I'd suggest using the "bitwise and" operator. With this operator,
permissions will always be lessened, never increased.
At 04:32 AM 5/11/02, you wrote:
>On 11 May 2002 12:21:13 +0400 Borsenkow Andrej
><[EMAIL PROTECTED]> wrote:
>
> > � ���, 11.05.2002, � 04:41, Todd Lyons �������:
> > > Pierre Fortin wrote on Thu, May 09, 2002 at 04:30:12PM -0400 :
> > > > >
> > > > > 711 on /home/* is enough for, for example apache..
> > > > My preference is to not make *any* directory more open by any automated
> > > > process. If I choose 700 for /home/root, I consider it a security
> issue
> > > > for something like msec to make it less secure behind my back.
> > >
> > > You're suggesting that a default policy be to never loosen permissions
> > > on a {target}, but if the current security level wants it tighter, go
> > > ahead and do it.
> > >
> >
> > That makes sense. But ...
> >
> > file have permissions: 760
> > msec wants it to be: 704
> >
> > What should be applied (silly example, I know)? Or do you mean "for
> > user, group and others separately"?
> >
> > I guess what is needed is to tell msec to preserve permissions. Then let
> > user say
> >
> >
> > /home/* preserve
> > /home/xxx 711
> >
> > if he needs it.
> >
> > -andrej
> >
> >
>
>I'd go with doing each part individually, without user having to do anything.
>
>--
>Grimau Lysik'an, the Bionic Elf
>-----------------------------------------------
>Mandrake on irc.openprojects.net:
> #mandrake & #mandrake-linux = help for newbies
> #mandrakeguru = advanced discussions
> #mdk-cooker = Mandrake Cooker discussions
