"and78386" <wineforum-user@xxxxxxxxxx> wrote: > So there seems to be no way or rather no easy way to prevent the > users to go to download.com to install some crap freeware in Wine? > > That's bad because it would annul the whole security concept i've > configured for the non-admin users on my machines. > > So Wine seems to be no option in secure multiuser environments? I think what you're asking for can be done using groups: 1. Create a wine group. 2. Set /usr/bin/wine to 750 or 550 permissions, owned by an administrative login and the wine group. This keeps ordinary users, who would not be members of the wine group, from running (or copying) it. 3. Create a simple SGID-wine wrapper program, which validates the parameters and then runs wine if the validation succeeds. Of course, this doesn't keep your users from building it themselves, or importing a binary from somewhere.
