You are not logged in.
- Topics: Active | Unanswered
#1 2018-06-19 19:36:18
- qborki
- Member
- Registered: 2016-08-27
- Posts: 7
[SOLVED] make application executable by one user only
I certainly could change file permissions with chown/chmod, but updating the package would undo those changes. Is there a way too make it persistent?
To be more specific, I am trying to sandbox wine. I'd like to make it executable only by wineuser.
Last edited by qborki (2018-06-19 21:27:11)
Offline
#2 2018-06-19 19:38:02
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 29,525
- Website
Re: [SOLVED] make application executable by one user only
Why are you trying to do this? Are there other users on the system that you don't want using wine? Do they have physical, or only remote access to the machine?
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
#3 2018-06-19 19:55:43
- qborki
- Member
- Registered: 2016-08-27
- Posts: 7
Re: [SOLVED] make application executable by one user only
There are no other users besides me, but I'd really like too prevent myself from accidentally running wine under my account.
The best solution I've come up so far is to create a script with the same name.
export PATH=~/bin:$PATH
~/bin/wine
sudo -u wineuser /usr/bin/wine "$@"
Offline
#4 2018-06-19 20:42:00
- drcouzelis
- Member
- From: Connecticut, USA
- Registered: 2009-11-09
- Posts: 4,092
- Website
Re: [SOLVED] make application executable by one user only
To be more specific, I am trying to sandbox wine. I'd like to make it executable only by wineuser.
I bet I can guess why! Is it because you want to keep the "messy" Wine configuration files out of your default user's home directory? 
The best solution I've come up so far is to create a script with the same name.
export PATH=~/bin:$PATH
~/bin/wine
sudo -u wineuser /usr/bin/wine "$@"
That seems fine. I've done similar things before. 
Offline
#5 2018-06-19 20:44:13
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,192
Re: [SOLVED] make application executable by one user only
You can create a pacman hook (man alpm-hooks) that runs after wine has been changed and sets permissions. For me shadowing it with another binary in $PATH would be more than enough to prevent accidental execution.
Edit: "provide accidental execution"... What was I thinking 
Last edited by progandy (2018-06-19 20:45:21)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#6 2018-06-19 21:18:08
- qborki
- Member
- Registered: 2016-08-27
- Posts: 7
Re: [SOLVED] make application executable by one user only
I bet I can guess why! Is it because you want to keep the "messy" Wine configuration files out of your default user's home directory?
Yes, that too. Wine also likes to add things to your desktop and pollute mime associations.
You can create a pacman hook (man alpm-hooks) that runs after wine has been changed and sets permissions. For me shadowing it with another binary in $PATH would be more than enough to prevent accidental execution.
Thanks! That's a great idea. Didn't know about pacman hooks.
So my final solution looks like this:
$ sudo usermod -a -G wineuser qborki
/etc/sudoers
...
%wineuser ALL=(wineuser) NOPASSWD: /usr/bin/wine/usr/share/libalpm/hooks/wine-chmod.hook
[Trigger]
Type = File
Operation = Install
Operation = Upgrade
Target = usr/bin/wine
[Action]
Description = Make wine executable only by wineuser...
When = PostTransaction
Exec = /bin/sh -c '/bin/chown wineuser /usr/bin/wine && /bin/chmod go-x /usr/bin/wine'Case closed.
Offline