Terminals

[Benjamin M. Schwartz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Walter Bender wrote:
| What are the Sugar/X Window actions that require root
| access?

This discussion is becoming a little confusing.  The problem is not just
"root" access.  There are three accounts in play here: root, olpc, and
10005 (an arbitrary isolated instance uid generated by Rainbow).

An "isolated" Terminal runs as 10005.
It can: run any binary in the major world-readable directories
(/usr/bin/*, etc.), spawn additional X applications in additional windows,
provided those X applications are happy to run as user 10005.
It cannot modify user settings with sugar-control-panel, read arbitrary
items from the Datastore, read or write /home/olpc, or start new Activity
instances.

A "de-isolated" Terminal runs as olpc.
It can: do anything that the olpc user can do, including use "su" to start
a session as root, run any X program as olpc or root, modify settings with
sugar-control-panel, launch new Activity instances, etc.

A console session starts as root.
It can: install RPMs, mess with stuff in /sys, and otherwise do anything
whatsoever on the system.
HOWEVER, it is currently nearly impossible to use this console to launch
activities, run X programs, modify settings with sugar-control-panel, and
otherwise mess with the running Sugar instance.  This is mostly because
the shell does not contain the correct environment variables to connect
with the X display and D-Bus bus.

- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiTXqUACgkQUJT6e6HFtqTOjwCfXYvrQxCp/pPiI765U5rvvrVd
w7YAn127vjO5xgNpAQiAzpvo4CDmt4qQ
=rymY
-----END PGP SIGNATURE-----