Benjamin M. Schwartz
bmschwar at fas.harvard.edu
Fri Aug 1 15:06:13 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Walter Bender wrote:
| What are the Sugar/X Window actions that require root
This discussion is becoming a little confusing. The problem is not just
"root" access. There are three accounts in play here: root, olpc, and
10005 (an arbitrary isolated instance uid generated by Rainbow).
An "isolated" Terminal runs as 10005.
It can: run any binary in the major world-readable directories
(/usr/bin/*, etc.), spawn additional X applications in additional windows,
provided those X applications are happy to run as user 10005.
It cannot modify user settings with sugar-control-panel, read arbitrary
items from the Datastore, read or write /home/olpc, or start new Activity
A "de-isolated" Terminal runs as olpc.
It can: do anything that the olpc user can do, including use "su" to start
a session as root, run any X program as olpc or root, modify settings with
sugar-control-panel, launch new Activity instances, etc.
A console session starts as root.
It can: install RPMs, mess with stuff in /sys, and otherwise do anything
whatsoever on the system.
HOWEVER, it is currently nearly impossible to use this console to launch
activities, run X programs, modify settings with sugar-control-panel, and
otherwise mess with the running Sugar instance. This is mostly because
the shell does not contain the correct environment variables to connect
with the X display and D-Bus bus.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Devel