Tutorial Others Playing On Linux - Tutorials, Tools And Help

[MrBlack ✌]

Unless you're absolutely certain these games aren't infected with malware, it's not a good idea to run them directly from steam or any other way where they have free access to your home/any critical data. It's safer to create a new user without sudo privileges just to play them, using heroic, or run them with a sandbox.

That's absolutely correct, but the risk of running unknown files isn't limited to Linux.
At least my user account doesn't have root privileges. After deleting the symlink z:, Steam can't see the entire system anymore.
Why do you think Heroic is more secure than Steam? As far as I can see, both create separate Wine prefixes and use Proton.
However, using Steam (or Heroic) as a Flatpak or isolating Steam with Firejail (with an extra home path) would be much more secure.

 

[eevkyi]

That's absolutely correct, but the risk of running unknown files isn't limited to Linux.
At least my user account doesn't have root privileges. After deleting the symlink z:, Steam can't see the entire system anymore.

Since many people believe that the risk of being affected by malware using linux is practically non-existent, I thought it was important to warn, as they could end up running pirated games directly from steam without any precaution, thinking it is safe.

Why do you think Heroic is more secure than Steam? As far as I can see, both create separate Wine prefixes and use Proton.
However, using Steam (or Heroic) as a Flatpak or isolating Steam with Firejail (with an extra home path) would be much more secure.

Despite the integration with different stores, heroic doesn't require you to be logged into any of them to play random games, so along with a new limited account, it ends up being a simple way to play safely, especially for a beginner who may find it complicated to deal with terminal commands and additional settings.

 

[its_not_real]

Unless you're absolutely certain these games aren't infected with malware, it's not a good idea to run them directly from steam or any other way where they have free access to your home/any critical data.

If the fear is that bug that was found in unity, it's actually clever to run them with steam snipr, because steam will refuse to run the game if certain criteria is not met. (or rather, if steam detects non normal activity when launching the game)

You must be registered to see the links

Added mitigations for Unity CVE-2025-59489, blocking a game launch through the Steam Client when an exploit attempt is detected.

Besides, the CVE has been blown out of proportion. Even if the CVE number seems very high, the risks for "normal" users is not high at all.
Also, Android (but could theoretically be exploited on other systems)

You must be registered to see the links

This vulnerability allows malicious intents to control command line arguments passed to Unity applications, enabling attackers to load arbitrary shared libraries (.so files) and execute malicious code, depending on the platform.

In its default configuration, this vulnerability allowed malicious applications installed on the same device to hijack permissions granted to Unity applications on Android.

In other words, if you run it through steam, steam will not allow passing malicious command line arguments.

There is also no privilege escalation in the bug.
NEVER run a game (or a launcher like steam) as root (with sudo), game software has no reason to exist anywhere else but in userspace (unless you are insane and allow kernel level anti cheat on windows)

Unity also very often run natively without the need for any proton compatibility layer.
That's my 2 cents of it...

 

[its_not_real]

After deleting the symlink z:, Steam can't see the entire system anymore.

First you have to do that on EVERY single prefix, every game has it's own prefix.
And by doing so you remove the possibility to run anythin outside the prefix, witch you should not do.
See:

You must be registered to see the links

Removing the z: drive will prevent Wine from running anything outside the wineprefix. It may prevent some apps from working properly, so doing that is not supported.

It's there for a reason. And what does it matter if there is access to /? You are still just a user (unless you started with sudo) and do not have access to any sensitive information anyway.
Try opening something like /path/to/pfx/dosdevices/z/etc/shadow and see for yourself, it will deny access due to lack of privilege.

 

[allanl9020142]

In my experience, at least, unity and unreal games are the most straightforward to play using proton-ge. Keeping windows is more useful if you play online games with problematic anti-cheats, like valorant or league of legends.

As far as I can tell all Unity games run really well don't even need Proton for them.

Yea, I'm really sorry. But I'm new all of this so I'm not sure what any of that is.

I'm basically just trying to run the games from here on Linux. It doesn't seem to be as idiot-proof as "click on the .exe file and it runs". Unless I'm an idiot and it is supposed to be like that but I did something wrong.

 

[MrBlack ✌]

I agree the most.

Unity also very often run natively without the need for any proton compatibility layer.

Do you mean if there's a Linux download?
How do I run a Unity game from here that has no .sh file, only an .exe file, without Proton(GE)?

 

[its_not_real]

Yea, I'm really sorry. But I'm new all of this so I'm not sure what any of that is.

No reason to ask for forgiveness buddy, everybody was a beginner at first, the question is did you even try to learn?
So you don't know what proton is? Tried google?

You must be registered to see the links

You must be registered to see the links

I'm basically just trying to run the games from here on Linux. It doesn't seem to be as idiot-proof as "click on the .exe file and it runs". Unless I'm an idiot and it is supposed to be like that but I did something wrong.

Ehh.... Depends... If you setup wine (

You must be registered to see the links

can be very useful for this) correctly, you might be able to just "double click" and run a WINDOWS APPLICATIONS on linux.
I can do that for simple applications, but I would never do it that way. Quite frankly, most times I accidentally double click an .exe file and will have to manually remove the wine prefix that was created for it.

Let me ask you this: if you are trying to run windows applications, why are you using linux?
Would you try to run windows applications on an apple device too?
How about you execute a linux binary on windows and tell me how that works for you...
On linux, file endings does not matter at all, the inode (or shebang, explanation below) of the file does.
Check ls for example, the application you use to list your directories and files.

