--- Steve Langasek vorlon@dodds.net wrote:
On Thu, Oct 24, 2002 at 08:08:49AM -0700, Dustin Navea wrote:
or what if someone just changes the owner/group on the file (like a word doc), and
then
tries to run it with wine, what happens then?
Unless wine has some suid capabilities (which it shouldn't) this has no impact - wine runs in the account of
the
user who opens the file (runs word).
I was actually thinking more from a read the file standpoint, i.e if in the future wine runs as a service with its own account, would wine be able
to
read the file after someone changed the file's
owner
from wine to, say user speeddy, or would it just
say
access denied and not let you read the file,
therefore
making you have to redo the permissions or make it owned by wine again.
Just as wine should not be run as root, file i/o in wine should NEVER be done in a security context other than that of the user running the Windows app. Anything that would cause user data files to be written out under a different uid is broken.
Thats not what I'm saying, what I'm saying is this: wine gets started by an initscript, so that you can run a .exe file by directly double-clicking on it. User Speeddy double-clicks winword.exe, creates a .doc file adds a few lines and saves it. When it gets saves, it gets saves to the *nix fs with owner and group wine. Say later on he wants to try out kword. So he goes to open it in kword, but since he isnt user wine or part of group wine, he gets access denied. So he goes and changes the owner/group to speeddy/speeddy, oepns the file in kword, adds a few more lines, and saves it. Then he decides he doesnt like kword and goes to run it in ms word again. Access denied again because it isnt owned by user/group wine, it is owned by user/group speeddy. So he has to go redo the owner/group again. That is too much of a hassle. Wine could be an almost all-powerful account. Where root is god, wine could be king. root can rwx anything, wine can rw anything...
I know the above example is not very common, but it can happen if we have wine running in it's own account, unless the wine account is setup as explained in the end of above paragraph.
-Dustin
P.S. have I confused everyone enough yet? ;-P
__________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/