drakperm allows you to customize the permissions
which should be associated with each file and directory in your
system: configuration files, personal files, applications, etc. If
the owners and permissions listed here don't match the actual
permissions of the system's files, then msec (which stands for Mandriva Linux Security Tool)
will change them during its hourly checks. These modifications can
help prevent possible security holes or intrusions.
![[Note]](images/note.png) |
Note |
|---|---|
This tool is accessible only in expert mode. Choose → from the menu and then access the Security section of Mandriva Linux Control Center. |
The list of files and directories which appears depends on the current system's security level as set by msec, along with their expected permissions for that security level. For each entry (Path) exists a corresponding owner (User), owner group (Group) and Permissions. In the drop-down menu, you can choose to display only msec rules (System settings), your own user-defined rules (Custom settings) or both as in the example shown in Figure 12.3, “Configuring File-Permission Checks”.
|
Note |
|---|---|
You cannot edit system rules, as stated by the “Do not enter” sign on the left. However you can override them by adding custom rules. |
Create Your Own Rules. If you wish to add your own rules for specific files or modify the default behavior, display the Custom settings list and click on the button.
Procedure 12.1. Customize Your Home Directory Permissions
-
Create a New Rule in msec
Let's imagine your current security level is set to
3(high). This means that only the owners of the home directories can browse them. If you wish to share the content of Queen's home directory with other users, you need to modify the permissions of the/home/queen/directory. -
Actually change the Home Permissions
msec only changes file permissions that are more permissive than the one required by a certain security level. That means that for the change above, the permissions must be changed by hand.
You can do this in Konqueror by modifying the permission properties of your home directory, and checking the Apply changes to all sub-folders and their contents option.
-
Check Rules Priority
If you create more rules, you can change their priorities by moving them up and down the rules list: use the and buttons on your custom rules to have more control over your system's permissions.