[Python-Dev] PEP: per user site-packages directory
Gregory P. Smith
greg at krypto.org
Sun Jan 13 02:08:05 CET 2008
On 1/12/08, Christian Heimes <lists at cheimes.de> wrote:
>
> Christian Heimes wrote:
> > MA Lemburg has suggested a per user site-packages directory in the
> > "pkgutil, pkg_resource and Python 3.0 name space packages" thread. I've
> > written a short PEP about it for Python 2.6 and 3.0.
>
> Addition:
> An user has requested a new option to suppress the user site packages
> directory:
>
> -s : don't add user site directory to sys.path; also PYTHONNOUSERSITE
+0.5 Thanks for writing this up as a PEP.
My main suggestion was going to be the ability to turn it off as you already
mentioned. However, please consider leaving it off by default to avoid
problems for installed python scripts importing user supplied code. For
shared hosting environments where this becomes really useful users can
easily add the -s (or whatever flag is chosen) to their programs
themselves. I don't know what that'd mean on windows where #! lines don't
exist. Yet another file extension to imply the flag (yuck)? A .cmd wrapper
script to run python with the flag (ugh)?
For security reasons we also need it disabled when the getuid() != geteuid()
to avoid user supplied code being executed as another user. Defaulting to
disabled would mean that security could be left up to the end user to mess
up. (many systems do not allow setuid #! scripts but this issue would still
apply to things run under sudo)
-gps
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20080112/5b094d5f/attachment-0001.htm
More information about the Python-Dev
mailing list