Hi, A basic security question here, please be kind. :-)
I have some problems with grsec and Mandrake 9.1. I downloaded Eclipse the IDE, and installed it in my home directory. I ran it as root to see that everything worked (it did), and then started configuring the system for more users. I chowned the whole Eclipse directory to a group I made for the programmers, and gave just about all permissions to User and Group with chmod. However, I can still only run the program as root. Whenever I try to run it as another user, I get "Permission denied" in bash and the following message in the system log: kernel: grsec: denied exec of ./eclipse by (bash:29587) UID(501) EUID(501), parent (bash:24566) UID(501) EUID(501) reason: untrusted I have tried to lower my Mandrake msec persmissons temporarily from Higher to Poor, but I still get permission denied. Even if I put Eclipse in my home directory, change all permissions to me and give all rights to all users recursively for all files. I have looked around a lot on Google. So far, I have found a handful of other people asking this same question in different forums (Always Mandrake 9.1 users in High security mode that I can see, though with other programs that they try to run), but none of them recieve any answers. The documentation for msec from Mandrake is very sparse, they usually just say "use the drakperm tools to fine tune msec", but they don't say how. Looking up grsecurity manuals, they usually begin with "Edit your Acess Control List permissions in the directory /etc/grsec by..." but I don't have that directory, nor can I find it or anything relating to grsec anywhere on the machine, except in the log. What to do? Have I missed something very basic with file permissions in Linux, does it have anything to do with PAM, or is there a bug that came when I downloaded all the Mandrake security patches? I guess I could compile my own kernel for the first time and make sure that grsec is out, but if there is any easier and safer solution...? I would be very grateful for any help. Thanks, Lars
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
