The user.group for the entire jail is root.root only the file permissions are different. Also looking at /usr/share/msec/perm.5 the directory "/opt" is not touched at all. I think that something else must have been happening. I wasn't the only one with root access to this system, till now. I just ran "msec 5" and all is well.
I think the answer to the question (How do I get msec to skip a dir?) is to make sure that it is not listed in the /usr/share/msec/perm.2/3/4/5 file. In other words, msec only changes "owner.group perms" for the dir's listed in the perm.2/3/4/5 file.
Does that sound right?
Thanks for your help.
Ralph
I think the answer to the question (How do I get msec to skip a dir?) is to make sure that it is not
Jack Coates wrote:
On Thu, 2003-10-23 at 07:33, Ralph Crpngeyer wrote:
Hi Jack, Thanks for the info.
If I:
edit /etc/security/msec/perm.local
/opt/is4 owner.group octalperms /opt/is4/* owner.group octalperms
then (as per the second line) won't that change the owner.group octalperms ie. (775 for instance)for all of the sub dirs also?
Remember that each of the dirs below (/opt/is4/) have different "owner.group and permissions" inside the chroot jail.
I need to skip this dir not set/reset the owner.group and octalperms.
uh, then why don't you add lines for each of those directories? IIRC there is a way to make msec ignore a directory, probably something like dots or asterisks, but...
So far the only way I have been able to avoid this is to stop the msec scripts from running.
Isn't the point of using a chroot to improve your security? If you're going to the trouble of using chroot, wouldn't you like to prevent ownership and permissions changes within the jails? Chroot jails are not playgrounds for the bad guys, they're subsystems that need the same if not higher security restrictions as the rest of the system.
Any other ideas?
I just looked through /usr/share/msec/perm.3, you can put "current" in the user.group area to preserve whatever's there. Dunno about perms.
Thanks Ralph
Jack Coates wrote:
On Wed, 2003-10-22 at 18:37, Ralph C wrote:
Hi all,edit /etc/security/msec/perm.local
I have Bynari Insight Server installed and it installs everything inside /opt/is4/ directory as a chroot jail, where it runs it's own services like Postfix, Apache, Proftpd, etc... msec is changing the permissions.
I need to make msec skip this directory and all sub dirs. How do I do this?
Ralph
/opt/is4 owner.group octalperms /opt/is4/* owner.group octalperms
------------------------------------------------------------------------
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
______________________________________________________________________
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
------------------------------------------------------------------------
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