Explanation:

First check where the location of ls is located using whereis. You can also use an application called which, but in this case it might not work because on a lot of systems ls is aliased inside .bashrc:

$ which ls
ls: aliased to ls --color=auto

$ whereis ls
ls: /usr/bin/ls /usr/share/man/man1/ls.1.gz

With whereis the first path it the location of the application and the second is where the manual is located.
See the absense of any file suffix like .exe?

You can then check what kind of file it is with an application called file (use the path you got in previous command, it might differ from what i have on my system):

$ file /usr/bin/ls
/usr/bin/ls: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=c4559d6cae6c36bc3cc7b1f97fe3379ada0b52a2, for GNU/Linux 4.4.0, stri
pped

Witch is unix way of telling you it's a binary.

You can do that on any file and it will tell you what it is, for example your .bashrc

$ file ~/.bashrc
.bashrc: Unicode text, UTF-8 text

But hold on a second, the content of .bashrc is a bunch of code, why is it a "text file":

$ cat ~/.bashrc
#
# ~/.bashrc
#

# If not running interactively, don't do anything
[[ $- != *i* ]] && return

if [ $(tput colors) -lt 256 ]; then
  PS1='\n\[\e[48;5;33m\] \[\e[38;5;255;1m\]\u\[\e[22;39m\] \[\e[48;5;239m\] \[\e[38;5;255m\]\w\[\e[39m\] \[\e[38;5;255m\]\$\[\e[39m\] \[\e[00m\] '
else
  PS1='\n\[\e[38;5;255;48;5;33m\] \[\e[1m\]\u \[\e[0;38;5;33;48;5;239m\] \[\e[38;5;255m\]\w \$ \[\e[0;38;5;239m\] \[\e[00m\]'
fi

if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi

This is simply because the file essentially is just a text file, the contents of that file gets sourced and ran in bash when you start your termial (your shell). This is a bit of a special case so lets do an experiment.

To show how this works, I have a folder called test in my home with three files inside:

ls -l ~/test
-rwxr--r-- 1 test test 3517 Oct 21 04:29 test2.sh
-rwxr--r-- 1 test test 5302 Oct  6 00:56 test.sh
-rw-r--r-- 1 test test  313 Jul 31 15:04 test.txt

As you can see there are two script files and one text file, the script files are executable by the owner (test) as can be seen with the x inside "rwxr--r--", user group and all others only have read access.
So lets check the files:

$ file ~/test/test.txt
test/test.txt: ASCII text

$ file ~/test/test.sh
test/test.sh: Bourne-Again shell script, ASCII text executable

$ file ~/test/test2.sh
test/test2.sh: ASCII text

Hold on, test2.sh is labeled as a text file...

The reason for this is something called the

You must be registered to see the links

, witch is the first line of a file that tells linux what to use to execute the file, looks like this:

$ cat ~/test/test.sh | head -1
#!/usr/bin/env bash

It simply tells the linux kernel to use the application env to figure out where bash is located on your system (the path can be different on different systems) and then execute the file using bash as interpreter (this could for example be python for a python file).
In the second file, I removed the shebang to prove this point.

$ env --help | head -2
Usage: env [OPTION]... [-] [NAME=VALUE]... [COMMAND [ARG]...]
Set each NAME to VALUE in the environment and run COMMAND.

Conclusion:

Use linux applications on linux. If there is some specific windows application you REALLY need for some reason, let's say photoshop with devs that actively fight against usage on linux, use the correct tool to run it, like

You must be registered to see the links

for example.

Games:
If you are talking about pirated windows games, yeah, you would have to know how to set that up manually with wine prefixes.
I have only tried that once for fun to see if it worked. I used

You must be registered to see the links

to install a pirated version Everspace 2 and it ran with better fps than on windows using steam, raytracing, and everything. Even stuff like dlss worked flawlessly if I wanted to use that.
So doable? yes.. Simple? Well, I would not call it complicated to be honest, you just have to understand how wine and in my case how lutris works in combination with wine and then install it through there.

How do I run a Unity game from here that has no .sh file, only an .exe file, without Proton(GE)?

As explained above, a .sh file is just a script file, just like .bat files are on windows. Has nothing to do with anything if it does not exist. What is needed is a binary for linux.
And I was talking about running games through steam. If there IS A LINUX version, steam will download and use that unless you set a global or per game translation layer.
If you manually download something, it's up to YOU to make sure you download the linux version (if the devs provide that), not windows or you will also have to setup wine prefixes and make sure you run the windows version through a proton layer.

My point about unity games usually having a native version is when devs are making a unity game, they pretty much only have to also click a checkbox when compiling and unity will compile for linux as well.

So on steam, it's 95% "just click download and then play", steam will handle it. If there is no native version of the game and you have not selected a proton layer to use, the "play" button on steam will be greyed out and you fix that in 5s by editing compatibility layer in the steam game settings (click the game, then the cog-wheel and set compatability layer) and steam will "update the game" to launch through proton and the play button becomes available.

Hope this clarifies a bit.

 

[Flugelbozz]

Summary
Typically, running an .exe without prior setup, will lead to using the default wine prefix (~/.wine) which is not recommended.

