No subject
Wed Feb 20 09:39:33 CST 2008
> How do I start a process with a limited set of capabilities under
> another uid?
>
> Use the sucap utility which changes uid from root without loosing any
> capabilities. Normally all capabilities are cleared when changing uid
> from root. The sucap utility requires the CAP_SETPCAP capability.
> The following example starts updated under uid updated and gid updated
> with CAP_SYS_ADMIN raised in the Effective set.
>
> sucap updated updated execcap 'cap_sys_admin=eip' update
>
Or if your kernel has support of file capiblies create a version of wine with a little more permissions. setfcaps -c cap_net_raw=p -e /bin/ping
There has been no reason to run wine on Linux as root since late 2.2 linux kernels and early 2.4 linux kernels. Personally I really do wish that a bail out patch would get added to wine for all Linux systems. Even running services there is no reason for wine to be root.
More information about the wine-users
mailing list