[Pythonmac-SIG] permissions on packages
Bob Ippolito
bob at redivi.com
Mon Dec 11 07:21:17 CET 2006
On 12/11/06, belinda thom <bthom at cs.hmc.edu> wrote:
> Hi,
>
> I'm writing to seek a better understanding of how permissions should
> work in python on the Mac.
>
> Out-of-the-MacPython-2.4-install box, files in /Library/Frameworks/
> Python.framework/Versions/2.4/lib/python2.4 have permissions like these:
>
> -rw-rw-r-- 1 root admin 26255 Oct 18 01:39 zipfile.py
> -rw-rw-r-- 1 root admin 18931 Dec 6 22:14 zipfile.pyc
> -rw-rw-r-- 1 root admin 18931 Dec 6 22:14 zipfile.pyo
>
> In the site-packages directory, packages I installed (via
> macpython.com, e.g. numpy, Numeric, matplotlib, etc) have permissions
> like:
>
> drwxrwxr-x 41 501 admin 1394 Jul 5 20:11 Numeric/
> drwxrwxr-x 157 501 admin 5338 Dec 9 20:57 matplotlib/
> drwxr-xr-x 130 root admin 4420 Dec 7 04:39 numarray/
> drwxrwxr-x 47 501 admin 1598 Oct 27 16:54 numpy/
> drwxrwxr-x 6 501 admin 204 Oct 27 16:54 numpy-1.0-py2.4.egg-
> info/
> -rw-rw-r-- 1 501 admin 31 Oct 26 06:26 pylab.py
> -rw-rw-r-- 1 501 admin 205 Oct 30 10:15 pylab.pyc
> -rw-rw-r-- 1 501 admin 205 Oct 30 10:15 pylab.pyo
> drwxrwxr-x 43 501 admin 1462 Sep 17 18:04 scipy/
> drwxrwxr-x 6 501 admin 204 Sep 17 18:04 scipy-0.5.1-
> py2.4.egg-info/
> drwxr-xr-x 10 bthom admin 340 Dec 7 01:33 setuptools-0.6c3-
> py2.4.egg/
> -rw-r--r-- 1 bthom admin 29 Dec 7 01:33 setuptools.pth
> drwxrwxr-x 4 root admin 136 Jul 15 16:03 wx-2.6-mac-unicode/
> -rw-r--r-- 1 root admin 18 Jul 15 16:03 wx.pth
> drwxr-xr-x 4 root admin 136 Jul 15 16:03 wxaddons/
> -rw-r--r-- 1 root admin 17813 Jan 20 2006 wxversion.py
>
> Is there a reason why these packages have owner 501? And is there a
> reason why group have read access? I'd have thought the best way to
> install something that are supposed to work as-is would be to have
> root as owner, giving sole write permissions to owner. (Then to
> modify something, you'd have to sudo).
>
> I'm beginning to realize its not that simple. For instance, the first
> time I (w/admin privs) try and edit a file (e.g. zipfile.py),
> TextEdit asks if I'd like to overwrite the permissions on save.
> Saying yes overwrites the file. The disturbing thing is that on
> future opens (even after TextEdit's been closed) I am no longer
> asked; overwriting saves occur automatically. Fortunately, when I
> created another user w/o admin permissions, overwriting when logged
> in as this less priv'd user didn't seem to be an option.
>
> ...but I'd like to protect against myself (this is esp. true b/c I
> use ipython w/in xemacs w/%pdb on, so I'm often dumped into the
> editor w/a file like bpd.py).
>
> Some more poking in a package directory (e.g. matplotlib) shows
> permissions like:
>
> -rw-rw-r-- 1 root admin 40789 Oct 26 09:30 __init__.py
> -rw-r--r-- 1 bthom admin 39389 Dec 10 21:02 __init__.pyc
> -rw-rw-r-- 1 root admin 30134 Oct 30 10:15 __init__.pyo
>
> What's interesting here is that pyc is owned by me (perhaps b/c it
> was compiled via my first call to __init__.py). However, I'm pretty
> sure what I installed off macpython.com was binarys---so there should
> be no need to compile the files, right? Again, I (perhaps naively)
> would feel better if all of these files were owned by root (and that
> only root could override them).
>
> Security issues become even more important as students will be using
> python/ipython from the same machine.
>
> Perhaps I'm missing something really basic (would a Finder view to
> permissions provide better control?). Or perhaps the ability to not
> protect as tightly against myself as admin as I'd have liked is a
> "feature".
>
> What have others done wrt this issue?
That's not really intentional. If you want to fix it, feel free. The
code that makes these packages is bdist_mpkg and the source is here:
http://svn.pythonmac.org/bdist_mpkg/bdist_mpkg/trunk/
I don't have the time or the need to fix it myself any time soon.
-bob
More information about the Pythonmac-SIG
mailing list