On Oct 5, 2011, at 10:46 PM, Cameron Simpson wrote: > Surely VERY FEW tests need to be run as root, and they need careful > consideration. The whole thing (build, full test suite) should > not run as root.
This is news to me - is most of Python not supported to run as root? I was under the impression that Python was supposed to run correctly as root, and therefore there should be some buildbots dedicated to running it that way. If only a few small parts of the API are supposed to work perhaps this should be advertised more clearly in the documentation? Ahem. Sorry for the snark, I couldn't resist. As terry more reasonably put it: >> running buildbot tests as root does not reflect the experience of non-root >> users. It seems some tests need to be run both ways just for correctness >> testing. (except I'd say "all", not "some") > Am I really the only person who feels unease about this scenario? More seriously: apparently you are not, but I am quite surprised by that revelation. You should be :). The idea of root as a special, magical place where real ultimate power resides is quite silly. "root" is a title, like "king". You're not just "root", you're root _of_ something. If the thing that you are root of is a dedicated virtual machine with no interesting data besides the code under test, then this is quite a lot like being a regular user in a similarly boring place. It's like having the keys to an empty safe. Similarly, if you're a normal "unprivileged" user - let's say, www-data - on a system with large amounts of sensitive data owned by that user, becoming root will rarely grant you any really interesting privileges beyond what you've already got. Most public web-based systems fall into this category, as you've got one user (the application deployment user) running almost all of your code, with privileges to read and write to the only interesting data source (the database). So if these tests were running on somebody's public-facing production system in an "unprivileged" context, I'd be far more concerned about that than about it having root on some throwaway VM. -glyph
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