The wine prefix is where all the data of that program is "installed" and saved, if you want to uninstall a program, just delete it's prefix.

So rather than cluttering up the default prefix, use a launcher like Lutris, Heroic or Bottles to manage your .exe programs and their wine prefixes. This way, you can also backup the prefix to preserve save data.

Native Linux programs can use .sh, which is basically a script file (like .bat on windows). They may also not use a .sh at all. (Like .AppImage or compiled binaries)

Some programs, like productivity software, don't work cleanly through wine, so use winboat and other software like it.

Steam games work almost all the time. Check compatibility here

You must be registered to see the links

 

[its_not_real]

Could also add since this is a pirate forum.
For pirated versions of applications, that won't work with applications like winboat, might work with a bunch of tweaking, but the idea with such applications is to run the proper installer.

But there is nothing stopping you from installing a windows virtual machine, isolate it from the internet and then install whatever you want on that. Works exactly the same as if installing natively on windows. Downside is you have to spin it up each time you want to use the application. But for some pirated versions of complicated software like cad applications and photshop, you kinda have to bite the apple and go the virtual machine way.

Or just learn a free alternative to those applications, cad is not much to do on linux, all those applications are pretty sub par to like autoccad, but photoshop alternatives are absolutely out there, like krita or gimp just to mention two.
For 3d software you have blender running natively.
And for video editing, try out kdenlive (use the flatpak version, that is the official version supported by the devs and makes sure you don't get any strange behavior due to dependency issues), extremely powerful application.

 

[Flugelbozz]

Could also add since this is a pirate forum.
For pirated versions of applications, that won't work with applications like winboat, might work with a bunch of tweaking, but the idea with such applications is to run the proper installer.

But there is nothing stopping you from installing a windows virtual machine, isolate it from the internet and then install whatever you want on that. Works exactly the same as if installing natively on windows. Downside is you have to spin it up each time you want to use the application. But for some pirated versions of complicated software like cad applications and photshop, you kinda have to bite the apple and go the virtual machine way.

Or just learn a free alternative to those applications, cad is not much to do on linux, all those applications are pretty sub par to like autoccad, but photoshop alternatives are absolutely out there, like krita or gimp just to mention two.
For 3d software you have blender running natively.
And for video editing, try out kdenlive (use the flatpak version, that is the official version supported by the devs and makes sure you don't get any strange behavior due to dependency issues), extremely powerful application.

Winboat runs a VM inside a docker container, it "should" suffice for sailing the high seas without going the full qemu kvm route manually

 

[allanl9020142]

No reason to ask for forgiveness buddy, everybody was a beginner at first, the question is did you even try to learn?
So you don't know what proton is? Tried google?

You must be registered to see the links

You must be registered to see the links

Ehh.... Depends... If you setup wine (

You must be registered to see the links

can be very useful for this) correctly, you might be able to just "double click" and run a WINDOWS APPLICATIONS on linux.
I can do that for simple applications, but I would never do it that way. Quite frankly, most times I accidentally double click an .exe file and will have to manually remove the wine prefix that was created for it.

Let me ask you this: if you are trying to run windows applications, why are you using linux?
Would you try to run windows applications on an apple device too?
How about you execute a linux binary on windows and tell me how that works for you...
On linux, file endings does not matter at all, the inode (or shebang, explanation below) of the file does.
Check ls for example, the application you use to list your directories and files.

Explanation:

First check where the location of ls is located using whereis. You can also use an application called which, but in this case it might not work because on a lot of systems ls is aliased inside .bashrc:

$ which ls
ls: aliased to ls --color=auto

$ whereis ls
ls: /usr/bin/ls /usr/share/man/man1/ls.1.gz

With whereis the first path it the location of the application and the second is where the manual is located.
See the absense of any file suffix like .exe?

You can then check what kind of file it is with an application called file (use the path you got in previous command, it might differ from what i have on my system):

$ file /usr/bin/ls
/usr/bin/ls: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=c4559d6cae6c36bc3cc7b1f97fe3379ada0b52a2, for GNU/Linux 4.4.0, stri
pped

Witch is unix way of telling you it's a binary.

You can do that on any file and it will tell you what it is, for example your .bashrc

$ file ~/.bashrc
.bashrc: Unicode text, UTF-8 text

But hold on a second, the content of .bashrc is a bunch of code, why is it a "text file":

$ cat ~/.bashrc
#
# ~/.bashrc
#

# If not running interactively, don't do anything
[[ $- != *i* ]] && return

if [ $(tput colors) -lt 256 ]; then
  PS1='\n\[\e[48;5;33m\] \[\e[38;5;255;1m\]\u\[\e[22;39m\] \[\e[48;5;239m\] \[\e[38;5;255m\]\w\[\e[39m\] \[\e[38;5;255m\]\$\[\e[39m\] \[\e[00m\] '
else
  PS1='\n\[\e[38;5;255;48;5;33m\] \[\e[1m\]\u \[\e[0;38;5;33;48;5;239m\] \[\e[38;5;255m\]\w \$ \[\e[0;38;5;239m\] \[\e[00m\]'
fi

if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi

This is simply because the file essentially is just a text file, the contents of that file gets sourced and ran in bash when you start your termial (your shell). This is a bit of a special case so lets do an experiment.

