On 07 Mar 2003 09:42:49 -0800 Jack Coates <[EMAIL PROTECTED]> wrote: Jack, Thanks for the info... but I just gotta rant about msec... :>
> On Fri, 2003-03-07 at 09:23, Pierre Fortin wrote: > > SIGH... I recently noticed that all my users' home directories had > > 755 permissions... changed this to 700 and now it's back to 755... > > What's the point of separate userids if msec allows each user to read > > another's directory?? > > > > Will there be a more secure default in 9.1...? If not, then I don't > > care to continue with msec on my systems: rpm -e msec && chmod 700 > > /home > > > > > > [EMAIL PROTECTED] jack]$ grep home /usr/share/msec/perm.* | grep 755 > /usr/share/msec/perm.0:/home/ root.root 755 > /usr/share/msec/perm.0:/home/* current 755 > /usr/share/msec/perm.1:/home/ root.root 755 > /usr/share/msec/perm.1:/home/* current 755 > /usr/share/msec/perm.2:/home/ root.root 755 > /usr/share/msec/perm.2:/home/* current 755 > /usr/share/msec/perm.3:/home/ root.root 755 > > So run in 4 or 5 and suffer the problems there, or fix it in > /etc/security/msec/perm.local with > /home/* current 700 > > It's probably 755 so that you won't get annoying "no permissions" pop > ups when navigating your filesystem with a GUI filemanager. I agree that > it should be 750 (group membership is a good thing), but removing the > msec tool is analogous to turning off the firewall instead of > reconfiguring it because it doesn't let you do something. I removed shorewall for several reasons -- mainly cuz it killed everything without ever letting me know it was in the picture... > Of course, lots of people on this list seem to do that to, so who am I > kidding :-) Reminds me of that quote about how Unix won't stop you from > hurting yourself if that's what you really want to do. In this case, I *want* 700... no sane automated "security" system should ever *reduce* security levels setup by the owner... it's downright nasty IMNSHO... > Interestingly enough, that same command on another MDK9.0 system gives > another two perm levels: > /usr/share/msec/perm.4:/home/ root.adm 751 > /usr/share/msec/perm.4:/home/* current 700 > /usr/share/msec/perm.5:/home/ root.root 711 > /usr/share/msec/perm.5:/home/* current 700 > > The first machine was upgraded from 8.2, the second was a clean install > of 9.0. Interesting... mine was upgraded from 8.2 and another was fresh installed -- both get changed to 755... <rant> msec should check existing permissions when run; if they are tighter than what would be set, LEAVE THEM ALONE *AND* RECORD the settings as the MINIMUM for the current level -- in other words, if /home/* are 700 at level 3, the user tries level 4, and goes back to 3, the perms should still be 700! NEVER EVER reduce security levels set by the owner! It's downright irresponsible... and NO, telling the users to add local rules after lower their security is not acceptable -- fix the logic! </rant> Anyway, I take it this will still happen in 9.1?
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
