On Fri, 2003-03-07 at 09:23, Pierre Fortin wrote: > SIGH... I recently noticed that all my users' home directories had 755 > permissions... changed this to 700 and now it's back to 755... What's > the point of separate userids if msec allows each user to read another's > directory?? > > Will there be a more secure default in 9.1...? If not, then I don't care > to continue with msec on my systems: rpm -e msec && chmod 700 /home > >
[EMAIL PROTECTED] jack]$ grep home /usr/share/msec/perm.* | grep 755 /usr/share/msec/perm.0:/home/ root.root 755 /usr/share/msec/perm.0:/home/* current 755 /usr/share/msec/perm.1:/home/ root.root 755 /usr/share/msec/perm.1:/home/* current 755 /usr/share/msec/perm.2:/home/ root.root 755 /usr/share/msec/perm.2:/home/* current 755 /usr/share/msec/perm.3:/home/ root.root 755 So run in 4 or 5 and suffer the problems there, or fix it in /etc/security/msec/perm.local with /home/* current 700 It's probably 755 so that you won't get annoying "no permissions" pop ups when navigating your filesystem with a GUI filemanager. I agree that it should be 750 (group membership is a good thing), but removing the msec tool is analogous to turning off the firewall instead of reconfiguring it because it doesn't let you do something. Of course, lots of people on this list seem to do that to, so who am I kidding :-) Reminds me of that quote about how Unix won't stop you from hurting yourself if that's what you really want to do. Interestingly enough, that same command on another MDK9.0 system gives another two perm levels: /usr/share/msec/perm.4:/home/ root.adm 751 /usr/share/msec/perm.4:/home/* current 700 /usr/share/msec/perm.5:/home/ root.root 711 /usr/share/msec/perm.5:/home/* current 700 The first machine was upgraded from 8.2, the second was a clean install of 9.0. -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com