ntdll: add a warning about running wine as root (resend)

James Mckenzie jjmckenzie51 at earthlink.net
Wed Feb 11 08:58:38 CST 2009 

Steve Brown <sbrown7 at umbc.edu> wrote:
>
>On Tue, 10 Feb 2009, Vitaliy Margolen wrote:
>
>> Ben Klein wrote:
>>> This is not a problem with Wine, this is OpenSUSE breaking the
>>> environment when sudo is called. Remember, Wine is not the only X11
>>> app out there. Others will need $DISPLAY working!
>> This is something called security....
>
>No, the whole point of using sudo is that it removes the necessity of 
>anyone other than root knowing the root password.  If OpenSuSE's default 
>config requires anyone that needs elevated privileges to know the root 
>password, it is broken.  Using a properly configured sudo, the non-root 
>users are allowed to execute a (possibly limited) number of commands with 
>root privileges, but authenticating using their OWN password.
>
The password method of invoking sudo depends on the UNIX release and the security
policy in effect.  I've used SUDOUSERS to set who has access to this, used a 
special password.  It is not good security policy to use root's password, unless 
login as root is completely disabled, as it is with the Mac (it takes six steps to
enable root login and Apple advises that this is not necessary.)

However, under no circumstances, should a non-admin user run
any Wine application as a super-user through this method.  It causes problems as
files are created with root's credentials and this causes confusion with some 
new users.  Experts (supposedly) know how to fix this.  Running Wine as root should
bring up a warning message, in Windows format (that is with the warning icon) 
advising users that they are running Wine as root and that applications installed and
files created will not be available to all users (as they would be in some versions
of Windows(TM)).  I think this is the purpose of the original request.  I do support this
as a one-time only warning.  Permission to run Wine applications as sudo should
remain disabled as some users know of this function and use it to get around running
and having root's information.  

James McKenzie

More information about the wine-devel mailing list