Package archive misses permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| dateutil |
Undecided
|
Unassigned |
Bug Description
The distribution available on PyPI have all files permissions set to 600 and directories to 700.
Distributions patch this themselves when packaging python-dateutil:
Modern installers normalize permissions (pip does) but easy_install or setup.py install doesn't. Meaning tools relying on easy_install or setup.py (such as FPM) may end up with insufficient permissions to run the code as a non-root user.
Would it be possible to have the correct permissions in the tarball directly? Adding a+r and g+r seems reasonable.
Bruno (brutasse) wrote : | #1 |
Colm Ragu (colmragu) wrote : | #2 |
I had the same problem. I noticed it when deluge failed to start.
$ deluge
Traceback (most recent call last):
File "/usr/bin/deluge", line 5, in <module>
from pkg_resources import load_entry_point
File "/usr/lib/
add_
File "/usr/lib/
callback(dist)
File "/usr/lib/
add_
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
for modname in self._get_
File "/usr/lib/
for line in self.get_
File "/usr/lib/
return yield_lines(
File "/usr/lib/
return self._get(
File "/usr/lib/
stream = open(path, 'rb')
IOError: [Errno 13] Permission denied: '/usr/local/
Checked permissions:
$la -lrt /usr/local/
/usr/local/
total 276
-rwxr-xr-x 1 root staff 32988 Nov 22 16:28 tz.py
-rwxr-xr-x 1 root staff 41036 Nov 22 16:28 rrule.py
-rwxr-xr-x 1 root staff 17224 Nov 22 16:28 relativedelta.py
-rwxr-xr-x 1 root staff 2578 Nov 22 16:28 easter.py
drwxr-sr-x 2 root staff 4096 Nov 22 16:28 zoneinfo
-rwxr-xr-x 1 root staff 5737 Nov 22 16:28 tzwin.py
-rwxr-xr-x 1 root staff 34280 Nov 22 16:28 parser.py
-rwxr-xr-x 1 root staff 278 Nov 22 16:28 __init__.py
-rw-r--r-- 1 root staff 27948 Nov 22 16:28 tz.pyc
-rw-r--r-- 1 root staff 14965 Nov 22 16:28 relativedelta.pyc
-rw-r--r-- 1 root staff 2445 Nov 22 16:28 easter.pyc
-rw-r--r-- 1 root staff 31098 Nov 22 16:28 rrule.pyc
-rw-r--r-- 1 root staff 482 Nov 22 16:28 __init__.pyc
-rw-r--r-- 1 root staff 7311 Nov 22 16:28 tzwin.pyc
-rw-r--r-- 1 root staff 24885 Nov 22 16:28 parser.pyc
/usr/local/
total 24
-rw------- 1 root staff 9 Nov 22 16:28 top_level.txt
-rw------- 1 root staff 563 Nov 22 16:28 SOURCES.txt
-rw------- 1 root staff 3 Nov 22 16:28 requires.txt
-rw------- 1 root staff 970 Nov 22 16:28 PKG-INFO
-rw------- 1 root staff 1 Nov 22 16:28 not-zip-safe
-rw------- 1 root staff 1 Nov 22 16:28 dependency_
Solved it by changing the permissions. Now deluge is working fine.
sudo chmod a+r /usr/local/
c_t (chefturner) wrote : | #3 |
I do experience the same problem.
jarondl (jarondl) wrote : | #4 |
This was fixed in 2.3.
If not, please open a github issue.
Changed in dateutil: | |
status: | New → Fix Released |
Bruno (brutasse) wrote : | #5 |
Great, thank you!
This only concerns non-python files:
$ find . ! -perm -a+r zoneinfo/ zoneinfo- -latest. tar.gz dateutil- 2.1.egg- info/not- zip-safe dateutil- 2.1.egg- info/PKG- INFO dateutil- 2.1.egg- info/top_ level.txt dateutil- 2.1.egg- info/SOURCES. txt dateutil- 2.1.egg- info/dependency _links. txt dateutil- 2.1.egg- info/requires. txt
./dateutil/
./python_
./python_
./python_
./python_
./python_
./python_
But some of these are needed at runtime py pkg_resources it seems.