= Proposed Self Contained Change: User PATH Prioritization = https://fedoraproject.org/wiki/Changes/UserPathPrioritization Owner(s): * Sorin Sbarnea <ssbarnea at redhat dot com> * Till Maas <opensource at till dot name> * Miro Hrončok <mhroncok at redhat dot com> Changing user PATH '''~/.local/bin''' to be moved to the top of the PATH list instead of the end. This will bring Fedora in sync with other distributions which already fixed this issues (Debian/Ubuntu) and will allow users to install and use their own command line tools, also fixing multiple bugs where user installed tools cannot be accessed because the system installed ones took precedence. == Detailed description == Currently if user is installing his own tools with installers like (pip), they will be installed inside ~/.local/bin but if the same CLI tools are installed at system level the user would not be able to use his own tools because the system one would be picked instead. This happens because .bashrc file adds user PATH to the end instead of the top of PATH list variable. Same problem was happening with other distributions but they fixed it (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839155 Debian bug) Example: "pip install --user virtualenv" would install virtualenv at user level, adding ~/.local/bin/virtualenv executable. Still, if virtualenv happens to be installed at system level, this would currently be used instead of user installed one. On the other hand, python itself already knows to prefer user installed modules which means that "python -m virtualenv" will call user installed module instead of the system one. This may result in undefined behavior, where user installs foo, than run foo, but /usr/bin/foo is run and that import from Python modules in home. Those modules might have different API. If we change the order and to assure the user folders do take precedence, we would assure that python modules and shell scripts would use the same modules, avoiding weird bugs where what you call is not what you installed. The issue is not unique to pip installed and applies to any tools that are installed in de facto default XDG folder locations. There should be '''no security concerns''' due to this change because any user is already able to add executables and to alter its own PATH, which means that if someone wants to trick a user to use another executable, they are already able to do that. This has already been proved several times in the https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/OXXC5NOZP37W2F6GHV6P5E6K22QHOBNJ/ initial discussions about this change. The change itself technically is in /etc/skel/.bash_profile from bash. Currently: PATH=$PATH:$HOME/.local/bin:$HOME/bin After the change: PATH=$HOME/.local/bin:$HOME/bin:$PATH (Note that whether we move $HOME/bin or not has not yet been decided.) Note that this change will only affect new user accounts, we cannot change PATH for already existing accounts without crazy and undesired hacks. == Scope == * Proposal owners: change /etc/skel/.bash_profile to have local folders before the system ones in default PATH * Other developers: N/A (not a System Wide Change) * Release engineering: https://pagure.io/releng/issue/7554 #7554 ** List of deliverables: N/A (not a System Wide Change) * Policies and guidelines: N/A (not a System Wide Change) * Trademark approval: N/A (not needed for this Change) -- Jan Kuřík JBoss EAP Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/C3FCEWZR42MWLZQWFKDRS75F3OSOBB3K/