Abstract
In the section called “Securing your Machine through DrakSec”, you have seen how to change your system's security level and customize the security checks associated to those levels.
drakperm allows you to customize the permissions
which should be associated with each file and directory in the system:
configuration, personal files, applications, etc. If the owners and
permissions listed here don't match the actual permissions of the files in
the system, then msec (which stands for Mandrakelinux Security Tool) will
change them during its hourly checks. Those modifications can help prevent
possible security holes or intrusions.
The list of files and directories which appears will depend on the current system's security level as set by msec, along with their expected permissions for that security level. For each entry (Path) there is a corresponding owner (User), owner group (Group) and Permissions. In the drop-down menu at the top of the list, you can choose to display only msec rules (System settings), your own user-defined rules (Custom settings) or both of them as in the example shown in Figure 5.3, “Configuring File-Permission Checks”.
![]() | Note |
---|---|
You cannot edit system rules, as stated by the “Do not enter” sign on the left. However, you can override them by adding custom rules. |
If you wish to add your own rules for specific files, or modify the default behavior, display the Custom settings list, and click on the button.
Let's imagine your current security level is set to 3 (high). This means that only the owners of the home directories will be able to browse them. If you wish to share the content of Queen's home directory with others, you will need to modify the /home/queen/ directory permissions.
Filling the new rule dialog as seen in Figure 5.4, “Adding a File-Permissions Rule”, will allow you to accomplish this.
If you create more rules, you can change their priorities by moving them up and down the rules list: use the and buttons on your custom rules to have more control over your system's permissions.
When you are satisfied with your settings, don't forget to save your changes by clicking on the button.