To show how this works, I have a folder called test in my home with three files inside:

ls -l ~/test
-rwxr--r-- 1 test test 3517 Oct 21 04:29 test2.sh
-rwxr--r-- 1 test test 5302 Oct  6 00:56 test.sh
-rw-r--r-- 1 test test  313 Jul 31 15:04 test.txt

As you can see there are two script files and one text file, the script files are executable by the owner (test) as can be seen with the x inside "rwxr--r--", user group and all others only have read access.
So lets check the files:

$ file ~/test/test.txt
test/test.txt: ASCII text

$ file ~/test/test.sh
test/test.sh: Bourne-Again shell script, ASCII text executable

$ file ~/test/test2.sh
test/test2.sh: ASCII text

Hold on, test2.sh is labeled as a text file...

The reason for this is something called the

You must be registered to see the links

, witch is the first line of a file that tells linux what to use to execute the file, looks like this:

$ cat ~/test/test.sh | head -1
#!/usr/bin/env bash

It simply tells the linux kernel to use the application env to figure out where bash is located on your system (the path can be different on different systems) and then execute the file using bash as interpreter (this could for example be python for a python file).
In the second file, I removed the shebang to prove this point.

$ env --help | head -2
Usage: env [OPTION]... [-] [NAME=VALUE]... [COMMAND [ARG]...]
Set each NAME to VALUE in the environment and run COMMAND.

Conclusion:

Use linux applications on linux. If there is some specific windows application you REALLY need for some reason, let's say photoshop with devs that actively fight against usage on linux, use the correct tool to run it, like

You must be registered to see the links

for example.

Games:
If you are talking about pirated windows games, yeah, you would have to know how to set that up manually with wine prefixes.
I have only tried that once for fun to see if it worked. I used

You must be registered to see the links

to install a pirated version Everspace 2 and it ran with better fps than on windows using steam, raytracing, and everything. Even stuff like dlss worked flawlessly if I wanted to use that.
So doable? yes.. Simple? Well, I would not call it complicated to be honest, you just have to understand how wine and in my case how lutris works in combination with wine and then install it through there.



As explained above, a .sh file is just a script file, just like .bat files are on windows. Has nothing to do with anything if it does not exist. What is needed is a binary for linux.
And I was talking about running games through steam. If there IS A LINUX version, steam will download and use that unless you set a global or per game translation layer.
If you manually download something, it's up to YOU to make sure you download the linux version (if the devs provide that), not windows or you will also have to setup wine prefixes and make sure you run the windows version through a proton layer.

My point about unity games usually having a native version is when devs are making a unity game, they pretty much only have to also click a checkbox when compiling and unity will compile for linux as well.

So on steam, it's 95% "just click download and then play", steam will handle it. If there is no native version of the game and you have not selected a proton layer to use, the "play" button on steam will be greyed out and you fix that in 5s by editing compatibility layer in the steam game settings (click the game, then the cog-wheel and set compatability layer) and steam will "update the game" to launch through proton and the play button becomes available.

Hope this clarifies a bit.

Nah, haven't had much time. Things have been pretty busy and I literally switched to Linux last week ... lol. I didn't mean to make it sound like I was asking to be hand-fed stuff, my bad.

At any rate, thanks for the reply. I really haven't had any time to play around with Linux. When I made the first comment that started this whole chain, I just didn't want to bother with it because I had only so much time and just wanted to play something. I decided to just keep the dual boot option for now. I plan to take my time to learn things because even your explanation went over my head if I'm being honest.

 

[eevkyi]

Yea, I'm really sorry. But I'm new all of this so I'm not sure what any of that is.

I'm basically just trying to run the games from here on Linux. It doesn't seem to be as idiot-proof as "click on the .exe file and it runs". Unless I'm an idiot and it is supposed to be like that but I did something wrong.

You can integrate things well enough to run windows games by simply double-clicking the exe file, but this adds several risks, especially when dealing with games from unofficial sources. On my system, any windows binary opens with clamav/clamtk (antivirus) by default, and I only let them run in specific circumstances.

Since you didn't provide details about your distribution, I'll assume you're using a beginner-friendly one that comes with most things out of the box, and I'll try to create a general guide without resorting to commands:

1. Create a new non-administrator user: In desktop environments like kde plasma and gnome, this process is very similar to how it works in windows. Look for the "users" option in the system settings or even search for "users" in the apps menu. By playing using only this user, you limit the impact of malware without having to worry about any additional setup.

2. Install heroic games launcher: Many distros these days come with some sort of app store, where things are installed via flatpak. You can easily find heroic in the games category or simply by searching "heroic". It will both facilitate the management of wine/proton prefixes and also serve as a tool for managing your game collection (including native linux versions).

After logging in as the new user, open heroic and click "Wine Manager" in the sidebar. Most of the time, you'll only need proton-ge, but you can also install wine-ge to be ready for scenarios where the game doesn't work with proton. Regarding versions, I like to remove the latest version and use previous versions based on compatibility/performance, but you can keep only the latest version if you prefer.

Now, copy the game folder to "Games/Heroic" in your home folder and click "Library">"Add Game" in heroic. Enter the name, select the platform, select the executable, and click "finish." The game will then appear in the library.

Please note that, due to the prefix creation, the first launch of windows games may take a little longer. For native linux games, you'll often need to select an sh file as the executable to run them correctly (renpy games, for example).

 

[its_not_real]

lol. I didn't mean to make it sound like I was asking to be hand-fed stuff, my bad.

