[Python-Dev] [python] Re: PEP: per user site-packages directory
Michael Foord
fuzzyman at voidspace.org.uk
Sun Jan 13 02:24:12 CET 2008
Gregory P. Smith wrote:
>
> On 1/12/08, *Christian Heimes* <lists at cheimes.de
> <mailto:lists at cheimes.de>> wrote:
>
> Christian Heimes wrote:
> > MA Lemburg has suggested a per user site-packages directory in the
> > "pkgutil, pkg_resource and Python 3.0 name space packages"
> thread. I've
> > written a short PEP about it for Python 2.6 and 3.0.
>
> Addition:
> An user has requested a new option to suppress the user site packages
> directory:
>
> -s : don't add user site directory to sys.path; also
> PYTHONNOUSERSITE
>
>
> +0.5 Thanks for writing this up as a PEP.
>
> My main suggestion was going to be the ability to turn it off as you
> already mentioned. However, please consider leaving it off by default
> to avoid problems for installed python scripts importing user supplied
> code. For shared hosting environments where this becomes really
> useful users can easily add the -s (or whatever flag is chosen) to
> their programs themselves. I don't know what that'd mean on windows
> where #! lines don't exist. Yet another file extension to imply the
> flag (yuck)? A .cmd wrapper script to run python with the flag (ugh)?
+1 from me on implementing it and having it on by default for Windows.
Why do you think the user namespace overriding the system namespace be
more of a problem for Windows than other platforms?
This would be a really useful feature for me and it would be a shame for
it not to be on by default on Windows (and another set of complexities
for setuptools I suspect).
Michael Foord
>
> For security reasons we also need it disabled when the getuid() !=
> geteuid() to avoid user supplied code being executed as another user.
> Defaulting to disabled would mean that security could be left up to
> the end user to mess up. (many systems do not allow setuid #! scripts
> but this issue would still apply to things run under sudo)
>
> -gps
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: http://mail.python.org/mailman/options/python-dev/fuzzyman%40voidspace.org.uk
>
More information about the Python-Dev
mailing list