[Wine] Limiting the execution of Wine to allowed programs

[Martin Gregorie]

On Tue, 2012-01-10 at 21:36 -0600, tomsawyer2k5 wrote:

> I was thinking something like having Mint not even recognize the .exe
> extension by removing the file association, but then how do I get Wine
> to execute the three games I've installed?
> 
That wouldn't work because, although Linux uses file extensions to
associate data files with the programs that operate on them, this is
irrelevant when it comes to executing a program.

All that matters for a standard Linux program to be run is whether: 
(1) the binary can be found, which means that one of these must be true:
    - it is in the user's search path
    - it is referenced with a relative path name, e.g. ./mybinary
    - it is referenced directly with an absolute pathname, e.g.
      /usr/local/bin/mybinary  
(2) its access permissions mark it as executable by the user who is
    trying to run it.

The file name of a binary executable is not relevant for deciding
whether to run it.
 
Wine apps are a bit different: if they have the appropriate executable
permissions set and you're in the right directory or use an absolute
pathname the app may start and run: at least one of the apps I use does
that. Condition (1) above still applies, but Wine apps can also be run
by explicitly calling wine:

   wine myapp.exe

regardless of whether the execute permissions are set or not and
regardless of what the file extension may be (rename a Windows exe and
see this for yourself). All that matters in this case is that the
executable must be readable by the user trying to run it.

So, in the end it all comes down to using file permissions to control
who gets to run any binary executable.

Martin