1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Johnny,<br><br>Thank you. I was able to alter the file and run "msecpaerms -e".<br><br>I noticed that a Mandriva System had the same settings, except for an account that I added a long time after install, versus during the install.<br>
<br>--Jeff<br><br><div class="gmail_quote">On Sun, Dec 11, 2011 at 6:44 PM, Johnny A. Solbu <span dir="ltr"><<a href="mailto:cooker@solbu.net">cooker@solbu.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Monday 12 December 2011 03:19, Jeff Robins wrote:<br>
> Can I safely change the permissions to '700'?<br>
<br>
</div>Sure, but in a minute or so msec may revert the changes.<br>
<br>
I would change it in /etc/security/msec/perms.conf (Perhaps /etc/security/msec/perm.local can be used) and run msecperms afterwards.<br>
===<br>
/home/* current.current 700<br>
===<br>
Then msec will from now on automatically enforce the permissions to what you want.<br>
(Note: The spaces between the tree fields are TABs in my file, and not spaces. Also, "current.current" means that msec wont change the owner of files and folders. In /home/ you really don't want msec to automatically change ownership of files, or yourt users will be angry :-)= )<br>
<br>
To get a grasp of some of the currently forced entries and what you can do, look in the various config files in /etc/security/msec/.<br>
If you have the default security level, the *.standard are the files you want to look into. (I think) "*.local" overrides the default values.<br>
<br>
I use this to enforce customized access restrictions on a couple of programs, so the few users who have access to my gateway don't have access to telnet and nmap unless they are members of a special group that I've setup.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Johnny A. Solbu<br>
PGP key ID: 0xFA687324<br>
</font></span></blockquote></div><br>
|
