Alexandre Julliard julliard@winehq.org wrote:
Sent: Feb 9, 2009 7:26 AM To: James Mckenzie jjmckenzie51@earthlink.net Cc: Austin English austinenglish@gmail.com, wine-devel@winehq.org Subject: Re: ntdll: add a warning about running wine as root (resend)
James Mckenzie jjmckenzie51@earthlink.net writes:
Second, the problem is that newbies, figuring that their favorite program will not run as an ordinary user, gets a wiff that root has more privileges, will attempt run as root totally hosing their Wine directory. This then starts the 'you should not run Wine as root' mantra on Wine-Users. This then causes the newbie to question why did I go to Linux/Wine when I had a perfectly running Windows system?
Please explain how running as root will screw their Wine directory. If that's really true, surely it should be fixed instead of simply throwing out a warning and proceeding.
New wine installation:
su (no dash so root's environment is not picked up) wine notepad install various programs and use them. exit
User logs in a second time after learning how to properly use Wine. Attempt to do anything with Wine in user space. Cannot do due to permissions problems.
The solution:
sudo rm -rf .wine
User now upset because everything they did is gone.
Yes, there are legit reasons to run as root, one of them is the now famous ICMP 'Ping' unavailability issue in Linux. Experts know about this and how to work around it. Newbies, used to Windows and how it works, just figure that this is restricted to administrators, and switch to root to get around it. The proper command, as I have learned through years of UNIX administration, is 'su -' but newbies don't know this and most just use 'su'.
Thus, the need for the warning. Experts tend to know what they are doing, newbies don't for the most part. And yes, I borked many a system as a newbie and as an expert (building kernels for RedHat/Fedora for my Thinkpad.
James McKenzie
James Mckenzie wrote:
Alexandre Julliard julliard@winehq.org wrote:
Sent: Feb 9, 2009 7:26 AM To: James Mckenzie jjmckenzie51@earthlink.net Cc: Austin English austinenglish@gmail.com, wine-devel@winehq.org Subject: Re: ntdll: add a warning about running wine as root (resend)
James Mckenzie jjmckenzie51@earthlink.net writes:
Second, the problem is that newbies, figuring that their favorite program will not run as an ordinary user, gets a wiff that root has more privileges, will attempt run as root totally hosing their Wine directory. This then starts the 'you should not run Wine as root' mantra on Wine-Users. This then causes the newbie to question why did I go to Linux/Wine when I had a perfectly running Windows system?
Please explain how running as root will screw their Wine directory. If that's really true, surely it should be fixed instead of simply throwing out a warning and proceeding.
New wine installation:
su (no dash so root's environment is not picked up) wine notepad install various programs and use them. exit
User logs in a second time after learning how to properly use Wine. Attempt to do anything with Wine in user space. Cannot do due to permissions problems.
The solution:
sudo rm -rf .wine
Solution is sudo chmod -R $username.$groupname .wine
User now upset because everything they did is gone.
Not if you do it right.
Yes, there are legit reasons to run as root, one of them is the now famous ICMP 'Ping' unavailability issue in Linux. Experts know about this and how to work around it. Newbies, used to Windows and how it works, just figure that this is restricted to administrators, and switch to root to get around it. The proper command, as I have learned through years of UNIX administration, is 'su -' but newbies don't know this and most just use 'su'.
Thus, the need for the warning. Experts tend to know what they are doing, newbies don't for the most part. And yes, I borked many a system as a newbie and as an expert (building kernels for RedHat/Fedora for my Thinkpad.
bye michael
James Mckenzie wrote:
Alexandre Julliard julliard@winehq.org wrote: [...] New wine installation:
su (no dash so root's environment is not picked up) wine notepad install various programs and use them. exit
User logs in a second time after learning how to properly use Wine. Attempt to do anything with Wine in user space. Cannot do due to permissions problems.
The solution:
sudo rm -rf .wine
No, the solution is sudo chown -R user:user .wine
It would seem to me that the right place for this to go would be not in Wine itself but in the likes of Crossover and Cedega - the "distributions" and value added apps built around Wine.
