Use Wine when running under a different user

[frpenguin]

There have been quite a few discussions in the Manjaro Forum about the option to run wine under a different user as stated in the Arch Wiki to minimize possible security issues.

So the questions are 2:

1. If the guide is followed, how could someone configure Lutris to use that configuration ?
2. How could that affect the wine versions bundled with Lutris ?

[ghost]

Personally, I feel that is way over complicating things, unnecessary, and plain nuts unless there are two or more physical people using it with different user logins. It might work ok enough if done well or might not if something is missed.

[What I mean to say with that is, if its installed with one user when there are multiple users for logins, then its understandable to me, but I don't like applications that try to limit by making a user for a user if the application is not designed to do it officially. Even when it is, it can be plain annoying.]

Probably wouldn't file any bug reports either since its not really proper to how the application is designed and extra problems could happen. You can see that in effect by what is written below it "Keep in mind that audio will probably be non-functional in Wine programs which are run this way if PulseAudio is used."

Lutris has a sandbox mode which should void that anyway. I don't know why it wouldn't if its a good sandbox. Sandbox is supposed to box things. So I don't see a point to using a user to sandbox.

But, I can imagine some of the Linux people wanting this having some major attitudes so whatever lol.

[strycore]

I find this interesting, not because of the separate user but for the use of xhost, which I assume opens a X session within a X session. If we can emulate a display of an arbitrary size, it could solve a lot of issues with old native games. I know this has little to do with the user thing but still something I'm considering. If we go and add xhost integration, then we could possibly let people choose which user they want to run the game as.

I'm thinking that this may add local co-op to a bunch of games that don't support it.

Also, this might already be possible to do. Here's what I would try: Create a lutris user and use it to install and configure a few games. Then log out of your lutris user back to your regular user, then instead of starting Wine, you start lutris itself in xhost, or you launch a lutris game via xhost.

[frpenguin]

Lutris has a sandbox mode

I must say I had not seen that. As I understand it, all the games are confined inside the Windows environment when installing/running instead of the $HOME folder. I presume, one must use a lutris installer for that to be achieved. So in that case, a good approach would be (at least for now) to test the following:

1. Install Lutris and Wine and its dependencies under another user.
2. Do not make that user an administrator.
3. Create a Launcher that starts lutris under xhost under your own user.

Do you agree ?

[strycore]

I think there is some misunderstanding on what Wine is capable of doing.

Running Wine as a user that cannot be granted root access has never been a thing. Running wine as root, sure, that's discouraged. But putting some kind of security circus based on the idea that some Windows program could possibly gain root access on a Unix based system is completely bonkers.

So no, I don't agree with the initial motivation behind the ticket, I just think it could have some cool side effect.

[shell-ghost]

I didn't know Lutris had a sandbox mode. I can't seem to find in either. How do I enable it? A secure sandbox-mode would effectively solve the "problem" with Windows games/software potentially getting access to personal files/folders located in the homefolder.

[strycore]

the wine sandbox is enabled in lutris unless you explicitly disable it.

[shell-ghost]

the wine sandbox is enabled in lutris unless you explicitly disable it.

And this prevents software to gain access to the homefolder?

[strycore]

Yes, at least from the point of view of Windows programs in regards to your home folder. Technically, a Windows program can access the Linux files through the Z: drive that is created by default (it can be removed) but the point of the sandbox is about separating the Windows home folder from your own home folder.