> > For that user the correct place would be in their own profile files. >> > > Lean toward agree, 'if' the users would actually do so. History proves > the vast majority do not. This is the underlying issue. We can't make new > users who are disinclined to care about learning anything to actually try > to learn anything. > > Also agree with Graham suggesting running weewx as a non-privileged user, > but that's a bigger lift to make happen that I didn't want to suggest. > Getting into that would require the pieces of weewx that talk to the /dev > device to have appropriate privs to do so, and there might be portability > issues there. >
yes, I operate under a separate weewx user as well, but I think this started about specific setup.py installs. It would be relatively easy under specific packaging systems but I imagine it gets a bit of a mess covering all options. Would the simplest option be to make more effort to discourage setup.py installs with a few warnings? On the deb package installs there are wee_xxx wrapper scripts placed in /usr/bin so the added PATH complexity is not needed. > >> If they rely on sudo, then I don't think it sources those extra >> /etc/profile.d files. >> > > It's already sourced in in the non-privileged shell you ran sudo from, so > that's not an issue. Tested on multiple variants of linux. > > Debian 10 removed that security hole with the default *securepath* setting. -- You received this message because you are subscribed to the Google Groups "weewx-development" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-development/58865ccf-ae90-46bf-9607-544294cb3f3an%40googlegroups.com.