I can't reconcile in my head the case where you have a newbie running the latest GIT of Wine needing this kind of thing at all.
Either they want the power and compatibility of the latest GIT version, and all that that entails, including the potential for doing things they didn't intend if they run it as root, or they want some newbie friendly environment that seizes back the reins a little and stops them doing that.
The very most you need there is some kind of a hook, if that.
-- Chris
2009/2/9 Chris Howe mrmessiah@gmail.com:
I can't reconcile in my head the case where you have a newbie running the latest GIT of Wine needing this kind of thing at all.
It's frequently newbies running the WineHQ versions.
Again, I suggest reading the user forum to get an idea of why this keeps being suggested.
- d.
2009/2/9 James Mckenzie jjmckenzie51@earthlink.net:
Thus, the need for the warning. Experts tend to know what they are doing, newbies don't for the most part. And yes, I borked many a system as a newbie and as an expert (building kernels for RedHat/Fedora for my Thinkpad.
Yep. The problem is that newbies are coming from Windows - (a) where the answer to inability to do something is to try again as administrator (b) which sometimes takes precautions to keep you from shooting your foot off.
Solutions:
1. Get better newbies. (Strikes me as unlikely.) 2. Something to help stop them shooting their foot off that won't hamper those who really want to do this.
- d.
James Mckenzie jjmckenzie51@earthlink.net writes:
New wine installation:
su (no dash so root's environment is not picked up) wine notepad install various programs and use them. exit
This shouldn't hurt anything. Please specify the exact platform and show us the exact commands you are using, or better file a bug with that info.
2009/2/9 Alexandre Julliard julliard@winehq.org:
James Mckenzie jjmckenzie51@earthlink.net writes:
New wine installation: su (no dash so root's environment is not picked up) wine notepad install various programs and use them. exit
This shouldn't hurt anything. Please specify the exact platform and show us the exact commands you are using, or better file a bug with that info.
Bug #66666: users break stuff over and over.
I strongly suggest you read this stuff on the user forum for an idea of what we're talking about. Users are ... creative.
- d.
On Mon, 9 Feb 2009, James Mckenzie wrote:
Alexandre Julliard julliard@winehq.org wrote:
Please explain how running as root will screw their Wine directory. If that's really true, surely it should be fixed instead of simply throwing out a warning and proceeding.
New wine installation:
su (no dash so root's environment is not picked up) wine notepad install various programs and use them. exit
User logs in a second time after learning how to properly use Wine. Attempt to do anything with Wine in user space. Cannot do due to permissions problems.
The solution:
sudo rm -rf .wine
Wouldn't a better solution be `sudo chown -r me:me .wine` ?
Steve Brown sbrown7@umbc.edu
2009/2/10 Steve Brown sbrown7@umbc.edu:
On Mon, 9 Feb 2009, James Mckenzie wrote:
Alexandre Julliard julliard@winehq.org wrote:
Please explain how running as root will screw their Wine directory. If that's really true, surely it should be fixed instead of simply throwing out a warning and proceeding.
New wine installation:
su (no dash so root's environment is not picked up)
This would not cause a problem, as $HOME is set to the home directory for root. The problem is mostly when the user runs wine (often winecfg specifically) using sudo.
In the case of "sudo wine" whatever, $HOME is the originating user's home directory, and `id -u` is 0. So this means that root-owned files will appear in $HOME/.wine (assuming no WINEPREFIX is set).
In the case that there is already a .wine owned by the original user before running "sudo wine" whatever, and that user then runs an application as normal user after the permissions have been stuffed with, it *can* (but probably won't) cause weird problems with some files (possibly including registry) not being correctly written to. The only reason why an existing .wine is required for this case is because of the UID owner test in wine.
wine notepad install various programs and use them. exit
User logs in a second time after learning how to properly use Wine. Attempt to do anything with Wine in user space. Cannot do due to permissions problems.
