No subject

Wed Feb 20 09:39:33 CST 2008

> How do I start a process with a limited set of capabilities under
> another uid?
> Use the sucap utility which changes uid from root without loosing any
> capabilities.  Normally all capabilities are cleared when changing uid
> from root.  The sucap utility requires the CAP_SETPCAP capability.
> The following example starts updated under uid updated and gid updated
> with CAP_SYS_ADMIN raised in the Effective set.
> sucap updated updated execcap 'cap_sys_admin=eip' update

Or if your kernel has support of file capiblies create a version of wine with a little more permissions. setfcaps -c cap_net_raw=p -e /bin/ping

There has been no reason to run wine on Linux as root since late 2.2 linux kernels and early 2.4 linux kernels.  Personally I really do wish that a bail out patch would get added to wine for all Linux systems.  Even running services there is no reason for wine to be root.

More information about the wine-users mailing list