On 11 May 2002 12:21:13 +0400 Borsenkow Andrej <[EMAIL PROTECTED]> wrote:
> � ���, 11.05.2002, � 04:41, Todd Lyons �������:
> > Pierre Fortin wrote on Thu, May 09, 2002 at 04:30:12PM -0400 :
> > > >
> > > > 711 on /home/* is enough for, for example apache..
> > > My preference is to not make *any* directory more open by any automated
> > > process. If I choose 700 for /home/root, I consider it a security issue
> > > for something like msec to make it less secure behind my back.
> >
> > You're suggesting that a default policy be to never loosen permissions
> > on a {target}, but if the current security level wants it tighter, go
> > ahead and do it.
> >
>
> That makes sense. But ...
>
> file have permissions: 760
> msec wants it to be: 704
>
> What should be applied (silly example, I know)? Or do you mean "for
> user, group and others separately"?
>
> I guess what is needed is to tell msec to preserve permissions. Then let
> user say
>
>
> /home/* preserve
> /home/xxx 711
>
> if he needs it.
>
> -andrej
>
>
I'd go with doing each part individually, without user having to do anything.
--
Grimau Lysik'an, the Bionic Elf
-----------------------------------------------
Mandrake on irc.openprojects.net:
#mandrake & #mandrake-linux = help for newbies
#mandrakeguru = advanced discussions
#mdk-cooker = Mandrake Cooker discussions
