| 1 |
On Sun, 18 Apr 2010 00:46:25 +0100 |
| 2 |
David W Noon <dwnoon@××××××××.com> wrote: |
| 3 |
|
| 4 |
> If any Joe Schmoe could imbue a program with capabilities, this might |
| 5 |
> be true. But that's not the way the system works. |
| 6 |
|
| 7 |
Sorry, I think i'm missing your point. |
| 8 |
|
| 9 |
> Only root can run the setcap program to add capabilities to a program, |
| 10 |
> at least on a normal, UNIX-style security system. On a role-based |
| 11 |
> security system, even root might not be permitted to do this. |
| 12 |
|
| 13 |
If I had the root password to own system(which I do...) and I wanted Wine to uses IPX |
| 14 |
without running as root. I would set "setcap cap_net_raw=ep /usr/bin/wine" as root. |
| 15 |
Then I could run Wine as my normal user. |
| 16 |
|
| 17 |
No one in there right mind would run Wine as root. If you did you may as well use Windows. |
Archives