Is `sudo pip install` still a broken practice?
Both sudo pip install
and its other common variant sudo -H pip install
should not be encouraged because it is a security risk to use root privileges to use pip
to install Python packages from PyPI (Python Package Index).
From https://stackoverflow.com/a/21056000/486919 (emphasis mine):
When you run
pip
withsudo
, you runsetup.py
withsudo
. In other words, you run arbitrary Python code from the Internet as root. If someone puts up a malicious project on PyPI and you install it, you give an attacker root access to your machine. Prior to some recent fixes topip
and PyPI, an attacker could also run a man in the middle attack to inject their code when you download a trustworthy project.
As mentioned at https://security.stackexchange.com/a/79327/8761, it is important to note that anyone can upload Python packages, including malicious ones, to PyPI.
In short, in accordance with the principle of least privilege, don't use sudo
with pip
to install Python packages from PyPI unless you absolutely need to. Instead, consider using pip install --user
(note that pip install
with no sudo
nor additional flags/options defaults to pip install --user
on Ubuntu currently) or virtual environments (such as virtualenv
). If you see people recommending sudo pip
or sudo -H pip
, please tell them not to.
You must use sudo
to install pip with apt (sudo apt install python-pip
), but as stated in edwinksl's answer you should not use sudo
to install packages with pip, you should use pip install --user <package>
to install only for your user, or use a virtualenv to even further restrict the scope of the package.
Apt installs packages from Ubuntu's repositories, whereas pip installs user-uploaded packages from PyPi which could be malicious.
And for a more tempered reply:
- You indeed do always have to
sudo apt-get install ...
, that's just how the tool was designed to work. - Using
sudo [-H]
withpip install
is both possible & optional, depending on what exactly you want to do (and hence, "controversy").
One of Python's mottos is "There should be one-- and preferably only one --obvious way to do it." And like most mottos, it's broken with sardonic glee seemingly at every possible opportunity. (That's why mottos exist, I guess.) Unfortunately, in my most humble opinion, the Python ecosystem consists of many conflicting "hard & fast" rules, never to be broken...except for when "yada yada yada" (devil, details, etc). In almost all cases, this is due to historical evolution of the language & tools (and who wants/needs a history lesson when they just want to get on with their job) -- but also can be due to differences in Mac/Win/*Nix platforms (e.g., Unix/Linux has a similar mentality, but has the advantage of decades more maturity.) So please do take all these "broken practice" & "inherently wrong" cargo-cultists with a huge pinch of salt. Some actually do mean well. (Others are just, well, mean.)
First of all, rather than basic "per-user installs", you'll almost always prefer a virtualenv, because really, that's probably what you'll end up needing. So you might as well start with it now. How this is done, exactly, "depends" (see Python motto, above). If you're using Conda (mostly for Mac & Windows), it'll be set up using Conda. If using "pure" Python [sic], it depends on which version & what python utils you have, but virtualenvwrapper is pretty handy.
Second, just as a counter-example to the "never sudo" rule, you may prefer to sudo -H pip install -U numpy
, which is perfectly fine, even advantageous, in that it can allow one to avoid downloading/reinstalling/maintaining big libraries, where you only want/need one version, into every virtualenv separately. Big, popular frameworks like scikit-learn, NumPy, matplotlib, SciPy, pandas, etc., can be installed once & done and re-used across environments. Further, your local friendly sys-admin might be able to get these installed for every user on a system -- and obviously they'd be doing this via sudo
, as well, e.g., for more complicated installations, such as TensorFlow.
And, lastly, if you are installing some random 3rd party library that does such-and-such (Twitter API, text munging, code formatting, etc), then I totally agree -- don't install it as root via sudo. Sure, install it as your current user. But just remember, your user account has all your really important stuff.