Buchan Milne <[EMAIL PROTECTED]> writes: > > i changed permissions (actual security level 3) for /home/* from > > 711 to 750, hit ok, then reran drakperm and the setting was back > > to 711. i had to lower down the security level in draksec, then > > manually edit /usr/share/msec/perm.3 and then set the security > > level back in draksec. > > drakxtools is currently 9.2-18mdk in cooker, and 9.2-16.3mdk in > Mandrake 9.2 with all updates. IIRC, your bug was fixed for > 9.2-16.3mdk, please update and test.
@resolution=invalid in draksec, only sysadmin email was not saved. drakperm was "fixed" to not let sysadmin think he can alter system rules. permissions are *not* saved in /usr/share/msec/perm.<level> but in : - /etc/security/msec/level.local is for net & system rules - /etc/security/msec/security.conf for cron checks - /etc/security/msec/perm.local for customized file permission rules whereas: - /usr/share/msec/level.<level> contains the default values for the checks - /var/lib/msec/security.conf hold the defaults - /usr/share/msec/perm.<level> contains syadmin file permission rules if the end user alter system rules, they'll be overwritten on msec package update. the right file where to save permissions is /etc/security/msec/perm.local. if the permission for some file in the system rule is not what you want, just add a rule that override the system one (customized rules are enforced after the system ones)