The solution:
sudo rm -rf .wine
Wouldn't a better solution be `sudo chown -r me:me .wine` ?
This would, in most cases, fix it and have no side-effects. But if an application was able to run as normal user when some permissions are set as root-owned in .wine, it could cause problems.
Should we worry about this problem? Probably not, because a "chmod u-w" on a few files would have the same effect. The most important and useful thing to attempt is proper education. Essentially "don't run wine as root or using sudo" for all the various reasons.
Also note that there is little-to-no reason to run wine as root, and that is even further reduced under kernel 2.6.24 and higher where POSIX File Capabilities were introduced. Should we prevent it? No, that's not in keeping with *nix style. Should we provide a warning? Couldn't hurt.
Biggest problem I see at this stage with providing a warning for running as root is, should wine continue or stop on such a warning? In other words, if I trigger the "running as root" warning, should I have to confirm that it's what I want to do somehow, or should I get the warning but wine continue to run?
Just realised something ...
2009/2/10 Ben Klein shacklein@gmail.com:
In the case of "sudo wine" whatever, $HOME is the originating user's home directory, and `id -u` is 0. So this means that root-owned files will appear in $HOME/.wine (assuming no WINEPREFIX is set).
In the case that there is already a .wine owned by the original user before running "sudo wine" whatever,
wine will complain about ownership of .wine. It must be that the cases I've seen, the user has changed the ownership of .wine, but not recursively. With that correction in mind, the rest is a valid use case, but obscure and more like user error than an issue with wine itself.
and that user then runs an application as normal user after the permissions have been stuffed with, it *can* (but probably won't) cause weird problems with some files (possibly including registry) not being correctly written to. The only reason why an existing .wine is required for this case is because of the UID owner test in wine.
<snip>
Should we worry about this problem? Probably not, because a "chmod u-w" on a few files would have the same effect. The most important and useful thing to attempt is proper education. Essentially "don't run wine as root or using sudo" for all the various reasons.
Also note that there is little-to-no reason to run wine as root, and that is even further reduced under kernel 2.6.24 and higher where POSIX File Capabilities were introduced. Should we prevent it? No, that's not in keeping with *nix style. Should we provide a warning? Couldn't hurt.
Biggest problem I see at this stage with providing a warning for running as root is, should wine continue or stop on such a warning? In other words, if I trigger the "running as root" warning, should I have to confirm that it's what I want to do somehow, or should I get the warning but wine continue to run?
On Mon, 9 Feb 2009 07:35:20 -0700 (GMT-07:00) James Mckenzie jjmckenzie51@earthlink.net wrote:
Yes, there are legit reasons to run as root, one of them is the now famous ICMP 'Ping' unavailability issue in Linux. Experts know about this and how to work around it. Newbies, used to Windows and how it works, just figure that this is restricted to administrators, and switch to root to get around it. The proper command, as I have learned through years of UNIX administration, is 'su -' but newbies don't know this and most just use 'su'.
Can you point me at a guide for using ICMP 'Ping' without root? Sorry for being a noob.
On Monday 09 February 2009 17:29:19 IneedAname wrote:
On Mon, 9 Feb 2009 07:35:20 -0700 (GMT-07:00)
James Mckenzie jjmckenzie51@earthlink.net wrote:
Yes, there are legit reasons to run as root, one of them is the now famous ICMP 'Ping' unavailability issue in Linux. Experts know about this and how to work around it. Newbies, used to Windows and how it works, just figure that this is restricted to administrators, and switch to root to get around it. The proper command, as I have learned through years of UNIX administration, is 'su -' but newbies don't know this and most just use 'su'.
Can you point me at a guide for using ICMP 'Ping' without root? Sorry for being a noob.
You want to look at POSIX capabilities. I keep forgetting which one gives access to raw sockets. Google will know.
Cheers, Kai
-
Alexandre Julliard -
Aurimas Fišeras -
Ben Klein -
Chris Howe -
David Gerard -
IneedAname -
James Mckenzie -
Kai Blin -
Michael Stefaniuc -
Steve Brown