Greg Turner gmturner007@ameritech.net writes:
This is something like how sshd works. rootwineserver could be a pure-unix program that runs as root, and takes care of a very small set of truly priveleged operations (like listening on priveleged ports and spawning processes as other users). The wineserver -u winesystem process could do "virtually priveleged" operations which require priveleged access in windows but not unix (priveleged registry access, authentication, etc).
Even the above model is too simple if, for example, we truly want to do impersonation, or allow services to start as different users as configured in the registry, etc. Some of these features might require a disconnect between the concept of unix process parentage and windows process parentage, since, for example, for wineservices to launch a service process as 'fred', the unix process would probably need to be launched by rootwineserver.
IMO the real question is what do we need this for? Sure we can use Unix mechanisms to emulate running services as different users etc. but is that really what we need? What are these services doing that requires switching users? Is that how we want it to be done under Unix?
I think that if an application really requires extensive compatibility with the Windows security mechanism, then it may not be a good idea to run it under Unix at all, since it probably won't do what you want anyway. So what are the real world cases that require these kinds of things?