For running simple servers like web, http, ftp etc. All thats required is that the user can't run any unallowed applications. I think if this is a problem, then OpenBeOS R1 isn't the right solution. But take the cvs example, if you give them a shell where all they can run is cvs, then its as secure as cvs is, not ideal in the long term since any local user overflow can then become 'root', but I would find this more than acceptable for an R1. The only extra work that would be required would be setting up the group/user access so that remote users don't have an privillage to execute arbitary code, or code thats designed for the local user only. I think the effort would be in setting the permissions correctly in the distro, and the code changes should be minimal, and could be confined to userland programmes to set the correct mask. Tom Young