LOL, with support we call this "spoonfed" and usually not liked, but for complete new users, some spoonfeeding is usually nessesary. xD
But no worries, look at the name of the thread. I'll gladly provide some of the knowledge I've gathered over the years.

I plan to take my time to learn things because even your explanation went over my head if I'm being honest.

Yes, I can understand that, but if you keep reading about the same topics on other locations, it will all start to make sense.
But my recommendation is to NOT do those things, but rather start with steam only for games and there pretty much are no complications (all you have to do is click the cog-wheel if the "play" button is greyed out and change it to a version of proton.
My recommendation is to install proton-GE and use that as compatibility layer in steam. You just install it how you are supposed to install it on your distro, use google: "how do I install proton-GE on xxxx", where xxxx is your distribution, for example ubuntu.
Welcome to the penguin operating system BTW..

On my system, any windows binary opens with clamav/clamtk (antivirus) by default, and I only let them run in specific circumstances.

That's a very good point. Since the windows application runs in a wine prefix, you are susceptible to some windows malware that way even on linux. clamav is a cli tool to check for viruses. Although clamav is mostly designed with web/email servers in mind you can use it this way for an extra layer of virus checks.

Create a new non-administrator user

I disagree with this though, sudo is not more susceptible to abuse than a command like "su root" (switch to root). What is important is to make sure sudo requires password. On some distros, against any logic and security thinking, they remove the passwd check for sudo (rpiOS for example).
So make sure it asks for password with using sudo.
You can check it this way, open a new terminal and type (the first command should ask for passwd if the check is not disabled. The output might ofc not be exactly the same as here):

$ sudo -l

[sudo] password for test:
Matching Defaults entries for test on testmachine:
    env_keep+=PATH, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/bin, timestamp_timeout=10

Runas and Command-specific defaults for test:
    Defaults!/usr/bin/visudo env_keep+="SUDO_EDITOR EDITOR VISUAL"

User test may run the following commands on testmachine:
    (ALL) ALL

A small change I do on most of my systems is change the passwd timeout to 10 minutes (IIRC it's 5 min on most distros by default), that is what the "timestamp_timeout=10" above means, and it's simple to do and will teach you a bit about how dropin files works on linux.

Instead of editing the original file, witch in this case is /etc/sudoers (side note, do not edit this file, use "sudo visudo" or "sudoedit /etc/sudoers" instead if you absolutely have to do it directly in the file for some reason), insead we can use a dropin file in a subdirectory.
The subdirectory has the same name as the config file but with a added .d, so for sudoers the path is /etc/sudoers.d/
Files inside here are sourced (added) to what is being processed in /etc/sudoers. It is even mentioned in the last few lines of that file (you need to use sudo to even read the file here):

$ sudo cat /etc/sudoers | tail -2
## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d

If you ls the contents of /etc/sudoers.d you might see files already setup here, on mentioned raspberry pi the removal of passwd check is done in here for example with the file 00_pi (IIRC).
So lets add a longer timeout just for the sake of teaching (you can use normal editor here, I will use nano). The number prefix of the files (if they have numbers) is just to tell the system in witch orded to read the files, not nessesary in this situation but could be interesting to know. You can also name the file whatever you want, but for your sake it's probably a good idea to use something you as a human understands like passwd-timeout for example:

$ sudo nano /etc/sudoers.d/passwd-timeout

# add below to the file
Defaults timestamp_timeout=10

Press ctrl+x to close the file, then press enter to save the file using the same filename.

if you now check inside the directory, you can see the credentials on the files are very locked down to only root:

$ sudo ls -l /etc/sudoers.d

-r--r----- 1 root root 20 Apr 10  2024 <redacted>
-r--r----- 1 root root 30 Apr 10  2024 <redacted>
-rw-r--r-- 1 root root  8 Oct 22 08.18 passwd-timeout

You don't HAVE to do this but you might get warnings if you don't and it's generally a good idea to keep these config files out of reach for normal users.
The new file you created is most likely available for anywone to at least read, we do not want that, only users and group members of root should.
So to change this, I find it easies to use the "octal" way, ie using numbers. This is pretty basic unix stuff so use google to find out how it works.

$ sudo chmod 440 /etc/sudoers.d/passwd-timeout

Now check again to make sure they are all the same:

$ sudo ls -l /etc/sudoers.d

-r--r----- 1 root root 20 Apr 10  2024 <redacted>
-r--r----- 1 root root 30 Apr 10  2024 <redacted>
-r--r----- 1 root root 8  Oct 22 08.18 passwd-timeout

Now logout and login again (you can also do this in other ways or might not even need to do anything due to the file being ran every time you use sudo, but to be safe just logout and then login again) and the timeout for sudo is now 10 minutes.
This means every time you use sudo the timer will reset to 10 minutes, check if sudo has been ran in the last 10 minutes, if it has not it will ask for passwd again.

