[Python-ideas] shutil.runret and shutil.runout

Andrew McNabb amcnabb at mcnabbs.org
Fri Feb 24 18:24:54 CET 2012

On Sat, Feb 25, 2012 at 12:11:57AM +1000, Nick Coghlan wrote:
> As things stand, Python is a lousy language for system administration
> tasks - the standard APIs are either *very* low level (os.system()) or
> they're written almost entirely from the point of view of an
> application programmer (subprocess). Even when I *am* the
> administrator writing automation scripts for my own use, the
> subprocess library still keeps getting in the way, telling me it isn't
> safe to access my own shell.
> Normally, Python is pretty good about striking a sensible balance
> between "safe defaults" and "consenting adults", but it currently
> fails badly on this particular point.

I disagree with this analysis.  Python, with its fantastic subprocess
module, is the only language I really trust for system administration
tasks.  Most languages provide "shell=True" as the default, making them
extremely frustrating for system administration.  Every time I choose to
write a shell script instead of using Python, the lack of robustness
makes me eventually regret it (and then rewrite in Python with

Setting "shell=True" (or equivalent) seems really convenient in the
short term, but in the long term, scripts behave erratically and are
vulnerable to attacks.  The subprocess module (with "shell=False") is a
wonderful balance between "safe defaults" and "consenting adults".

Andrew McNabb
PGP Fingerprint: 8A17 B57C 6879 1863 DE55  8012 AB4D 6098 8826 6868

More information about the Python-ideas mailing list