On 12/11/06, belinda thom <[EMAIL PROTECTED]> wrote: > Hi, > > I'm writing to seek a better understanding of how permissions should > work in python on the Mac. > > Out-of-the-MacPython-2.4-install box, files in /Library/Frameworks/ > Python.framework/Versions/2.4/lib/python2.4 have permissions like these: > > -rw-rw-r-- 1 root admin 26255 Oct 18 01:39 zipfile.py > -rw-rw-r-- 1 root admin 18931 Dec 6 22:14 zipfile.pyc > -rw-rw-r-- 1 root admin 18931 Dec 6 22:14 zipfile.pyo > > In the site-packages directory, packages I installed (via > macpython.com, e.g. numpy, Numeric, matplotlib, etc) have permissions > like: > > drwxrwxr-x 41 501 admin 1394 Jul 5 20:11 Numeric/ > drwxrwxr-x 157 501 admin 5338 Dec 9 20:57 matplotlib/ > drwxr-xr-x 130 root admin 4420 Dec 7 04:39 numarray/ > drwxrwxr-x 47 501 admin 1598 Oct 27 16:54 numpy/ > drwxrwxr-x 6 501 admin 204 Oct 27 16:54 numpy-1.0-py2.4.egg- > info/ > -rw-rw-r-- 1 501 admin 31 Oct 26 06:26 pylab.py > -rw-rw-r-- 1 501 admin 205 Oct 30 10:15 pylab.pyc > -rw-rw-r-- 1 501 admin 205 Oct 30 10:15 pylab.pyo > drwxrwxr-x 43 501 admin 1462 Sep 17 18:04 scipy/ > drwxrwxr-x 6 501 admin 204 Sep 17 18:04 scipy-0.5.1- > py2.4.egg-info/ > drwxr-xr-x 10 bthom admin 340 Dec 7 01:33 setuptools-0.6c3- > py2.4.egg/ > -rw-r--r-- 1 bthom admin 29 Dec 7 01:33 setuptools.pth > drwxrwxr-x 4 root admin 136 Jul 15 16:03 wx-2.6-mac-unicode/ > -rw-r--r-- 1 root admin 18 Jul 15 16:03 wx.pth > drwxr-xr-x 4 root admin 136 Jul 15 16:03 wxaddons/ > -rw-r--r-- 1 root admin 17813 Jan 20 2006 wxversion.py > > Is there a reason why these packages have owner 501? And is there a > reason why group have read access? I'd have thought the best way to > install something that are supposed to work as-is would be to have > root as owner, giving sole write permissions to owner. (Then to > modify something, you'd have to sudo). > > I'm beginning to realize its not that simple. For instance, the first > time I (w/admin privs) try and edit a file (e.g. zipfile.py), > TextEdit asks if I'd like to overwrite the permissions on save. > Saying yes overwrites the file. The disturbing thing is that on > future opens (even after TextEdit's been closed) I am no longer > asked; overwriting saves occur automatically. Fortunately, when I > created another user w/o admin permissions, overwriting when logged > in as this less priv'd user didn't seem to be an option. > > ...but I'd like to protect against myself (this is esp. true b/c I > use ipython w/in xemacs w/%pdb on, so I'm often dumped into the > editor w/a file like bpd.py). > > Some more poking in a package directory (e.g. matplotlib) shows > permissions like: > > -rw-rw-r-- 1 root admin 40789 Oct 26 09:30 __init__.py > -rw-r--r-- 1 bthom admin 39389 Dec 10 21:02 __init__.pyc > -rw-rw-r-- 1 root admin 30134 Oct 30 10:15 __init__.pyo > > What's interesting here is that pyc is owned by me (perhaps b/c it > was compiled via my first call to __init__.py). However, I'm pretty > sure what I installed off macpython.com was binarys---so there should > be no need to compile the files, right? Again, I (perhaps naively) > would feel better if all of these files were owned by root (and that > only root could override them). > > Security issues become even more important as students will be using > python/ipython from the same machine. > > Perhaps I'm missing something really basic (would a Finder view to > permissions provide better control?). Or perhaps the ability to not > protect as tightly against myself as admin as I'd have liked is a > "feature". > > What have others done wrt this issue?
That's not really intentional. If you want to fix it, feel free. The code that makes these packages is bdist_mpkg and the source is here: http://svn.pythonmac.org/bdist_mpkg/bdist_mpkg/trunk/ I don't have the time or the need to fix it myself any time soon. -bob _______________________________________________ Pythonmac-SIG maillist - Pythonmac-SIG@python.org http://mail.python.org/mailman/listinfo/pythonmac-sig