Noteworhty here is that this check applies for the running instance ONLY, that is why I wrote "open a new terminal" above in bold text before checking if sudo is asking for passwd. So if you use sudo in one terminal, open another and use sudo again, the two terminals will have different timers so both will ask for passwd.
This also means that if you start, lets say a game or application in a new terminal containing malicious code trying to access using sudo, it will ask for password EVEN if you used sudo in ANOTHER terminal within the 10 min limit. All you have to remember is to NOT run sudo in THE SAME TERMINAL as you start the game/application or at least wait 10 mins so the timeout passes, but it's obv easier to run it in a new terminal.
As for steam, it's started in it's own "session" so the sudo passwd check will ALWAYS occur hence making it impossible for anything to use sudo. THIS IS ALSO WHY YOU SHOLD NEVER EVER EVER EVER START APPLICATIONS WITH SUDO (unless the application really requires it, games NEVER WILL) BECAUSE THEN THE APPLICATION IS RUNNING AS ROOT!!!!!!!

If your systemd does NOT check for passwd when using sudo, ask on a forum for your distribution how to add the check, but I bet one of the files inside sudoers.d (probably a file with the same name as your username) contains the line "<username> ALL=(ALL) NOPASSWD: ALL", wich means, <user> can ran all commands on computer (ALL=ALL) and no password checks are preformed (NOPASSWD:ALL).
This behaviour should be disabled on sight in my humble opinion.
If you want no security > run everything with a click, use windows.

 

[eevkyi]

I disagree with this though, sudo is not more susceptible to abuse than a command like "su root" (switch to root). What is important is to make sure sudo requires password. On some distros, against any logic and security thinking, they remove the passwd check for sudo (rpiOS for example).
So make sure it asks for password with using sudo.
You can check it this way, open a new terminal and type (the first command should ask for passwd if the check is not disabled. The output might ofc not be exactly the same as here):
(...)

Since allanl9020142 is a newcomer to linux, it's necessary to present a simple solution that allows him to play safely and easily. Any suggestion involving commands and settings that seem too complex for those who aren't tech-savvy will only discourage the use of linux for gaming.

If the account will only be used to play pirated games available here, there's no reason for it to have any administrative privileges, even temporarily, regardless of whether there are any security vulnerabilities that could potentially allow an attack.

 

[allanl9020142]

LOL, with support we call this "spoonfed" and usually not liked, but for complete new users, some spoonfeeding is usually nessesary. xD

Fuck. I meant "spoonfed". Long day. Brain's not firing on all cylinders. LOL.

You can integrate things well enough to run windows games by simply double-clicking the exe file, but this adds several risks, especially when dealing with games from unofficial sources. On my system, any windows binary opens with clamav/clamtk (antivirus) by default, and I only let them run in specific circumstances.

Since you didn't provide details about your distribution, I'll assume you're using a beginner-friendly one that comes with most things out of the box, and I'll try to create a general guide without resorting to commands:

1. Create a new non-administrator user: In desktop environments like kde plasma and gnome, this process is very similar to how it works in windows. Look for the "users" option in the system settings or even search for "users" in the apps menu. By playing using only this user, you limit the impact of malware without having to worry about any additional setup.

2. Install heroic games launcher: Many distros these days come with some sort of app store, where things are installed via flatpak. You can easily find heroic in the games category or simply by searching "heroic". It will both facilitate the management of wine/proton prefixes and also serve as a tool for managing your game collection (including native linux versions).

After logging in as the new user, open heroic and click "Wine Manager" in the sidebar. Most of the time, you'll only need proton-ge, but you can also install wine-ge to be ready for scenarios where the game doesn't work with proton. Regarding versions, I like to remove the latest version and use previous versions based on compatibility/performance, but you can keep only the latest version if you prefer.

Now, copy the game folder to "Games/Heroic" in your home folder and click "Library">"Add Game" in heroic. Enter the name, select the platform, select the executable, and click "finish." The game will then appear in the library.

Ah ok. I thought all I needed was Wine. I didn't think there was a whole thing I needed too. Also, you're right. I just chose Linux Mint because it seemed to be the easiest to use for simple browsing, etc.

Yes, I can understand that, but if you keep reading about the same topics on other locations, it will all start to make sense.
But my recommendation is to NOT do those things, but rather start with steam only for games and there pretty much are no complications (all you have to do is click the cog-wheel if the "play" button is greyed out and change it to a version of proton.
My recommendation is to install proton-GE and use that as compatibility layer in steam. You just install it how you are supposed to install it on your distro, use google: "how do I install proton-GE on xxxx", where xxxx is your distribution, for example ubuntu.
Welcome to the penguin operating system BTW..

I don't have Steam installed. I'm basically testing all this out on an older laptop I have. With the downsides for using Windows increasing by the day, I'm testing the waters with Linux to see whether I could make a full switch one day as my "daily driver". It's actually why I'm willing to take my time with it, it doesn't really affect me too much right now. I just don't want to be caught with my pants down when Windows becomes so bad about privacy and control over your own device that I'm forced to switch without a "backup plan". You could argue Windows is already like that but there are still ways to mitigate it (for now).

Plus, I heard it's easier/better (no clue, don't ask me) to run local LLMs on Linux and I'd like to try that out when I get a better PC later on.

 

[its_not_real]

Since allanl9020142 is a newcomer to linux, it's necessary to present a simple solution that allows him to play safely and easily.

Agree. And the simple thing is not to have a user create a new user with all implications that means. Understanding there are now two homes, that are not shared. Appliactions installed for one user not working with the other, unless sharing usergroup etc etc. Confusion quickly emerges.
Way easier to explain what the user SHOULD understand (in this case sudo) and how to properly handle credentials on a unix based operating system.

I thought all I needed was Wine.

