0

Since pip shouldn't be used with sudo, why does Amazon give install directions as:

Install the AWS CLI Using pip

With Python and pip installed, use pip to install the AWS CLI:

...

Linux, OS X, or Unix

$ sudo pip install awscli

instead of the preferred pip install --user awscli? (After, presumably, installing pip with sudo.)

What does @EdWinks know that Amazon doesn't? Why does Amazon suggest an insecure install method?

Community
  • 1
Thufir
  • 4,551
  • 1
    This answer you linked to explains what Ask Ubuntu (or rather, @edwinksl) knows that Amazon doesn't. Surely the reason why they recommend this is a matter of opinion (the internet is full of bad advice!) but perhaps they are recommending it on the basis that they expect you to trust their code? (I wouldn't!) – Zanna Jan 02 '17 at 08:22
  • @Zanna whatever answer someone comes with to guess as to what's in the mind of Amazon, I'll open a ticket with them to ask. I'm curious now. I would *naively* expect AWS documentation to be better than edwinks. Clearly they need to pay him $. – Thufir Jan 02 '17 at 08:25

1 Answers1

4

To quote the quote in the answer you don't seem to understand:

In other words, you run arbitrary Python code from the Internet as root.

Now, Amazon employees wrote the CLI for their systems. They know the code. They trust it enough to run it as root. That is why they suggest it. Amazon isn't telling you to install random packages using sudo pip, they're only talking about their own.

If you want to extrapolate that to every PyPI package, that's your funeral.

Of course, the question still remains: Do you trust Amazon enough to run their code as root?

muru
  • 197,895
  • 55
  • 485
  • 740