- Centralized installation
- System configuration settings
- Allow other channels (allow_other_channels)
- Default channels (default_channels)
- SSL verification (ssl_verify)
- Offline mode only (offline)
- Channel alias (channel_alias)
- Disallow installation of specific packages (disallow)
- Add Anaconda.org token to automatically see private packages (add_anaconda_token)
- Specify environment directories (envs_dirs)
- Example admin-controlled installation
Administrators who wish to restrict what programs users can install may do so with a system configuration file, or .condarc that follows the simple YAML syntax. The system configuration file overrides any .condarc configuration files installed by the user.
By default, conda and all packages it installs, including Anaconda, are installed locally with a user-specific configuration. Administrative privileges are not required, and no upstream files or other users are affected by the installation.
An administrator may make conda and any number of packages available to a group of one or more users, while still preventing these users from installing unwanted packages with conda. To do this, the administrator installs conda and the packages, if any, in a location that is controlled by the administrator and accessible by the users.
Each user may then use the central conda installation, which will read settings from their own “user” .condarc configuration file
located in their home directory. The users’ configuration is limited by the second “system” .condarc
file, and the path to it is the same as the root environment prefix displayed by
conda info, as shown in the Example admin-controlled installation
The system configuration settings are commonly used in a system configuration file, although they may also be used in a user configuration file. All user configuration settings may also be used in a system configuration file.
See also: Conda configuration file.
The administrative system configuration .condarc may specify a set of allowed channels, and may allow the users to install packages from other channels with the boolean flag allow_other_channels. The default is True.
If allow_other_channels is set to false, only those channels explicitly specified in the administrative .condarc file are allowed:
allow_other_channels is set to true or not specified, then each user
will have access to the default channels and to any channels that the user
specifies in their local .condarc file. When
allow_other_channels is set to
false, if the user specifies other channels, the other channels will be blocked
and the user will receive a message explaining this. See example below.
If the system .condarc file specifies a channel_alias, it will override any channel aliases set in users’ .condarc files. See channel alias below.
Normally the default repository is repo.continuum.io, but if default_channels is defined it will set the new list of default channels. This is especially useful for air gap and enterprise installations.
channels: - <anaconda_dot_org_username> - http://some.custom/channel - file:///some/local/directory - defaults
If you are behind a proxy that does SSL inspection such as a Cisco IronPort Web Security Appliance (WSA),
it may be necessary to override the SSL verification settings using
By default this variable is
True, ssl verification is used and conda verifies
certificates for SSL connections. The variable can be set to
False, but this
disables the connection’s normal security and is not recommended.
ssl_verify can also be set to a string path to a certificate to be used to verify SSL connections.
Offline mode filters out all channels URLs which do not start with
file:. The default is False.
Alias for non-url channels used with the -c or –channel flag. The default is
NOTE: For Windows users, the slash (/) at the end of a URL is required. Example https://your.repo/conda/
Package specifications to disallow installing. The default is to allow all packages.
disallow: - anaconda
When the channel alias is Anaconda.org or an Anaconda Server GUI, the system configuration file can be set so users
automatically see private packages. (Anaconda.org was formerly known as binstar.org.)
This uses the anaconda command line client (which can be installed with
install anaconda-client) to automatically add the token to the channel urls.
The default is True.
NOTE: Even when set to True, this is enabled only if the anaconda command line client is installed and you
are logged in with the
anaconda login command.
Specify directories in which environments are located. If this key is set, the root prefix envs_dir is not used unless explicitly included. This key also determines where the package caches will be located.
envs/pkgs will be used as the pkgs cache, except for the standard envs directory
in the root directory, for which the normal
root_dir/pkgs is used. The
variable will overwrite this configuration file setting.
envs_dirs: - ~/my-envs - /opt/anaconda/envs
- Linux, OS X:
In the following example, we take a look at the system configuration file, review the settings, compare it to the user’s configuration file, and see what happens when the user attempts to access a file from a channel that is blocked. We then show how the user must modify their configuration file to access the channels allowed by the administrator.
System configuration file
The system configuration file must be located in the top-level conda installation directory. So first we check to see the path where conda is located:
which conda /tmp/miniconda/bin/conda
Now we can look at the contents of the .condarc file located in the administrator’s directory:
This administrative .condarc file sets allow_other_channels to false, and specifies that users may download packages from only the ‘admin’ channel:
cat /tmp/miniconda/.condarc allow_other_channels : false channel_alias: https://conda.anaconda.org/ channels: - admin
allow_other_channels is false and the channel ‘defaults’ are not explicitly specified, users
are disallowed from downloading packages from the default channels. We will check this in the next step.
Note: The admin channel can also be expressed as https://conda.anaconda.org/admin/
User configuration file
Let’s check to see where the user’s conda install is located:
conda info Current conda install: . . . channel URLs : http://repo.continuum.io/pkgs/free/osx-64/ http://repo.continuum.io/pkgs/pro/osx-64/ config file : /Users/gergely/.condarc
The ‘conda info’ command shows us that conda is using the user’s .condarc file, located at
/Users/gergely/.condarc and that the default channels such as
listed as channel URLs.
Now let’s look at the contents of the administrative .condarc file located in that directory:
cat ~/.condarc channels: - defaults
This user’s .condarc file specifies only the default channels.
But the administrator config file has blocked default channels by specifying that only “admin” is allowed. If this user attempts to search for a package in the default channels, they will see a message telling them what channels are allowed:
conda search flask Fetching package metadata: Error: URL 'http://repo.continuum.io/pkgs/pro/osx-64/' not in allowed channels. Allowed channels are: - https://conda.anaconda.org/admin/osx-64/
This error message tells the user to add the “admin” channel to their configuration file.
Conclusion: The user must edit their local .condarc configuration file to access the package through the admin channel:
channels: - admin
Now the user can search for packages in the allowed admin channel.