That IS all you need (and proton for games), if you know how to set it up.
What are suggested is you using a tool, like heroic or lutris mentioned to manage all those things instead of doing it manually.
If you install steam for example, you don't even need to install wine, steam will install it because it's a dependency for steam.

A bit about package managers on linux

On linux, you should strive to use package managers to install things. If you use linux mint that manager is called apt.
Apt keeps track on what you have installed on your system as long as you use it to install packages.

With each package, a package could be an entire application, like steam for example, there are usually a bunch of dependencies required for it to function, those dependencies are also packages, that can in turn have their own dependencies and so on.
Some packages might rely on different versions of the dependencies, therefore the maintainers of your distribution is responsible to make sure there are no collisions between dependency versions. Hence, most point release distributions (non-rolling releases) like ubuntu and mint for example, are not releasing the absolute newest versions of some applications but rather make sure to update everything when they release a new version.

This is not to confuse with "the packages are never edited after distro release", security patches for example will always be implemented immediately.

Another package manager that works on ALL linux distros is flatpak. It essentially work the same way as apt, but instead of using your system:s packages, every single dependency is bundled inside directories flatpak manages. Hence some people calling it "bloated".
The upside with containerized managers is that they do not risk messing with your system and since it therefore does not matter what system you use, it works on any distribution.

When updating your system, or installing stuff that is going to interact with your system on a deeper level, you should ALWAYS stride to use the package manager.
Externally maintained drivers for example. On linux a LOT of the drivers exist directly in the kernel, amd drivers for example, nvidia does not so let's use that as an example.
Nvidia users on linux mint will have to wait a long time before new drivers are released and tend to go to nvidia website and look. They then realize "hey, there are new drivers", they download, run the script file and are then confused when the computer wont boot correctly due to dependency issues, files not in the correct location etc.
Therefore, use the package manager or a script/application provided to you by the maintainers of the distribution you use (I actually don't know how it works exactly on mint). By doing so, the maintainers make sure that no conflicts arise and the kernel modules (that is what a kernel driver is called on linux) are loaded correctly when you boot your computer.

This is not to say you can not do this, you absolutely can, this is linux we are talking about, but it also requires deep knowledge on what it is exactly you are doing when going outside the package manager to install system wide things.

Games on linux

As mentioned earlier, for windows games on linux, not only wine is needed, but also proton.

• wine lets windows applications work
• proton translates directX calls made to the computer into Vulcan

DirectX is microsoft propriatery so on linux we use something called vulcan as the graphics API.
So when you start a dx game, the requests to the API, you can think of it as the application using a phone to talk to your kernel where the game request stuff to happen on your screen, linux has no idea what those directX calls mean and that is where proton steps in. It translates the DX calls into the same calls for vulcan so the kernel can understand them and perform the actions the game wants.

So when launchers are mentioned, you can essentially think of them as small package managers for your games. When you install the launcher, wine will be a dependency so you won't even need to install that, just like with steam.
And inside the launcher, you can also install local games, mangage proton versions, specify specific proton version per game etc etc.
Steam is also such a launcher, but it mostly uses THEIR store (you can use it for local games, but other launcers are just better fitted for it) while other launches can use both local games AND other gaming platforms like steam, epic games or GOG for example.

It might all seem very confusing at first, but when you start messing around with it, it's not actually that complicated, you just have to get the basics. Just like with anything new you learn.

Plus, I heard it's easier/better (no clue, don't ask me) to run local LLMs on Linux and I'd like to try that out when I get a better PC later on.

Well, usually because if you want to run it locally, on windows in most cases you run it through WSL (windows subsystem for linux), witch is linux running/emulated in a sandbox environment witch can sometimes complicate things.
But when you get into local llm:s that way and you want to run them "bare metal" you should first learn about pyenv and venv, because you most likely have to use a specific version of python, and then use pip to install specific python packages INSIDE python (again, dependencies might have different versions and your system relies on others) so you want to sandbox it to use a separate python environment from what your system is using.
You can instead use stuff like docker to sandbox the LLM, kinda like how flatpak does as I mentioned earlier (VERY simplified description here).
But all that is a whole other thing I am not going to go into here.

What I am getting from what you type is you are not afraid to learn and have a basic understanding of computers, witch is a GREAT starting point when you get into linux.
You'll have a blast the first time you really realize: "hey, I am in COMPLETE control over everything on my system".

 

[eevkyi]

Agree. And the simple thing is not to have a user create a new user with all implications that means. Understanding there are now two homes, that are not shared. Appliactions installed for one user not working with the other, unless sharing usergroup etc etc. Confusion quickly emerges.
Way easier to explain what the user SHOULD understand (in this case sudo) and how to properly handle credentials on a unix based operating system.

The whole point is to use a "disposable user/home folder" for risky activities and preserve files, settings, etc outside of it without having to deal with more advanced tools (since the user is a beginner). There's no reason to share files between the account used daily, and the account used to play pirated games. If the user needs to change computers and wants to preserve saves/settings, they could simply use a usb drive to back up the data, just like they would on windows.

While it's important to understand how linux works, spewing a wall of information, which often doesn't directly solve the user's problem, only serves to scare beginners who have just switched from windows and want things to work without any kind of "computer wizardry".

