[Samba] Samba and LinuxMDK 9 file perms oddities?

AlF ddkh at libero.it
Tue Mar 4 11:14:48 GMT 2003


Buchan Milne wrote:

[cut]

>>When a member of group "users" connects to the [public] or [grp] share
>>and interacts with them by creating dirs and/or files, something strange
>>happens because file permissions change to:
> 
> 
> Are you sure it is when a user connects?

Not exactly. When a user creates a file or directory, a warning message 
appears saying that in the future it won't be possible to change the 
file/dir. In a short words: the file/dir is rightly created but they 
won't be modifiable in the future.

[cut]

> What security level are you running?

2

> [bgmilne:/home/users/bgmilne]# cat /etc/sysconfig/msec
> 
> If you are running security level 2 or higher, msec will reset
> permissions to not be group writeable on directories under /home. So,
> you should run draksec to customise this, or not use msec.

I supposed so :(

> [bgmilne:/usr/share/msec]# grep home perm.? |awk '{print $1 "\t"  $2
> "\t" $3}'
> perm.0:/home/   root.root       755
> perm.0:/home/*  current 755
> perm.1:/home/   root.root       755
> perm.1:/home/*  current 755
> perm.2:/home/   root.root       755
> perm.2:/home/*  current 755
> perm.3:/home/   root.root       755
> perm.3:/home/*  current 711
> perm.4:/home/   root.adm        751
> perm.4:/home/*  current 700
> perm.5:/home/   root.root       711
> perm.5:/home/*  current 700
> 
> After making your changes in draksec, run:
> # msec <security level>
> to have msec set the permissions as it thinks they should be, or set
> them the way you want them, and run
> # msec
> to see if it leaves them alone now.

Thanks :)
Tomorrow morning I'll try on another pc. In the meanwhile I changed the 
OS (FreeBSD) and I have to say that everything works well ;)

> P.S. I normally search the digests of this list for "mandrake", I would
> not have found your post since I do not search for MDK/mdk/md etc. It is
> also a good idea not to abbreviate if you intend other searches (Google
> etc) to find your post ...

I'm sorry :-/



More information about the samba mailing list