Background:
Some proprietary windows programs only allow a limited number of installations, making it desirable to install to a common location in the “windows style”, instead of installing separately for each user in the “wine style”. In addition, it may be more efficient for an administrator to install a program once, even if the license allows for unlimited installations. Codeweavers refers to this type of multi-user installation as Shared Global Mode.
Outline of method:
We are going to create a new user, “windows”, that will host the system-wide wine installation. We will then give some of our users permission to run windows programs as the user windows, with wine, on their own desktop, without having to switch accounts or enter passwords.
Estimated time
15-20 minutes
Preparation:
Install wine if you haven't already done so.
sudo apt-get install wine
winecfg
Close the window
STEP 1. Add a new user without a password.
Pick a user name that doesn't exist on your system
sudo adduser --disabled-password windows
STEP 2. Backup /etc/sudoers and use visudo to edit /etc/sudoers
2.1 Backup /etc/sudoers in case something bad happens.
sudo cp /etc/sudoers /etc/sudoers.bak
sudo visudo
I used this page to figure out how to edit with vi. I got a log of mileage out of i, o, x, dd and :wq.
If you're a nano user, you can do this:
sudo EDITOR=nano visudo
sudo EDITOR=xedit visudo
This will probably be all the people currently in your admin group
User_Alias ADMIN = ron
User_Alias WINDOWS_USERS = kim,ian,mason,collin,ron
2.5 In the command alias section, define which programs the windows user can run
Cmnd_Alias WINDOWS = /usr/bin/wine,/usr/bin/winecfg
Defaults:WINDOWS_USERS env_reset
Defaults:WINDOWS_USERS env_keep += DISPLAY
Defaults:WINDOWS_USERS env_keep += XAUTHORITY
Delete this:
%admin ALL=(ALL) ALL
Replace it with this:
ADMIN ALL=(ALL) ALL
2.8 Add a line at the bottom that gives WINDOWS_USERS permission to run WINDOWS programs, without a password, as user windows
WINDOWS_USERS ALL = (windows) NOPASSWD: WINDOWS
# User alias specification
# define which users can run the wine/windows programs
User_Alias WINDOWS_USERS = kim,ian,mason,collin,ron
# define which users can administrate (become root)
User_Alias ADMIN = ron
# Cmnd alias specification
# define which commands the WINDOWS_USERS may run
Cmnd_Alias WINDOWS = /usr/bin/wine,/usr/bin/winecfg
# Defaults
Defaults:WINDOWS_USERS env_reset
Defaults:WINDOWS_USERS env_keep += DISPLAY
Defaults:WINDOWS_USERS env_keep += XAUTHORITY
Defaults !lecture,tty_tickets,!fqdn
# User privilege specification
root ALL=(ALL) ALL
# Members of the admin user_alias, defined above, may gain root privileges
ADMIN ALL=(ALL) ALL
# The WINDOWS_USERS may run WINDOWS programs as user windows without a password
WINDOWS_USERS ALL = (windows) NOPASSWD: WINDOWS
STEP 3: Move your .wine directory over to the windows user's .wine directory
sudo mv ~ron/.wine ~windows/.wine -iv
sudo chown windows:users ~windows/.wine/ -Rfv
This command has to be issued from the user shell (not root)
xhost +local:windows
STEP 5: Run your windows programs with sudo, no password required.
sudo -u windows -H wine notepad
If you want to run or install programs for yourself (not for all the windows_users) just use wine without sudo like this:
wine notepad
sudo mv ~windows/.wine ~ron/.wine -iv
sudo chown ron:ron ~ron/.wine/ -Rfv
sudo deluser --remove-home --backup windows
sudo cp /etc/sudoers.bak /etc/sudoers
Remove the sudo -u windows -H from any menu items that you edited
This moves your wine directory back, puts the file ownership back in your name, completely removes the new user and replaces your sudoers file. Remember that you can even replace the sudoers file from a live disk if things go horribly wrong and you can't log in or get root privileges.
Broader applications
After looking at the above information, it should be a simple exercise to modify my steps to run any program, including a browser like firefox, as a different user on your desktop.
Closing Thoughts
a. Remember to add the windows user to the appropriate groups so that wine can access the necessary system resources: cdroms, sound, floppies etc.
b. Remember that if you want to add a new system administrator that you not only have to add them to the admin group, you will have to edit /etc/sudoers to add them to the ADMIN user alias.
Test Systems
Ubuntu Hardy 8.04 on Dell Inspiron 5100
Ubuntu64 Hardy 8.04 on a homebuilt quadcore
Ubuntu Intrepid 8.10 circa 9/11/08 on a homebuilt quadcore (I got nano as the editor for visudo instead of vi)
Ubuntu Jaunty 9.04
Credits
Link:Running Firefox as another user, using sudo
Link:Running firefox as a different user Thanks Gaten for post #5
Link:suauth and pam.d Thanks HalPomeranz for post #16
Disclaimer
As always, this worked for me, but YMMV. Read, think and remember that I am "just some guy on the internet" before you apply changes to an important system.