7. Running dosemu as a normal user

This section of the document by Hans, <lermen@fgan.de>. Last updated on June 16, 1997.

1. You have to make 'dos' suid root, if want a fullfeature DOSEMU, this normally is done when you run 'make install'. But as od dosemu-0.97.10, you need not if you don't access to ports, external DOSish hardware and won't use the console other then in normal terminal mode.
2. You can restrict access to the suid root binary via /etc/dosemu.user. by specifying `nosuidroot' for a given user (or all).
3. Have the users that are allow to execute dosemu in /etc/dosemu.user. The format is:

        loginname [ c_strict ] [ classes ...] [ c_dexeonly ] [ other ]
   

   For details see Configuring DOSEmu. For a first time easy installation you may set it as follows (but don't forget to enhance it later !!!):

        root c_all
        lermen c_all
        all nosuidroot c_all
   

4. The msdos partitions, that you want to be accessable through lredir should be mounted with proper permissions. I recommend doing this via 'group's, not via user ownership. Given you have a group 'dosemu' for this and want to give the user 'lermen' access, then the following should be
   • in /etc/passwd:

          lermen:x:500:100:Hans Lermen:/home/lermen:/bin/bash
                       ^^^-- note: this is NOT the group id of 'dosemu'
     

   • in /etc/group:

          users:x:100:
          dosemu:x:200:dosemu,lermen
                   ^^^
     

   • in /etc/fstab:

          /dev/hda1 /dosc msdos defaults,gid=200,umask=002 0 0
                                             ^^^
     

   Note: the changes to /etc/passwd and /etc/group only take place the next time you login, so don't forget to re-login. The fstab entry will mount /dosc such that is has the proper permissions

      ( drwxrwxr-x  22 root     dosemu      16384 Jan  1  1970 /dosc )
   

   You can do the same with an explicit mount command:

         mount -t msdos -o gid=200,umask=002 /dev/hda1 /dosc
   

   Of course normal lredir'ed unix directories should have the same permissions.
5. Make sure you have read/write permissions of the devices you configured (in /etc/dosemu.conf) for serial and mouse.

Starting with dosemu-0.66.1.4 there should be no reason against running dosemu as a normal user. The privilege stuff has been extensively reworked, and there was no program that I tested under root, that didn't also run as user. However, if you suspect problems resulting from the fact that you run as user, you should first try configuring dosemu with the 'runasroot' option (see setup-dosemu tool). This lets dosemu permanently run as (suid) root and only use user privileges when accessing secure relevant resources. Normally dosemu will permanently run as user and only temporarily use root privilege when needed and in case of non-suid root (as of dosemu-0.97.10), it will run in lowfeature mode without any priviledges.