Johnny,<br><br>Thank you.  I was able to alter the file and run &quot;msecpaerms -e&quot;.<br><br>I noticed that a Mandriva System had the same settings, except for an account that I added a long time after install, versus during the install.<br>
<br>--Jeff<br><br><div class="gmail_quote">On Sun, Dec 11, 2011 at 6:44 PM, Johnny A. Solbu <span dir="ltr">&lt;<a href="mailto:cooker@solbu.net">cooker@solbu.net</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Monday 12 December 2011 03:19, Jeff Robins wrote:<br>
&gt; Can I safely change the permissions to &#39;700&#39;?<br>
<br>
</div>Sure, but in a minute or so msec may revert the changes.<br>
<br>
I would change it in /etc/security/msec/perms.conf (Perhaps /etc/security/msec/perm.local can be used) and run msecperms afterwards.<br>
===<br>
/home/*                                          current.current         700<br>
===<br>
Then msec will from now on automatically enforce the permissions to what you want.<br>
(Note: The spaces between the tree fields are TABs in my file, and not spaces. Also, &quot;current.current&quot; means that msec wont change the owner of files and folders. In /home/ you really don&#39;t want msec to automatically change ownership of files, or yourt users will be angry :-)= )<br>

<br>
To get a grasp of some of the currently forced entries and what you can do, look in the various config files in /etc/security/msec/.<br>
If you have the default security level, the *.standard are the files you want to look into. (I think) &quot;*.local&quot; overrides the default values.<br>
<br>
I use this to enforce customized access restrictions on a couple of programs, so the few users who have access to my gateway don&#39;t have access to telnet and nmap unless they are members of a special group that I&#39;ve setup.<br>

<span class="HOEnZb"><font color="#888888"><br>
--<br>
Johnny A. Solbu<br>
PGP key ID: 0xFA687324<br>
</font></span></blockquote></div><br>