From 9794e18a20e026f0a377c8bc90fe5eb9909dae8b Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Sun, 16 Feb 2020 19:26:31 +0100 Subject: [PATCH] Base: Run WindowServer as a separate "window" user This was actually rather painless and straightforward. WindowServer now runs as the "window" user. Users in the "window" group can connect to it via the socket in /tmp/portal/window as usual. --- Base/etc/SystemServer.ini | 3 ++- Base/etc/group | 3 ++- Base/etc/passwd | 1 + Kernel/build-root-filesystem.sh | 6 ++++++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Base/etc/SystemServer.ini b/Base/etc/SystemServer.ini index 1dcfe862a8d..f5fd678a3a2 100644 --- a/Base/etc/SystemServer.ini +++ b/Base/etc/SystemServer.ini @@ -22,9 +22,10 @@ User=lookup [WindowServer] Socket=/tmp/portal/window +SocketPermissions=660 Priority=high KeepAlive=1 -User=anon +User=window [Clock.MenuApplet] KeepAlive=1 diff --git a/Base/etc/group b/Base/etc/group index e41861da50c..847883e3da0 100644 --- a/Base/etc/group +++ b/Base/etc/group @@ -1,8 +1,9 @@ root:x:0: wheel:x:1:anon tty:x:2: -phys:x:3:anon +phys:x:3:window audio:x:4:anon lookup:x:10:protocol,anon protocol:x:11:anon +window:x:13:anon users:x:100:anon diff --git a/Base/etc/passwd b/Base/etc/passwd index e23a6d09d32..78f60742f24 100644 --- a/Base/etc/passwd +++ b/Base/etc/passwd @@ -1,5 +1,6 @@ root:x:0:0:root:/:/bin/sh lookup:x:10:10:LookupServer,,,:/:/bin/false protocol:x:11:11:ProtocolServer,,,:/:/bin/false +window:x:13:13:WindowServer,,,:/:/bin/false anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh nona:x:200:200:Nona,,,:/home/nona:/bin/sh diff --git a/Kernel/build-root-filesystem.sh b/Kernel/build-root-filesystem.sh index 837b8d04d99..31daa843a6e 100755 --- a/Kernel/build-root-filesystem.sh +++ b/Kernel/build-root-filesystem.sh @@ -6,6 +6,8 @@ wheel_gid=1 tty_gid=2 phys_gid=3 audio_gid=4 +window_uid=13 +window_gid=13 die() { echo "die: $*" @@ -83,6 +85,10 @@ cp -R ../Base/* mnt/ cp -R ../Root/* mnt/ cp kernel.map mnt/res/ chmod 400 mnt/res/kernel.map + +chmod 660 mnt/etc/WindowServer/WindowServer.ini +chown $window_uid:$window_gid mnt/etc/WindowServer/WindowServer.ini + echo "done" printf "installing users... "