http://qa.mandrakesoft.com/show_bug.cgi?id=6264
[EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |INVALID ------- Additional Comments From [EMAIL PROTECTED] 2003-11-05 17:59 ------- in draksec, only sysadmin email was not saved. drakperm was "fixed" to not let sysadmin think he can alter system rules. permissions are *not* saved in /usr/share/msec/perm.<level> but in : - /etc/security/msec/level.local is for net & system rules - /etc/security/msec/security.conf for cron checks - /etc/security/msec/perm.local for customized file permission rules whereas: - /usr/share/msec/level.<level> contains the default values for the checks - /var/lib/msec/security.conf hold the defaults - /usr/share/msec/perm.<level> contains syadmin file permission rules if the end user alter system rules, they'll be overwritten on msec package update. the right file where to save permissions is /etc/security/msec/perm.local. if the permission for some file in the system rule is not what you want, just add a rule that override the system one (customized rules are enforced after the system ones) -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------- Reminder: ------- assigned_to: [EMAIL PROTECTED] status: RESOLVED creation_date: description: i changed permissions (actual security level 3) for /home/* from 711 to 750, hit ok, then reran drakperm and the setting was back to 711. i had to lower down the security level in draksec, then manually edit /usr/share/msec/perm.3 and then set the security level back in draksec.