would aan + drawterm be a solution?
> using VM/386 to multiplex window sessions is rather like virtualising the
> Unix system call layer to allow several IP stacks. it seems just
> a little heavy-handed. there is actually little difference between
> multi-user cpu servers and single-user terminals as far as the plan 9 kernel
> is concerned:
> mainly configuration and a few small policy differences.
>
> if each user is given a rio session, much as martin suggested,
> and it has its own name space (as with newns)
> it will use its own attach to the file server, and
> thus run with the desired file permissions.
>
> /dev/user can be set using cap(3).
>
> the host owner (/dev/hostowner) owns all devices, including cap(3),
> which works well in existing use `as intended', but for non-overlapping shared
> use of a single-user terminal would probably require something
> to set hostowner when it switches to a given user's session.
>
> the draw devices would all change ownership too, but if that makes
> things too open (because the current user can see all window contents),
> then it probably isn't hard to record ownership on draw directories
> (as for /net/tcp directories and a few other devices).
>
> the more serious problem is that there isn't a good paint program.
