Steve Brown <[email protected]> wrote: > >On Tue, 10 Feb 2009, Vitaliy Margolen wrote: > >> Ben Klein wrote: >>> This is not a problem with Wine, this is OpenSUSE breaking the >>> environment when sudo is called. Remember, Wine is not the only X11 >>> app out there. Others will need $DISPLAY working! >> This is something called security.... > >No, the whole point of using sudo is that it removes the necessity of >anyone other than root knowing the root password. If OpenSuSE's default >config requires anyone that needs elevated privileges to know the root >password, it is broken. Using a properly configured sudo, the non-root >users are allowed to execute a (possibly limited) number of commands with >root privileges, but authenticating using their OWN password. > The password method of invoking sudo depends on the UNIX release and the security policy in effect. I've used SUDOUSERS to set who has access to this, used a special password. It is not good security policy to use root's password, unless login as root is completely disabled, as it is with the Mac (it takes six steps to enable root login and Apple advises that this is not necessary.)
However, under no circumstances, should a non-admin user run any Wine application as a super-user through this method. It causes problems as files are created with root's credentials and this causes confusion with some new users. Experts (supposedly) know how to fix this. Running Wine as root should bring up a warning message, in Windows format (that is with the warning icon) advising users that they are running Wine as root and that applications installed and files created will not be available to all users (as they would be in some versions of Windows(TM)). I think this is the purpose of the original request. I do support this as a one-time only warning. Permission to run Wine applications as sudo should remain disabled as some users know of this function and use it to get around running and having root's information. James McKenzie
