[Distutils] [jerome: Re: real vs effective user id]

[Phillip J. Eby]

At 09:09 PM 6/11/2007 +0200, Jerome Alet wrote:
>On Mon, Jun 11, 2007 at 01:57:38PM -0400, Phillip J. Eby wrote:
> > >
> > >then setuptools tries to play with root's .python-eggs directory instead
> > >of ~effective_user/.python-eggs/, because of the way os.path.expanduser()
> > >works (line 1039 in pkg_resource.py)
> >
> > In these types of situations, it's best to set the PYTHON_EGG_CACHE
> > path explicitly, either via the environment variable or code.
>
>This is effectively what I had to do to fix the problem for my
>client, however this was completely unexpected because I can't
>control how different people install third party modules like this
>one. Considering that some imports will be done before the seteuid()
>call and some after, setting the environment variable would have to
>be done twice (for example), otherwise you might end up with root
>owned directories into an otherwise user-owned directory, and this
>might introduce further permission problems on different apps
>run by the same unpriviledged user  but requiring the same modules.
>
>Wouldn't it be better to use the effective user id when expanding
>the user's home directory in setuptools or in Python ?

That wouldn't fix your problem.  The egg cache location is determined 
exactly *once* for the life of the process, unless you explicitly 
create and use ResourceManagers -- and unfortunately the process of 
importing C code from a zipped egg uses only the default ResourceManager.