Hello guys!
My aim is to realize a set of system-wide conda environment (managed by the administrator) to be used by all of the users, while still allowing the users to create their own environments for local experiments.
At the moment I installed mambaforge on a linux workstation (Ubuntu 22.04) in /opt/mambaforge, and the configuration has been executed only for root.
How can I proceed for all existing users but also for new ones I will create.
Thanks for help!
Create a central Miniconda (or Miniforge or Mambaforge) installation as you have done, ensuring that the installation is world-readable.
Ensure that the group for the installation is (recursively) set to a group that only the administrator is a member of – or, at least, that the normal users are not members of. This is crucial because many conda packages contain files with group-writable permissions, and if your users are members of the installation’s group, they can, accidentally or otherwise, modify files they should not.
Have all users export environment variable CONDA_PKGS_DIR with a value like $HOME/.conda/pkgs. Without this, users will not, in general, be able to create their own environments when using the shared conda installation, as conda will try to download new package files into the shared conda directory, which will be read-only for them. But with this environment variable set, users can both activate and use environments created by the administrator in the shared installation, and create their own. When they conda env list, they will see the union of the shared environments and their personal ones. This results in some duplicate disk-space use, as multiple users may download the same packages.
The environments I supported were on HPC systems with modules, so I created a conda module that set CONDA_PKGS_DIR (as well as sourcing conda.sh, etc.) for users when they executed module load conda.
If there are users on the system who should not have access to your conda installation at all, you can nest it inside a directory with mode 750, with group set to a group that your users are members of.