On Thu, 2003-10-23 at 07:33, Ralph Crpngeyer wrote: > Hi Jack, Thanks for the info. > > If I: > > edit /etc/security/msec/perm.local > > /opt/is4 owner.group octalperms > /opt/is4/* owner.group octalperms > > then (as per the second line) won't that change the owner.group > octalperms ie. (775 for instance)for all of the sub dirs also? > > Remember that each of the dirs below (/opt/is4/) have different > "owner.group and permissions" inside the chroot jail. > > I need to skip this dir not set/reset the owner.group and octalperms. >
uh, then why don't you add lines for each of those directories? IIRC there is a way to make msec ignore a directory, probably something like dots or asterisks, but... > So far the only way I have been able to avoid this is to stop the msec > scripts from running. > Isn't the point of using a chroot to improve your security? If you're going to the trouble of using chroot, wouldn't you like to prevent ownership and permissions changes within the jails? Chroot jails are not playgrounds for the bad guys, they're subsystems that need the same if not higher security restrictions as the rest of the system. > Any other ideas? I just looked through /usr/share/msec/perm.3, you can put "current" in the user.group area to preserve whatever's there. Dunno about perms. > > Thanks > Ralph > > > > > > Jack Coates wrote: > > >On Wed, 2003-10-22 at 18:37, Ralph C wrote: > > > > > >>Hi all, > >> > >>I have Bynari Insight Server installed and it installs everything inside > >>/opt/is4/ directory as a chroot jail, where it runs it's own services > >>like Postfix, Apache, Proftpd, etc... msec is changing the permissions. > >> > >>I need to make msec skip this directory and all sub dirs. How do I do this? > >> > >>Ralph > >> > >> > > > >edit /etc/security/msec/perm.local > > > >/opt/is4 owner.group octalperms > >/opt/is4/* owner.group octalperms > > > > > > > >------------------------------------------------------------------------ > > > >Want to buy your Pack or Services from MandrakeSoft? > >Go to http://www.mandrakestore.com > > > > > > > > > > ______________________________________________________________________ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
