[Samba] Samba and LinuxMDK 9 file perms oddities?
AlF
ddkh at libero.it
Tue Mar 4 11:14:48 GMT 2003
Buchan Milne wrote:
[cut]
>>When a member of group "users" connects to the [public] or [grp] share
>>and interacts with them by creating dirs and/or files, something strange
>>happens because file permissions change to:
>
>
> Are you sure it is when a user connects?
Not exactly. When a user creates a file or directory, a warning message
appears saying that in the future it won't be possible to change the
file/dir. In a short words: the file/dir is rightly created but they
won't be modifiable in the future.
[cut]
> What security level are you running?
2
> [bgmilne:/home/users/bgmilne]# cat /etc/sysconfig/msec
>
> If you are running security level 2 or higher, msec will reset
> permissions to not be group writeable on directories under /home. So,
> you should run draksec to customise this, or not use msec.
I supposed so :(
> [bgmilne:/usr/share/msec]# grep home perm.? |awk '{print $1 "\t" $2
> "\t" $3}'
> perm.0:/home/ root.root 755
> perm.0:/home/* current 755
> perm.1:/home/ root.root 755
> perm.1:/home/* current 755
> perm.2:/home/ root.root 755
> perm.2:/home/* current 755
> perm.3:/home/ root.root 755
> perm.3:/home/* current 711
> perm.4:/home/ root.adm 751
> perm.4:/home/* current 700
> perm.5:/home/ root.root 711
> perm.5:/home/* current 700
>
> After making your changes in draksec, run:
> # msec <security level>
> to have msec set the permissions as it thinks they should be, or set
> them the way you want them, and run
> # msec
> to see if it leaves them alone now.
Thanks :)
Tomorrow morning I'll try on another pc. In the meanwhile I changed the
OS (FreeBSD) and I have to say that everything works well ;)
> P.S. I normally search the digests of this list for "mandrake", I would
> not have found your post since I do not search for MDK/mdk/md etc. It is
> also a good idea not to abbreviate if you intend other searches (Google
> etc) to find your post ...
I'm sorry :-/
More information about the samba
mailing list