http://qa.mandrakesoft.com/show_bug.cgi?id=6264
[EMAIL PROTECTED] changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
------- Additional Comments From [EMAIL PROTECTED] 2003-11-05 17:59 -------
in draksec, only sysadmin email was not saved.
drakperm was "fixed" to not let sysadmin think he can alter system
rules.
permissions are *not* saved in /usr/share/msec/perm.<level> but in :
- /etc/security/msec/level.local is for net & system rules
- /etc/security/msec/security.conf for cron checks
- /etc/security/msec/perm.local for customized file permission rules
whereas:
- /usr/share/msec/level.<level> contains the default values for the
checks
- /var/lib/msec/security.conf hold the defaults
- /usr/share/msec/perm.<level> contains syadmin file permission rules
if the end user alter system rules, they'll be overwritten on msec
package update.
the right file where to save permissions is
/etc/security/msec/perm.local.
if the permission for some file in the system rule is not what you
want, just add a rule that override the system one (customized rules
are enforced after the system ones)
--
Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
------- Reminder: -------
assigned_to: [EMAIL PROTECTED]
status: RESOLVED
creation_date:
description:
i changed permissions (actual security level 3) for /home/* from 711 to 750, hit
ok, then reran drakperm and the setting was back to 711. i had to lower down the
security level in draksec, then manually edit /usr/share/msec/perm.3 and then
set the security level back in draksec.
