Base: Run WindowServer as a separate "window" user

This was actually rather painless and straightforward. WindowServer now runs as the "window" user. Users in the "window" group can connect to it via the socket in /tmp/portal/window as usual.
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/9794e18a20e
2024-09-30 00:31:14 +00:00 · 2020-02-16 19:26:31 +01:00 · 2020-02-16 19:26:31 +01:00 · 9794e18a20 · 2024-07-19 09:16:15 +09:00
parent 0415db30c6
commit 9794e18a20
4 changed files with 11 additions and 2 deletions
--- a/Base/etc/SystemServer.ini
+++ b/Base/etc/SystemServer.ini
@ -22,9 +22,10 @@ User=lookup

 [WindowServer]
 Socket=/tmp/portal/window
+SocketPermissions=660
 Priority=high
 KeepAlive=1
-User=anon
+User=window

 [Clock.MenuApplet]
 KeepAlive=1
--- a/Base/etc/group
+++ b/Base/etc/group
@ -1,8 +1,9 @@
 root:x:0:
 wheel:x:1:anon
 tty:x:2:
-phys:x:3:anon
+phys:x:3:window
 audio:x:4:anon
 lookup:x:10:protocol,anon
 protocol:x:11:anon
+window:x:13:anon
 users:x:100:anon
--- a/Base/etc/passwd
+++ b/Base/etc/passwd
@ -1,5 +1,6 @@
 root:x:0:0:root:/:/bin/sh
 lookup:x:10:10:LookupServer,,,:/:/bin/false
 protocol:x:11:11:ProtocolServer,,,:/:/bin/false
+window:x:13:13:WindowServer,,,:/:/bin/false
 anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
 nona:x:200:200:Nona,,,:/home/nona:/bin/sh
--- a/Kernel/build-root-filesystem.sh
+++ b/Kernel/build-root-filesystem.sh
@ -6,6 +6,8 @@ wheel_gid=1
 tty_gid=2
 phys_gid=3
 audio_gid=4
+window_uid=13
+window_gid=13

 die() {
    echo "die: $*"
@ -83,6 +85,10 @@ cp -R ../Base/* mnt/
 cp -R ../Root/* mnt/
 cp kernel.map mnt/res/
 chmod 400 mnt/res/kernel.map
+
+chmod 660 mnt/etc/WindowServer/WindowServer.ini
+chown $window_uid:$window_gid mnt/etc/WindowServer/WindowServer.ini
+
 echo "done"

 printf "installing users... "