On Mon, 2003-07-28 at 19:47, Sharrea wrote: > On Mon, 28 Jul 2003 11:41, Avi Schwartz wrote: > > Because the machine in question will end being a server connected 24x7 > > to the Internet, I set its security level to higher (4). However, I > > want to change the privileges for /usr/share/doc to be world browsable > > and readable. I used drakeperm to set the directory permissions and > > when I look at /etc/security/msec/perm.local I see the following line: > > > > /usr/share/doc/ adm.adm 755 > > > > I then ran msec but when I checked the permissions on the directory I > > still see: > > > > drwxr-x--- 297 adm adm > > > > In /var/log/messages I do see that msec is reading the perm.local file. > > > > Any idea why is msec ignoring my permissions? > > I don't know why that doesn't work but its probably easier to change the > group to a group which you let all users belong to. Then put that group in > perm.local. > > I've found the same problem with trying to change the actual rwx permissions > on files that msec is controlling so I change the group instead. > > Sharrea
msec can be thought of as a cron script, running every so often to make sure that the perms are "where msec wants" and thereby preventing even a well meaning but forgetful tech from leaving a open vulnerability. you, can of course, tell msec to not check certain files.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com