Re: [newbie] Why file privileges changing?

Mon, 28 Oct 2002 08:29:16 -0800

Actually, msec is a set of script, not a daemon. One thing it does is set up periodic checks over file permissions, which can be overridden.

Try adding to /etc/security/msec/perm.local an entry with the directories you don't want to be changed.

Here's a link with some more explanation:
http://www.mandrakesecure.net/en/docs/msec.php

good luck,

raffaele

[EMAIL PROTECTED] wrote:
This is a multi-part message in MIME format...

------------=_1035820266-26991-4268

The cron.hourly directory has a pointer to the msec daemon(msec ->
/usr/sbin/msec). If we remove the pointer, would that cause security problems?

Kathy



--- [EMAIL PROTECTED] wrote:
i've seen the same problem.  no answer, but i'm thinking it's one
of the deamons associated with security
levels/permissions/authorizations.  possibly msec, since it does
run a cron job if installed and running.  check "ps ax | grep
msec" as root to verify.


--- Original Message ---
From: [EMAIL PROTECTED] (Katherine Richmond)
To: [EMAIL PROTECTED]
Subject: Re: [newbie] Why file privileges changing?



No, all we have to do is wait about 30 - 45 minutes and it

changes back to


drwxr-xr-x (automatically?)

Kathy




--- [EMAIL PROTECTED] wrote:
Have you started and stopped ftp or any service that uses
that directory recently?


Hi Everyone,

What would be causing the file privileges for "group" and



"world" to change




on




a directory?  For example, the security on /home/ftp_data





changed from




"drwxrwxrwx" to "drwxr-xr-x" even though no one did a "chmod"





(or anything




else) to that directory.

Here are the steps that were taken for this directory.  Note:





We need "write"




privileges for "world" since we are FTP'ing some data into





this file from a




CGI




script.

1. Log on as "root"
2. cd /home
3. chmod 777 ftp_data
4. "ls -l" shows: drwxrwxrwx    2 root     root         4096





Oct 17 10:07




ftp_data/
5. Ran the CGI script that ftp's data into "ftp_data".
6. After CGI script finishes, did  "ls -l ftp_data"
-rw-r--r--    1 apache   apache       4281 Oct 18 14:20





31789_372474.dat




-rw-r--r--    1 apache   apache       4281 Oct 17 09:37





34389_372474.dat




-rw-r--r--    1 apache   apache       4281 Oct 17 10:07





85592_372474.dat




7. Then did "ls -l" from "/home" directory
drwxrwxrwx    2 root     root         4096 Oct 18 14:20 ftp_data/

So, at this point we are able to see that we allowed "rwx" to





"all", were




able




run a CGI script that wrote data into the "ftp_data"





directory, and then




showed




that the  "ftp_data" directory did not change it's privileges





after the CGI




script had finished.

7. About 30 minutes later, did another "ls -l" from "/home"





and got the




following:
drwxr-xr-x    2 root     root         4096 Oct 18 14:20 ftp_data/
which shows that "group" and "world" have their "write"





privileges turned




off.




Note: We did not log off from "root" during this time.

We do not have any "cron" jobs running, so we cannot think of





any reason why




the security on this directory keeps changing.

As an FYI, we have another server running where we had made





this same exact




security change on "/home/ftp_data", and it has never changed





it's settings.




Thank you,
Kathy



--- end of quote ---












------------=_1035820266-26991-4268

Content-Type: text/plain; name="message.footer"

Content-Disposition: inline; filename="message.footer"

Content-Transfer-Encoding: 8bit



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com



------------=_1035820266-26991-4268--



.




--

Raffaele BELARDI

ST Microelectronics
TPA Telecom-Networks WLANBU
Via C.Olivetti 2
I-20041 Agrate Brianza (Mi) - Italy

phone +39.039.603.7342
fax   +39.039.603.6270





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com























					Reply via email to