I am not advising everyone to turn off msec, but some people actually want to shut it off and they don't know how, and trying to uninstall msec gives a lot of dependency problems that you don't want to deal with. If you completely understand your system and it's security, and if you know what permissions you actually want on your directories, you can turn it off. If you or your family are the only ones using your system, and you are effectively walled off from outside intrusion, there are times when you want to keep shares for all users in place. You can write a perms.local file, or turn off msec--it is your choice. The beauty of Linux is that you get a choice. That also allows you to make bad choices, but the choice is the user's responsibility. Msec takes away some user responsibility and makes the permissions choices for you. Some users love it, and some (like me) hate it. Without msec my system is still secure, and my opinion is that knowledgeable users with home systems don't really need to run it.
JMO--make your own choice. e. On Saturday 20 December 2003 02:49 pm, Dick Gevers wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 18 Dec 2003 19:10:58 -0800, "E. Hines" <[EMAIL PROTECTED]> wrote > > about Re: [newbie] Ownership changes on its own: > >That is msec at work. For the record, the entire /usr directory (and /usr > >subdirectories) should be owned by the root user. If you understand linux > >security, and don't want to use msec at all (I HATE msec), you can turn it > >off (as root) by editing the name of the msec executable in /sbin -- > >changing the executable from "msec" to "DISABLEmsec". That will stop > > msec > > > >from running and replacing your permissions with what it feels are the > >proper ones for your directories. CAUTION: You should have an > >understanding of the workings of security and permissions if you disable > >msec. > > I am sorry, but I don`t understand this advice. Some time ago I came from > Windows, because my complaint was, amongst others, it`s lack of security. > Now I am finally on a secure system (Linux) and we get an advice to turn > off completely one of the main features of Mandrake`s security. Are you > 100% sure that that is sound advice?? > > I would think that it would be better, if one must adjust the security, to > go into Mandrake Control Center --> Security --> DrakSec and DrakPerm and > change anything that you can`t do without and leave the rest unchanged. > > Regards, > =Dick Gevers= > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (GNU/Linux) > Comment: Encryption is an envelope - the contents are private. > > iD8DBQE/5NH5wC/zk+cxEdMRAkmZAKDC4Xye3m+azyBQ9xgomICszmNvZQCfRM8l > ibCpbVDGrGMIqycEs/rmtlw= > =aS6Z > -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
