Abstract
In Section 1, “Securing your Machine through DrakSec”, you saw how to change your system's security level and customize the security checks associated to those levels.
drakperm allows you to customize the
permissions which should be associated with each file and
directory in the system: configuration, personal files,
applications, etc. If the owners and permissions listed here don't
match the actual permissions of the system's files, then
msec (which stands for Mandrakelinux Security Tool)
will change them during its hourly checks. Those modifications can
help prevent possible security holes or intrusions.
![]() | Note |
---|---|
This tool is only displayed in expert mode. Choose -> from the menu and then look into the Security section of Mandrakelinux Control Center to access it. |
The list of files and directories which appears will depend on the current system's security level as set by msec, along with their expected permissions for that security level. For each entry (Path) there is a corresponding owner (User), owner group (Group) and Permissions. In the drop-down menu at the top of the list, you can choose to display only msec rules (System settings), your own user-defined rules (Custom settings) or both as in the example shown in Figure 18.3, “Configuring File-Permission Checks”.
![]() | Note |
---|---|
You cannot edit system rules, as stated by the “Do not enter” sign on the left. However, you can override them by adding custom rules. |
If you wish to add your own rules for specific files or modify the default behavior, display the Custom settings list and click on the button.
Let's imagine your current
security level is set to 3
(high). This means
that only the owners of the home directories will be able to browse
them. If you wish to share the content of Queen's home
directory with others, you will need to modify the permissions of
the /home/queen/
directory.
Filling the new rule dialog as seen in Figure 18.4, “Adding a File-Permissions Rule”, will allow you to accomplish this.
If you create more rules, you can change their priorities by moving them up and down the rules list: use the and buttons on your custom rules to have more control over your system's permissions.
When you are satisfied with your settings, don't forget to save your changes by clicking on .