On Thursday, October 17, 2019 5:05:56 PM EDT Christian Göttsche wrote: block execution and prevent any changes. That is, unless you are allowing fine grained controls like you can update the password but not the user name or anything else in the database. This is normally thought of in a client/server situation such as dbus (system not session). Dbus runs as root and has no associated login uid so in this case you would want to know who dbus was making a decision for. It would know who the peer is. In the case where the application is invoked by the user, just use the uid to whatever the account is that is being operated on. In the case where no account exists because it is being created, then use -1. Hope this helps... -Steve