Passing --session foo/<group> will allow the members of the designated
UNIX group to attach the shared heap and use the Copperplate services
within a particular session.

<group> may be a valid GID or group name from /etc/group.  With
Cobalt, such group would typically match the xenomai.allowed_group
parameter passed to the kernel.

To set up a shared session involving non-privileged users, all of them
must be members of a dedicated UNIX group, and the following
operations should be carried out:

1. if using Cobalt, pass xenomai.gid=<group-id> on the kernel command
line accordingly

2. set udev rules to chown+chmod /dev/rtdm/* files with proper group
permissions (e.g. for user group "xenomai" => SUBSYSTEM=="rtdm",
MODE="0660", GROUP="xenomai")

3. create the registry root manually with proper permissions, 1777 is
recommended if non-privileged processes will belong to the session

4. if --shared-registry is required from a non-privileged session
initiator (i.e. the first process establishing the session), set
user_allow_other in /etc/fuse.conf

5. to start a session with group-based access control, suffix the
session name with the allowed group name or id separated with a slash
('/') when starting the session initiator, i.e. --session
name/<group-id|group-name>.

For instance, with {user} a member of the "xenomai" group:

/* The initiator of session 'foo' is [root] */
[root] ./program --session foo/xenomai

/* Bind a non-privileged process from {user} to session 'foo' */
{user} ./program --session foo

Or, with {user1} and {user2} both members of the "xenomai" group:

/* The initiator of session 'foo' is {user1} */
{user1} ./program --session foo/xenomai

/* Bind a process from {user2} to session 'foo' */
{user2} ./program --session foo