[Pythonmac-SIG] PackageManager maintainer questions
Ronald Oussoren
oussoren@cistron.nl
Tue May 27 07:49:18 EDT 2003
On Tuesday, May 27, 2003, at 03:23 Europe/Amsterdam, Stuart Bishop
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>>> How is a non-power-user supposed to do a site-wide install of
>>> anything? (I used 'sudo pythonw PackageManager.py'.)
>>
>> I never thought about this. The next version of the binary installer
>> will use group-writeable for all files, so any admin user can install
>> packages, but I never thought about non-admin users wanting to
>> install things system wide. I think the sudo trick won't work,
>> because I think non-admin users aren't allowed to sudo.
>
> Group writable means that any admin user can screw up or trojan
> the site's installation without being prompted for their password
> (ie. without using sudo).
>
> I don't think Andrew meant non-admin users either (or if he did,
> they shouldn't be able to do a site installation - they don't have
> admin
> for a reason!). Removing the need for a command line sudo invokation
> would require the package manager re-execing itself with sudo after
> prompting for a password (ala Fink), or using the padlock 'click the
> lock
> to make changes' priv. escalation widget (is this possible?)
You'd have to write some C code to call the right API's, and the
privileged code would have to be in a seperate script/executable, but
otherwise it is quite doable.
BTW. Moving some logic into a seperate process might also help with the
problem that 'import wxPython' interferes with the runloop of the
PackageManager itself.
Ronald
More information about the Pythonmac-SIG
mailing list