and-reinstall-packages-with-corrupted-files-without-breaking-anything

Summary: All I've tried to do here, is find an example of what the
damage mechanism is. You're the administrator, and now it
is up to you to deal with a malicious case of tree damage.
Reinstalling packages is one way to un-taint them.

Even modifying a script to just produce a scan of the tree
without fixing anything, is a start.

Paul
--- Synchronet 3.20a-Linux NewsLink 1.114

From Henry Crun@mike@rechtman.com to alt.os.linux.ubuntu on Wed Jan 17 16:54:34 2024

From Newsgroup: alt.os.linux.ubuntu

On 17/01/2024 10:42, Jake M wrote:

I accidentally installed pip or pip3 as root and got the warning about possible danger to my system. Therefore, I'd
like to remove it. Please let me know the best commands and thanks in advance.

Easiest: How old is your latest full backup? (solution left as an exercise for the administrator.)
Otherwise you are liable to find youself in a maze of twisty passages, all alike...
--
No Micro$oft products were used in the URLs above, or in preparing this message. Recommended reading:
http://www.catb.org/~esr/faqs/smart-questions.html#befor

--- Synchronet 3.20a-Linux NewsLink 1.114

From Jake M@mill45@fla.net to alt.os.linux.ubuntu on Wed Jan 17 15:29:26 2024

From Newsgroup: alt.os.linux.ubuntu

On 1/17/24 9:54 AM, Henry Crun wrote:

On 17/01/2024 10:42, Jake M wrote:

I accidentally installed pip or pip3 as root and got the warning about
possible danger to my system. Therefore, I'd like to remove it.
Please let me know the best commands and thanks in advance.

Easiest: How old is your latest full backup? (solution left as an
exercise for the administrator.)
Otherwise you are liable to find youself in a maze of twisty passages,
all alike...

backup is a few months old, but hard drive to hard drive thorough
Clonezilla, so backing up this hard drive first on a separate external
hard drive. Once the slightly older back up is restored from another
hard drive, I'll have the current hard drive already backed up and
available to transfer files. Not much has changed other than a couple
of new programs and some program configurations.

What a shame that I got the warning after the fact as I think Paul was alluding to. Oh well, lesson learned. I didn't even have pip installed anyway and only did so for a recent script requirement, but won't be
running the script so won't need pip again.
--- Synchronet 3.20a-Linux NewsLink 1.114

From Jake M@mill45@fla.net to alt.os.linux.ubuntu on Wed Jan 17 16:20:33 2024

From Newsgroup: alt.os.linux.ubuntu

On 1/17/24 9:54 AM, Henry Crun wrote:

On 17/01/2024 10:42, Jake M wrote:

I accidentally installed pip or pip3 as root and got the warning about
possible danger to my system. Therefore, I'd like to remove it.
Please let me know the best commands and thanks in advance.

Easiest: How old is your latest full backup? (solution left as an
exercise for the administrator.)
Otherwise you are liable to find youself in a maze of twisty passages,
all alike...

One last thing I forgot to ask is how I can determine where pip was
installed? It's possible I did not install it (or pip3) to root, so it wouldn't hurt to be sure before reinstalling my backup. Thanks.
--- Synchronet 3.20a-Linux NewsLink 1.114

From Jonathan N. Little@lws4art@gmail.com to alt.os.linux.ubuntu on Wed Jan 17 20:29:23 2024

From Newsgroup: alt.os.linux.ubuntu

Jake M wrote:

One last thing I forgot to ask is how I can determine where pip was installed? It's possible I did not install it (or pip3) to root, so it wouldn't hurt to be sure before reinstalling my backup. Thanks.

which pip3
/usr/bin/pip3
--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
--- Synchronet 3.20a-Linux NewsLink 1.114

From Jake M@mill45@fla.net to alt.os.linux.ubuntu on Wed Jan 17 20:43:59 2024

From Newsgroup: alt.os.linux.ubuntu

On 1/17/24 8:29 PM, Jonathan N. Little wrote:

Jake M wrote:

One last thing I forgot to ask is how I can determine where pip was
installed? It's possible I did not install it (or pip3) to root, so it
wouldn't hurt to be sure before reinstalling my backup. Thanks.

which pip3
/usr/bin/pip3

Thanks. I get both /usr/bin/pip and /usr/bin/pip3 so it looks like it's
on root after all, correct?
--- Synchronet 3.20a-Linux NewsLink 1.114

From Jonathan N. Little@lws4art@gmail.com to alt.os.linux.ubuntu on Thu Jan 18 12:07:43 2024

From Newsgroup: alt.os.linux.ubuntu

Jake M wrote:

On 1/17/24 8:29 PM, Jonathan N. Little wrote:

Jake M wrote:

One last thing I forgot to ask is how I can determine where pip was
installed? It's possible I did not install it (or pip3) to root, so it >>> wouldn't hurt to be sure before reinstalling my backup. Thanks.

which pip3
/usr/bin/pip3

Thanks. I get both /usr/bin/pip and /usr/bin/pip3 so it looks like it's
on root after all, correct?

Yep. It is installed via package:

sudo apt install python3-pip

I think where the security issue may be if you are installing packages
globally or local to your user profile.

sudo pip3 install PACKAGE

will install it globally, whereas:

pip3 install PACKAGE

installs it only for your profile under ~/.local/bin/
--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
--- Synchronet 3.20a-Linux NewsLink 1.114

Who's Online

System Info

Sysop:	DaiTengu
Location:	Appleton, WI
Users:	915
Nodes:	10 (1 / 9)
Uptime:	21:34:33
Calls:	12,168
Files:	186,520
Messages:	2,233,954

accidentally installed pip or pip3 as root

Who's Online

System Info