On Thu, May 29, 2008 at 9:57 PM, oiaohm <wineforum-user@xxxxxxxxxx> wrote: > austin987 Never ever do the quoted on a Linux system > >> $ sudo wineboot >> $ sudo wine foo.exe >> will work fine (need some way for users that need raw ICMP/disk >> access/etc. to work around it) > > > Raw ICMP and Disk access can be granted many other ways without using sudo. Sudo grants the right to a virus in wine to take out your complete OS. > > I normally stick to posix capiblities to grant them. > > If you distro is old or don't have posix file capiblities in kernel. > > From http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt > >> How do I start a process with a limited set of capabilities under >> another uid? >> >> Use the sucap utility which changes uid from root without loosing any >> capabilities. Normally all capabilities are cleared when changing uid >> from root. The sucap utility requires the CAP_SETPCAP capability. >> The following example starts updated under uid updated and gid updated >> with CAP_SYS_ADMIN raised in the Effective set. >> >> sucap updated updated execcap 'cap_sys_admin=eip' update >> > > > Or if your kernel has support of file capiblies create a version of wine with a little more permissions. setfcaps -c cap_net_raw=p -e /bin/ping > > There has been no reason to run wine on Linux as root since late 2.2 linux kernels and early 2.4 linux kernels. Personally I really do wish that a bail out patch would get added to wine for all Linux systems. Even running services there is no reason for wine to be root. > > > > > > First example I could think of off hand. For power users that need a way to run as root, that's the way to do so (binding to ports < 1024, etc.)
