� ���, 11.05.2002, � 04:41, Todd Lyons �������:
> Pierre Fortin wrote on Thu, May 09, 2002 at 04:30:12PM -0400 :
> > >
> > > 711 on /home/* is enough for, for example apache..
> > My preference is to not make *any* directory more open by any automated
> > process. If I choose 700 for /home/root, I consider it a security issue
> > for something like msec to make it less secure behind my back.
>
> You're suggesting that a default policy be to never loosen permissions
> on a {target}, but if the current security level wants it tighter, go
> ahead and do it.
>
That makes sense. But ...
file have permissions: 760
msec wants it to be: 704
What should be applied (silly example, I know)? Or do you mean "for
user, group and others separately"?
I guess what is needed is to tell msec to preserve permissions. Then let
user say
/home/* preserve
/home/xxx 711
if he needs it.
-andrej