 

[its_not_real]

without having to deal with more advanced tools

There are no "advanced tools" for this, there is sudo, arguably the first core util any linux user should understand before anything else.
And since we now know the user is on linux mint, I know for a fact that password checks are in place for sudo by default so nothing is needed to be done for this particular user.
As long as the user is not running commands with sudo when not required nothing can happen, THAT is the very important thing the user has to grasp.

If the fear is "this might contain malware" then DON'T INSTALL THAT! Does not matter what operating system you use, don't install malware ridden applications!!!

Even malware researchers won't run stuff like that, they do everything inside of a vm, and even that is not completely safe. There was a cve about code execution from guest to host just a few months ago where you got a reverse shell accessible from the internet into the host as root.

 

[eevkyi]

There are no "advanced tools" for this, there is sudo, arguably the first core util any linux user should understand before anything else.

I was referring to sandboxing tools. Sudo won't prevent any damage to the user's home files if a malicious script is present in a game, for example, so it's a good idea to have some kind of isolation when dealing with games from unofficial sources (and even from official ones too).

And since we now know the user is on linux mint, I know for a fact that password checks are in place for sudo by default so nothing is needed to be done for this particular user.
As long as the user is not running commands with sudo when not required nothing can happen, THAT is the very important thing the user has to grasp.

Like any other software, sudo is subject to security vulnerabilities or can be used indirectly for malicious purposes. We should never be fooled into thinking that simply not using it or adjusting certain settings is sufficient protection. If there is no real need for it, it should not be made available, since it is totally possible to collect a regular user's entered password, especially in scenarios where wayland is not used.

If the fear is "this might contain malware" then DON'T INSTALL THAT! Does not matter what operating system you use, don't install malware ridden applications!!!

Unless you have infinite time and technical knowledge to analyze software built in all languages and in all ways, detecting malware isn't always easy.

 

[its_not_real]

I normally would not argue but what you are doing is giving bad advide and a false sense of security, let's break it down.

Sudo won't prevent any damage to the user's home files if a malicious script is present in a game, for example, so it's important to have some kind of isolation when dealing with games from unofficial sources (and even from official ones too

No, what is important is to NOT INSTALL MALWARE! Not even sanboxing tools are safe.
Does not matter if you are on windows or any other operating system, DO NOT INSTALL MALWARE!

like any other software, sudo is subject to security vulnerabilities or can be used indirectly for malicious purposes.

If that is your standpoint, I suggest you stop using computers, because that argument is completely fkn bonkers.

If there is no real need for it, it should not be made available, since it is totally possible to collect a regular user's entered password, especially in scenarios where wayland is not used.

You mean stuff like updating the system to MAKE SURE IT IS UP TO DATE WITH SECURITY PATCHES?
This is like telling someone: "Do not ever go outside, because you might get murdered or ran over by a bus", it's nonsense.
What you are saying will only give a false sense of security and that the user should assume there is a keylogger on the system (for those who the comment about wayland flew over your head, that is what is implied). Fkn wild dude...
Either you don't know what you are talking about or you are maliciously giving bad advice. Either way, please stop.

Unless you have infinite time and technical knowledge to analyze software built in all languages and in all ways, detecting malware isn't always easy. That's why it's important to use some method to isolate games and apps, especially when dealing with files shared by random people.

To begin with, having a user not being part of the sudo group does NOT PROTECT YOU AT ALL. Privelege escalation is done without the use of sudo, or by all means, show me a few cve:s where sudo was used to escalate. I can only think of one in the past 5 years, but pretty much one cve every month involving privelege escalation using other means. Again, false sense of security!

It's all VERY simple, this has nothing to do with operating system or "technical knowledge, it's common sense and the same is true for any computer:

• Don't click random links in for example emails
• Only use software from safe sources
• Don't download "random files or applications" from the internet
• If there is just a 0.1% risk, run a complete virus scan on the files.

The risk of a updated virus tool not detecting a virus/malware is close to non existent (again, "dont go outside you might die"). The ONLY stuff not being detected are 0-day vulnerabilities and they are EXTREMELY rare and will NOT be used on some random dude downloading an application. They will be used on valuable servers that can actually give the hackers something of value in return. You know like a collection of users, email, credit card credentials etc.
0-day vulnerabilities are EXTREMELY valuable and as soon as detected by researchers the flaws will be fixed. Hackers discovering a 0-day will NOT put that into something a lot of people will download and use, like a pirated game for example because it will be detected WAY faster and the malware then becomes useless on those valuable servers.
I have honestly never heard of a normal user getting affected by a 0-day (other than being a user of above said servers therefore being vulnerable for whatever having your sensitive information leaked in a massive hack means, like the recent discord hack for example). But feel free to prove me wrong if you can.
I have a pretty deep knowledge about these things or I would never downplay something like this.

Besides, if you use correct sources for pirated stuff, ie NOT piratebay, or here for that matter, there are no viruses.
If you are a hacker, and you put malicious stuff on a hacker driven forum/torrent site, you will get every single hacker on that platform to turn on you, it simply does not happen.
Make friends with the correct people, ask for invite to a "private" torrent site, profit.

This website is NOT one of those safe platforms btw and you should run a virus check on every single thing you download linked from here.

If you want to create an even higher level of security, install a firewall like opensnitch that blocks all outgoing connections and asks you in a popup window if you want to allow every time something is trying to access either the internet, your lan or loclahost (127.0.0.1).
But using common sense is the best protection.
It's not for nothing this saying is very common within it security: "the biggest security flaw on any system is the user".