Johnny,
Thank you. I was able to alter the file and run "msecpaerms -e".
I noticed that a Mandriva System had the same settings, except for an account that I added a long time after install, versus during the install.
--Jeff
On Monday 12 December 2011 03:19, Jeff Robins wrote:Sure, but in a minute or so msec may revert the changes.
> Can I safely change the permissions to '700'?
I would change it in /etc/security/msec/perms.conf (Perhaps /etc/security/msec/perm.local can be used) and run msecperms afterwards.
===
/home/* current.current 700
===
Then msec will from now on automatically enforce the permissions to what you want.
(Note: The spaces between the tree fields are TABs in my file, and not spaces. Also, "current.current" means that msec wont change the owner of files and folders. In /home/ you really don't want msec to automatically change ownership of files, or yourt users will be angry :-)= )
To get a grasp of some of the currently forced entries and what you can do, look in the various config files in /etc/security/msec/.
If you have the default security level, the *.standard are the files you want to look into. (I think) "*.local" overrides the default values.
I use this to enforce customized access restrictions on a couple of programs, so the few users who have access to my gateway don't have access to telnet and nmap unless they are members of a special group that I've setup.
--
Johnny A. Solbu
PGP key ID: 0xFA687324