diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/attachments/20111211')
| -rw-r--r-- | zarb-ml/mageia-discuss/attachments/20111211/b42a4d0b/attachment-0001.html | 25 | ||||
| -rw-r--r-- | zarb-ml/mageia-discuss/attachments/20111211/b42a4d0b/attachment.html | 25 |
2 files changed, 50 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/attachments/20111211/b42a4d0b/attachment-0001.html b/zarb-ml/mageia-discuss/attachments/20111211/b42a4d0b/attachment-0001.html new file mode 100644 index 000000000..9b0e3291f --- /dev/null +++ b/zarb-ml/mageia-discuss/attachments/20111211/b42a4d0b/attachment-0001.html @@ -0,0 +1,25 @@ +Johnny,<br><br>Thank you. I was able to alter the file and run "msecpaerms -e".<br><br>I noticed that a Mandriva System had the same settings, except for an account that I added a long time after install, versus during the install.<br> +<br>--Jeff<br><br><div class="gmail_quote">On Sun, Dec 11, 2011 at 6:44 PM, Johnny A. Solbu <span dir="ltr"><<a href="mailto:cooker@solbu.net">cooker@solbu.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +<div class="im">On Monday 12 December 2011 03:19, Jeff Robins wrote:<br> +> Can I safely change the permissions to '700'?<br> +<br> +</div>Sure, but in a minute or so msec may revert the changes.<br> +<br> +I would change it in /etc/security/msec/perms.conf (Perhaps /etc/security/msec/perm.local can be used) and run msecperms afterwards.<br> +===<br> +/home/* current.current 700<br> +===<br> +Then msec will from now on automatically enforce the permissions to what you want.<br> +(Note: The spaces between the tree fields are TABs in my file, and not spaces. Also, "current.current" means that msec wont change the owner of files and folders. In /home/ you really don't want msec to automatically change ownership of files, or yourt users will be angry :-)= )<br> + +<br> +To get a grasp of some of the currently forced entries and what you can do, look in the various config files in /etc/security/msec/.<br> +If you have the default security level, the *.standard are the files you want to look into. (I think) "*.local" overrides the default values.<br> +<br> +I use this to enforce customized access restrictions on a couple of programs, so the few users who have access to my gateway don't have access to telnet and nmap unless they are members of a special group that I've setup.<br> + +<span class="HOEnZb"><font color="#888888"><br> +--<br> +Johnny A. Solbu<br> +PGP key ID: 0xFA687324<br> +</font></span></blockquote></div><br> diff --git a/zarb-ml/mageia-discuss/attachments/20111211/b42a4d0b/attachment.html b/zarb-ml/mageia-discuss/attachments/20111211/b42a4d0b/attachment.html new file mode 100644 index 000000000..9b0e3291f --- /dev/null +++ b/zarb-ml/mageia-discuss/attachments/20111211/b42a4d0b/attachment.html @@ -0,0 +1,25 @@ +Johnny,<br><br>Thank you. I was able to alter the file and run "msecpaerms -e".<br><br>I noticed that a Mandriva System had the same settings, except for an account that I added a long time after install, versus during the install.<br> +<br>--Jeff<br><br><div class="gmail_quote">On Sun, Dec 11, 2011 at 6:44 PM, Johnny A. Solbu <span dir="ltr"><<a href="mailto:cooker@solbu.net">cooker@solbu.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +<div class="im">On Monday 12 December 2011 03:19, Jeff Robins wrote:<br> +> Can I safely change the permissions to '700'?<br> +<br> +</div>Sure, but in a minute or so msec may revert the changes.<br> +<br> +I would change it in /etc/security/msec/perms.conf (Perhaps /etc/security/msec/perm.local can be used) and run msecperms afterwards.<br> +===<br> +/home/* current.current 700<br> +===<br> +Then msec will from now on automatically enforce the permissions to what you want.<br> +(Note: The spaces between the tree fields are TABs in my file, and not spaces. Also, "current.current" means that msec wont change the owner of files and folders. In /home/ you really don't want msec to automatically change ownership of files, or yourt users will be angry :-)= )<br> + +<br> +To get a grasp of some of the currently forced entries and what you can do, look in the various config files in /etc/security/msec/.<br> +If you have the default security level, the *.standard are the files you want to look into. (I think) "*.local" overrides the default values.<br> +<br> +I use this to enforce customized access restrictions on a couple of programs, so the few users who have access to my gateway don't have access to telnet and nmap unless they are members of a special group that I've setup.<br> + +<span class="HOEnZb"><font color="#888888"><br> +--<br> +Johnny A. Solbu<br> +PGP key ID: 0xFA687324<br> +</font></span></blockquote></div><br> |