-------- Original Message --------
| Subject: | [luau] Unwanted Perrmissions Changes - Drake 8.2 |
|---|---|
| Date: | Wed, 22 May 2002 16:30:43 -1000 |
| From: | "W. Wayne Liauh" <[EMAIL PROTECTED]> |
| To: | "W. Wayne Liauh" <[EMAIL PROTECTED]> |
I was forwarded some of the discussions on this subject. I don't want anyone to get the impression that all of us in Hawaii believe that Mandrake will, sua sponte, "add" permissions to certain files. It will never do that. (To think any Linux distro, especially a major distro like Mandrake, will do that, is an insult to our collective intelligence.)
All "msec" does, as far as permissions are concerned, is to take away the "write" permission for non-owners. When Mandrake creates a new user account, it also creates a corresponding new group, thus, the default umask=022 is applied. OTOH, if my memory serves me correctly, Red Hat lumps all users into the same group (unless you change it). Thus Red Hat uses the default umask=002. There is nothing sexy about msec. Konqueror, however, can create some problems (because it is always too new and relatively untested), especially if you run it in the root mode. I have noticed that Konqueror sometimes can "corrupt" a file. For example, if you use Konqueror in the root mode to copy or move a file, the ownership will change to root (this is expected, and Konqueror does not seem to have an option to retain the ownership, etc., as MC does). Then you use the "property" dialog to change its ownership to whoever you want it to belong to. I have noticed that the permission of such a file can change to something that I could not recognize. Apparently, Konqueror may have corrupted at least the attribute portion of that file. Exactly as to how this might have happened, I have no idea. Permission is one of the most important part of Linux/Unix. Even Microsoft recognizes that. Unless someone wants to stick to Win98, which has no security whatsoever, there is no escape from the permission issue (unless you run everything as root, as most Windows only know how to do). Personally, I believe the permission feature implemented in Win2K and beyond is no comparison to Linux. (Many in this forum probably still have memories of VMS vs. Unix; I believe the superior permission design of Unix vis-a-vis anything else, is one of the reasons resulting in VMS being almost completely wiped out from earth--and morphed into WinNT/2K/XP.) http://videl.ics.hawaii.edu/pipermail/luau/2002-May/008011.htmlTitle: [luau] Unwanted Perrmissions Changes - Drake 8.2
[luau] Unwanted Perrmissions Changes - Drake 8.2MonMotha [EMAIL PROTECTED]Wed May 22 13:21:01 2002
They're some very good reasons to bash Mandrake, not linux in general. After all, Linux is just a kernel, I can make the userspace do wahtever I want it to. Heck I could make it as unusable as Windows! I agree that's a stupid thing to do on Mandrake's part. Never, I repeat _*NEVER*_ _*EVER*_ automagically add permissions to a user's files/directories. Removing them, possibly (777ing your home is probably a mistake and I wouldn't mind TOO much if they "corrected" it for me, but granting permissions I took away is WRONG). Remind me to flame Manduck at my earliest convience for that trick (not that I use it anyway :) You might want to consider RedHat or Debian, possibly SuSE. RedHat especially tries to be user friendly, but tends to not be quite as automated as Mandrake (though it can get pretty bad, but that's from a person who likes to build his own linux installs by hand from source). Debian is great if you want a good amount of control over your system but don't want to do everythign by hand. If you're really a control freak, then Slackware might be worth a try, but be prepared to do some heavy man'ing since it doesn't do much of anything for you. --MonMotha Joe Linux wrote: > I hardly call it a feature that any user can look at any other user's > files. What kind of security is that? > > Then it takes a full day to figure out nothing about how to fix it? > Trust me, these are some of the reasons people are very slow to migrate > to Linux. > > > Warren Togami wrote: > >>----- Original Message ----- >>From: "Joe Linux" <[EMAIL PROTECTED]> >>To: <[EMAIL PROTECTED]> >>Sent: Wednesday, May 22, 2002 4:30 AM >>Subject: [luau] Unwanted Perrmissions Changes - Drake 8.2 >> >> >>>I'm very frustrated. I want the permissions on my home directory and >>>other users home directory to be 770, but the Mandrake Linux System >>>constantly changes the permissions back to 755 on these directories. Is >>>there anyway to stop it from doing this? >>> >>>Permissions and the lack of control over them are the most annoying >>>thing about Linux, and probably a primary reason the entire OS is not >>>very popular. >>> >> >>Please don't jump the gun and blame it on Linux. This sounds to be a >>feature, not a bug, of Mandrake's MSEC security module that enforces certain >>access controls because it thinks it knows better than the user. In most >>cases it DOES know better than the user, but in your case you must figure >>out how to disable it. >> >>http://www.mandrakesecure.net/en/docs/msec.php >>Please read this page for more details. The simple fix would be to lower >>your msec security level (you can find that in DrakConf). >> >>Just remember when it comes to most security, security is an inverse curve >>to usability. >> >>_______________________________________________ >>LUAU mailing list >>[EMAIL PROTECTED] >>http://videl.ics.hawaii.edu/mailman/listinfo/luau >> >
|
