<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>2. Controlling File Permissions with DrakPerm</title>
<link rel="stylesheet" href="images/mdk-doc.css" type="text/css">
<meta name="generator" content="DocBook XSL Stylesheets V1.73.2">
<link rel="start" href="index.html" title="Mastering Mandriva Linux">
<link rel="up" href="mcc-security.html" title="Chapter 14. “Security” Section">
<link rel="prev" href="draksec.html" title="1. Securing your Machine with DrakSec">
<link rel="next" href="tinyfirewall.html" title="3. Securing your Internet Access via DrakFirewall">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr>
<th colspan="3" align="center">2. Controlling File Permissions with
DrakPerm
</th>
</tr>
<tr>
<td width="20%" align="left"><a accesskey="p" href="draksec.html">Prev</a>
</td>
<th width="60%" align="center">Chapter 14. “<span class="quote">Security</span>” Section
</th>
<td width="20%" align="right"> <a accesskey="n" href="tinyfirewall.html">Next</a></td>
</tr>
</table>
<hr>
</div>
<div class="section" lang="en">
<div class="titlepage">
<div>
<div>
<h2 class="title" style="clear: both"><a name="drakperm"></a>2. Controlling File Permissions with
DrakPerm
</h2>
</div>
</div>
</div>
<p><a name="BId-drakperm-pa2"></a><span class="inlinemediaobject"><img src="images/drakperm-icon.png"></span> <a class="indexterm" name="BIdNEW-drakperm-it5"></a> <a class="indexterm" name="BId-drakperm-it1"></a> <a class="indexterm" name="BId-drakperm-it2"></a> <span class="application">drakperm</span> allows you to customize
the permissions which should be associated with each file and directory in
your system: configuration files, personal files, applications, etc. If the
owners and permissions listed here don't match the actual permissions of the
system's files, then <a class="indexterm" name="BId-drakperm-it3"></a> <a class="indexterm" name="BId-drakperm-it4"></a> <span class="application">msec</span> (which stands for <em class="citetitle"><a name="BIdNEW-drakperm-ct1"></a>Mandriva Linux Security Tool</em>) will
change them during its hourly checks. These modifications can help prevent
possible security holes or intrusions.
</p>
<div class="figure"><a name="drakperm-main"></a><p class="title"><b>Figure 14.4. Configuring File-Permission
Checks</b></p>
<div class="figure-contents">
<div class="mediaobject" align="center"><img src="images/drakperm-main.png" align="middle" alt="Configuring File-Permission Checks"></div>
</div>
</div><br class="figure-break">
<p><a name="BId-drakperm-pa3"></a>The list of files and
directories which appears depends on the current system's security level as
set by <span class="application">msec</span>, along with their expected
permissions for that security level. For each entry
(<span class="guilabel">Path</span>) exists a corresponding owner
(<span class="guilabel">User</span>), owner group (<span class="guilabel">Group</span>) and
<span class="guilabel">Permissions</span>. In the drop-down menu, you can choose to
display only <span class="application">msec</span> rules (<span class="guilabel">System
settings</span>), your own user-defined rules (<span class="guilabel">Custom
settings</span>) or both as in the example shown in <a class="xref" href="drakperm.html#drakperm-main" title="Figure 14.4. Configuring File-Permission Checks">Figure 14.4, “Configuring File-Permission
Checks”</a>.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<table border="0" summary="Note">
<tr>
<td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td>
<th align="left">Note</th>
</tr>
<tr>
<td align="left" valign="top">
<p><a name="BId-drakperm-pa4"></a>You cannot edit system rules,
as stated by the “<span class="quote">Do not enter</span>” (<span class="inlinemediaobject"><img src="images/non-editable.png"></span>) sign on the left. However you can override them by
adding custom rules.
</p>
</td>
</tr>
</table>
</div>
<p>
<b>Create Your Own Rules. </b>
If you wish to add your own rules for
specific files or modify the default behavior, display the
<span class="guilabel">Custom settings</span> list and click on the <span class="guibutton">Add
a rule</span> button.
</p>
<div class="figure"><a name="drakperm-add"></a><p class="title"><b>Figure 14.5. Adding a File-Permissions Rule</b></p>
<div class="figure-contents">
<div class="mediaobject" align="center"><img src="images/drakperm-add.png" align="middle" alt="Adding a File-Permissions Rule"></div>
</div>
</div><br class="figure-break">
<div class="procedure"><a name="d5e8972"></a><p class="title"><b>Procedure 14.1. Customize Your Home Directory
Permissions</b></p>
<ol type="1">
<li>
<p><a name="BId-drakperm-pa6"></a>Let's imagine your current
security level is set to <code class="literal">3</code> (high). This means that
only the owners of the home directories can browse them. If you wish to
share the content of Queen's home directory with other users, you need
to modify the permissions of the <code class="filename">/home/queen/</code>
directory.
</p>
</li>
<li>
<p><a name="BIdNEW-drakperm-pa12"></a><span class="application">msec</span> only
changes file permissions that are more permissive than the one required
by a certain security level. That means that for the change above, the
permissions must be changed by hand.
</p>
<p><a name="BIdNEW-drakperm-pa13"></a>You can do this in
<span class="application">Konqueror</span> by modifying the permission
properties of your home directory, and checking the <span class="guilabel">Apply
changes to all sub-folders and their contents</span> option.
</p>
</li>
<li>
<p><a name="BId-drakperm-pa9"></a>If you create more rules, you can change
their priorities by moving them up and down the rules list: use the
<span class="guibutton">Up</span> and <span class="guibutton">Down</span> buttons on
your custom rules to have more control over your system's
permissions.
</p>
</li>
</ol>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left"><a accesskey="p" href="draksec.html">Prev</a>
</td>
<td width="20%" align="center"><a accesskey="u" href="mcc-security.html">Up</a></td>
<td width="40%" align="right"> <a accesskey="n" href="tinyfirewall.html">Next</a></td>
</tr>
<tr>
<td width="40%" align="left" valign="top">1. Securing your Machine with
DrakSec
</td>
<td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td>
<td width="40%" align="right" valign="top"> 3. Securing your Internet
Access via DrakFirewall
</td>
</tr>
</table>
</div>
</body>
</html>
distrib
>
Mandriva
>
2008.1
>
x86_64
>
media
>
main-release
>
by-pkgid
>
275bc5f884d593fea8c87799d871d7f1
>
files
>
51
