To be fair, the changes made at level 4 and 5 are pretty reasonable for a machine with untrusted local users, which is why the text in the installer is the problem. The installer text makes it look like untrusted users coming from the network are the main issue, which is BS. Level 3, shorewall, and some thought is perfectly sufficient for a network server with two or three shell-enabled local accounts, all of which probably have root access anyway for admin purposes.
On Tue, 2002-11-26 at 04:42, Tom wrote: > Now that you mention it, I remember seeing that same situation. You are > right; the ps would not work except for root. I well imagine that many > packages are broken by that higher security like SAMBA or CUPS. Yes, I had > strange permissions problems with SAMBA when I raised the security level to > "Higher". I would hate to see what sort of things break if one went to > "Paranoid" security. > > On Tuesday 26 November 2002 12:49 am, you wrote: > > On Mon, 2002-11-25 at 20:05, Tom wrote: > > <snip> > > > > > According to the Mandrake Center, a security level of "Higher" is best > > > for servers. I found that a very high security level BREAKS CUPS remote > > > (via network) printing. So, a compromise is in order.... > > > > The text accompanying the MCC and installer msec settings should be > > entered as a bug report :-) Level 4 is terribly difficult to use and > > will break a great deal of stuff -- I wasted a day and a half last week > > trying to figure out what was wrong with Nagios before realizing that > > msec had broken ps for non-wheel users by chmod'ing /proc and figuring > > out that the linux-secure kernel has capabilities turned on which broke > > several monitors. > > ---- > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
