On Wed, Mar 2, 2011 at 9:54 AM, Ingo Weinhold <ingo_weinhold@xxxxxx> wrote: > * Obviously the showing/hiding of packages on a per-UID basis is > significantly more complex to implement (unlike the alternative, which is > already usable). We might also run into problems with it, like singleton > server processes running as root (or some dedicated user) not seeing per-user > files (e.g. app-server and user-locally installed fonts). Or seteuid() > programs being confused by a changing environment. What if you were to have the server create a liaison that runs under the user, and works as the user's "window" to the main server. The main server can probably run at a higher privilege state and interact with the kernel, etc. The child server deals directly with the user, and can see the user's files. In a sense this would generalize the idea that the user in a multi-user environment would feel as if he was root (except he isn't, since he can't do things like open lower ports, etc). One possible issue here is that the main server would have to be sure it's talking to a legitimate liaison (in case you would let the user make his own, which is a separate issue completely). This could also be interesting in the case where you have multiple monitors connected to a single Haiku box, since each user would feel like he is on his own box. Not sure how much more overhead this would be though. Thanks, -- Hike Danakian