Yes, Sympa sucks... but... I'm afraid I don't know what you're talking about on the other thing. These two are both upgrades from 9.0: [EMAIL PROTECTED] jack]$ grep home /usr/share/msec/perm.3 /home/ root.root 755 /home/* current 711 [EMAIL PROTECTED] jack]$ grep home /usr/share/msec/perm.3 /home/ root.root 755 /home/* current 711
This one is a fresh install: [EMAIL PROTECTED] root]# grep home /usr/share/msec/perm.3 /home/ root.root 755 /home/* current 711 Oh, I see -- when ls'ing the home directory, it's clear that the default umask was picked up at directory creation. [EMAIL PROTECTED] root]# grep umask /etc/profile umask 022 So others can read files that are known to exist. Others cannot browse into the directory and look for unknown files though. On Sun, 2003-06-29 at 17:53, Praedor Atrebates wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I don't have much hope that this message will actually make it to the list but > what the hell (I haven't seen a single message all weekend...AGAIN...I think > I will drop off the list, it is too broken to be of any more use). > > For the first time I added a couple more users to my home system. Up 'til now > I was the only user. I found that the default behavior/security (not) > setting allowed all users to access all other user's home directories. No > limits! What is this?! That is the same as no security at all. I went into > DrakConf and set the security level to "high" and this fixed the horrific > insecurity of the default setup, but it also unfortunately fired up shorewall > with settings that prevented me from being able to access the system remotely > - - I often connect my laptop via ethernet (crossover cable) to my desktop and > transfer files, fix things that have frozen or broken on the desktop, etc. I > found that I could no longer ssh into my desktop when I really needed to in > order to correct an X freeze up. Unfortunately, because I couldn't get in I > had to hard reboot. > So...what is the deal with default (medium?) security settings in Mandrake > 9.1 allowing all users to access all other user's home directories? This is > windoze behavior for gawds sake. Then, why would it be necessary to block > all ssh connections - a secure shell, afterall, with the next higher setting > (required to get home directories cordoned off from prying user eyes)? > > praedor > - -- > The First Amendment rests on the assumption that the widest possible > dissemination of information from diverse and antagonistic sources is > essential to the welfare of the public. > - --Justice Hugo Black > > GnuPG fingerprint: > D170 2A02 B426 6AA0 5E68 3EDC 68AA FDB0 961E 4F18 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE+/4oxaKr9sJYeTxgRAqLJAJ9Fx/XseCjcPe25PrPy7ytKdnDyvgCeOw+i > KJSwCpHCk9S2yNL3wteTksk= > =12GU > -----END PGP SIGNATURE----- > > > ______________________________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture... http://www.monkeynoodle.org/resume.html
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com