[Python-Dev] [python] Re: PEP: per user site-packages directory

Michael Foord fuzzyman at voidspace.org.uk
Sun Jan 13 02:24:12 CET 2008


Gregory P. Smith wrote:
>
> On 1/12/08, *Christian Heimes* <lists at cheimes.de 
> <mailto:lists at cheimes.de>> wrote:
>
>     Christian Heimes wrote:
>     > MA Lemburg has suggested a per user site-packages directory in the
>     > "pkgutil, pkg_resource and Python 3.0 name space packages"
>     thread. I've
>     > written a short PEP about it for Python 2.6 and 3.0.
>
>     Addition:
>     An user has requested a new option to suppress the user site packages
>     directory:
>
>     -s     : don't add user site directory to sys.path; also
>     PYTHONNOUSERSITE
>
>
> +0.5  Thanks for writing this up as a PEP.
>
> My main suggestion was going to be the ability to turn it off as you 
> already mentioned.  However, please consider leaving it off by default 
> to avoid problems for installed python scripts importing user supplied 
> code.  For shared hosting environments where this becomes really 
> useful users can easily add the -s (or whatever flag is chosen) to 
> their programs themselves.  I don't know what that'd mean on windows 
> where #! lines don't exist.  Yet another file extension to imply the 
> flag (yuck)?  A .cmd wrapper script to run python with the flag (ugh)?

+1 from me on implementing it and having it on by default for Windows.

Why do you think the user namespace overriding the system namespace be 
more of a problem for Windows than other platforms?

This would be a really useful feature for me and it would be a shame for 
it not to be on by default on Windows (and another set of complexities 
for setuptools I suspect).

Michael Foord

>
> For security reasons we also need it disabled when the getuid() != 
> geteuid() to avoid user supplied code being executed as another user.  
> Defaulting to disabled would mean that security could be left up to 
> the end user to mess up.  (many systems do not allow setuid #! scripts 
> but this issue would still apply to things run under sudo)
>
> -gps
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: http://mail.python.org/mailman/options/python-dev/fuzzyman%40voidspace.org.uk
>   



More information about the Python-Dev mailing list