On Thu, Jun 07, 2018 at 11:08:55AM +0200, Jan Kurik wrote: > = Proposed Self Contained Change: User PATH Prioritization = > https://fedoraproject.org/wiki/Changes/UserPathPrioritization > > > Owner(s): > * Sorin Sbarnea <ssbarnea at redhat dot com> > * Till Maas <opensource at till dot name> > * Miro Hrončok <mhroncok at redhat dot com> > > > Changing user PATH '''~/.local/bin''' to be moved to the top of the > PATH list instead of the end. This will bring Fedora in sync with > other distributions which already fixed this issues (Debian/Ubuntu) > and will allow users to install and use their own command line tools, > also fixing multiple bugs where user installed tools cannot be > accessed because the system installed ones took precedence. "allow" is not the right word here. What about "make it easier to"? > > == Detailed description == > Currently if user is installing his own tools with installers like s/his/their/g > (pip), they will be installed inside ~/.local/bin but if the same CLI > tools are installed at system level the user would not be able to use > his own tools because the system one would be picked instead. This > happens because .bashrc file adds user PATH to the end instead of the > top of PATH list variable. > Same problem was happening with other distributions but they fixed it > (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839155 Debian bug) > Example: "pip install --user virtualenv" would install virtualenv at > user level, adding ~/.local/bin/virtualenv executable. Still, if > virtualenv happens to be installed at system level, this would > currently be used instead of user installed one. On the other hand, > python itself already knows to prefer user installed modules which > means that "python -m virtualenv" will call user installed module > instead of the system one. > This may result in undefined behavior, where user installs foo, than > run foo, but /usr/bin/foo is run and that import from Python modules > in home. Those modules might have different API. > If we change the order and to assure the user folders do take > precedence, we would assure that python modules and shell scripts > would use the same modules, avoiding weird bugs where what you call is > not what you installed. > The issue is not unique to pip installed and applies to any tools that > are installed in de facto default XDG folder locations. > There should be '''no security concerns''' due to this change because > any user is already able to add executables and to alter its own PATH, s/its/their/ > which means that if someone wants to trick a user to use another > executable, they are already able to do that. This has already been > proved several times in the > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/OXXC5NOZP37W2F6GHV6P5E6K22QHOBNJ/ > initial discussions about this change. > The change itself technically is in /etc/skel/.bash_profile from bash. > Currently: > PATH=$PATH:$HOME/.local/bin:$HOME/bin > After the change: > PATH=$HOME/.local/bin:$HOME/bin:$PATH > (Note that whether we move $HOME/bin or not has not yet been decided.) > Note that this change will only affect new user accounts, we cannot > change PATH for already existing accounts without crazy and undesired > hacks. I'm pretty sure ~/bin should be moved too. All the same considerations apply to ~/bin as to ~/.local/bin, and having one at the beginning and one at the end would be rather strange. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/ZS2SC2VMSGIHJWWKK3SREJDXTTPZBN5E/
