[Distutils] no access to resources unpacked as root

Matt Goodall matt at pollenation.net
Tue Jan 24 01:42:58 CET 2006


I'm using eggs a fair amount to deploy Twisted-based server applications.
(This problem is not specific to Twisted so please don't stop reading!)

The Twisted process starts up as root to open low ports, etc and then,
once up and running, sheds privileges and continues to run as a normal
user. Many of the resources that are buried in the eggs are located with
resource_filename at module import time; some when the application is
still running as root.

The resources are unpacked from the egg into /root/.python-eggs/ and
(correctly, I think) given 600 (rw-------) file access permissions. The
problem is that the user the application ends up running as cannot access
the unpacked resource files and fails with a PermissionDenied error.

Now, I can move some uses of resource_filename to happens later but I
don't think I can replace all of them without changing APIs.

Has anyone else tackled this problem or can anyone offer any advice on how
to avoid the problem in the first place?

Thanks in advance,

- Matt

More information about the Distutils-SIG mailing list