> How do I start a process with a limited set of capabilities under
> another uid?
>
> Use the sucap utility which changes uid from root without loosing any
> capabilities. Normally all capabilities are cleared when changing uid
> from root. The sucap utility requires the CAP_SETPCAP capability.
> The following example starts updated under uid updated and gid updated
> with CAP_SYS_ADMIN raised in the Effective set.
>
> sucap updated updated execcap 'cap_sys_admin=eip' update
>
Or if your kernel has support of file capiblies create a version of wine with a
little more permissions. setfcaps -c cap_net_raw=p -e /bin/ping
There has been no reason to run wine on Linux as root since late 2.2 linux
kernels and early 2.4 linux kernels. Personally I really do wish that a bail
out patch would get added to wine for all Linux systems. Even running services
there is no reason for wine to be root.
