Package: python-setuptools
Version: 0.6c7-1
Severity: important
Running easy_setup as root to make new packages available system-wide
I find that all of the packages and their dependencies are downloaded
and installed. However, they are not usable to normal users due to
overly restrictive permissions issues.
My root user's umask is set to 0077 (as a result of running the
Debian/Bastille system hardening script, probably). But it would have
been set that way as a matter of course).
Symptoms: For example, using the command: easy_install turbogears (as root)
then trying to run the tg-admin quickstart command (as a normal user)
fails with a traceback (from the import failure). Obviously running
the tg-admin as root succeeds.
Workaround/mitigation: Running commands like the following seems to
resolve the issue:
find /usr/lib/python* -type d -print0 | xargs -0 chmod go+rx
find /usr/lib/python* -not -type d -print0 | xargs -0 chmod go+r
(make all directories under /usr/lib/python* world and group accessible
and all regular files world and group readable).
Solution:
It's unclear to me what the best policy should be. Clearly just
changing umasks around, or over-riding them, not be correct.
If it is Debian/Python policy that /usr/lib/python* be world accessible
then perhaps the best solution would be to add a wrapper around the
easy_install command to clean up the permissions after the fact. If
that's a consensus policy for other distributions as well then perhaps
the permissions clean-up should be implemented upstream.
If there is any use case for inaccessible easy_install directory trees
then perhaps that needs to be documented and options provided to
support it. However, the default behavior should almost certainly be
for the results to be accessible system-wide.
(I can almost imagine a case for limiting access to a "pythonusers"
system group; but it's still likely to be a rather obscure situation).
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.23.1-linode36
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages python-setuptools depends on:
ii python 2.4.4-6 An interactive high-level object-o
ii python-central 0.5.15-0.1 register and build utility for Pyt
python-setuptools recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
