Programs running as different user accounts?

Kristian Høgsberg krh at
Wed Aug 17 10:33:48 PDT 2011

On Sat, Aug 13, 2011 at 8:17 PM, nerdopolis
<bluescreen_avenger at> wrote:
> Hi.
> I was thinking, but I don't know how often something like this will be used:
> sometimes a user might need to run a program running as a different user
> along with their session (for maybe testing, or something).
> Seeing that Wayland uses a file socket, file permissions could get in the
> way. Would ACLs need to be used, to allow/disallow users to use the socket?
> Some Linux FSes seem to support them, but not every distro use them by
> default. It also seems that BSD and MAC do have support for ACL's if Wayland
> ever needed to be ported to these platforms...

What I'm thinking for this case is that you can just add a socket in
the $XDG_RUNTIME_DIR for the user in question.  The server can handle
multiple listen sockets just fine.  So something like this

  $ create-socket su $WAYLAND_USER -l -c add-socket

run as the user who wishes to get access.  The create-socket commands
creates and binds the listen socket in the users $XDG_RUNTIME_DIR,
then forks and execs the first argument with the remaining args and
the leaves the listen socket fd open for the child process.  So su
gets run with fd=3 being a listen socket for the original user and
then prompts for password and then runs add-socket as the user that
owns the wayland server ($WAYLAND_USER).  The add-socket helper
connects to the wayland server and passes the fd to the server as a
new listen fd.  Or that's one way it could work, at least.

> Is this even a use case worth considering?

Not sure.


More information about the wayland-devel mailing list