Hello, I'm trying to write a Python program that uses Python scripts for its configuration. This program is intended to be a package management tool for Linux boxes, and thus will be running with super-user privelages most of the time. However, since Python configuration scripts will be distributed with all packages, I need a way to restrict the power of the Python configuration scripts. Thus, I'm wondering if it's possible to implement some sort of access control in Python. I did a quick web search for Python and access control, and nothing really interesting came up. If anyone has any suggestions, they would be greatly appreciated. Thanks in advance!

The easiest thing to do could be running the scripts with a special Python interpreter lacking most of the standard library, to make all scripts attempting file etc. operations fail immediately.
Then you would need to make available to the scripts some custom Python extensions to perform legitimate operations with all the appropriate security restrictions.

If not Python for configuration files, then what do you suggest? These will be somewhat like Portage ebuilds, in that they will also define instructions for compiling/installing the package (i.e. some packages have weird compilation instructions, and some binaries require post-install commands). Portage "jails" the executable code it runs somehow, so that writing outside a special "work/temp" folder results in an access violation... which is what I want to achieve also.

Portage probably uses a Chroot jail.

For Python, there's a deprecated rexec module that would do what you want, except that it was so riddled with security holes they may have taken it out completely.

I think you can also rig something up where the import mechanism always throws an exception, but I don't know how that works. (Paint Shop Pro uses this mechanism for its restricted scripts)