Services

[Alexandre Julliard]

Greg Turner <gmturner007 at ameritech.net> writes:

> This is something like how sshd works.  rootwineserver could be a pure-unix
> program that runs as root, and takes care of a very small set of truly
> priveleged operations (like listening on priveleged ports and spawning
> processes as other users).  The wineserver -u winesystem process could
> do "virtually priveleged" operations which require priveleged access in
> windows but not unix (priveleged registry access, authentication, etc).
> 
> Even the above model is too simple if, for example, we truly want to do
> impersonation, or allow services to start as different users as configured
> in the registry, etc.  Some of these features might require a disconnect
> between the concept of unix process parentage and windows process parentage,
> since, for example, for wineservices to launch a service process as 'fred', the
> unix process would probably need to be launched by rootwineserver.

IMO the real question is what do we need this for?  Sure we can use
Unix mechanisms to emulate running services as different users
etc. but is that really what we need?  What are these services doing
that requires switching users?  Is that how we want it to be done
under Unix?

I think that if an application really requires extensive compatibility
with the Windows security mechanism, then it may not be a good idea to
run it under Unix at all, since it probably won't do what you want
anyway. So what are the real world cases that require these kinds of
things?

-- 
Alexandre Julliard
julliard at winehq.com