<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>2. Controlling File Permissions with DrakPerm</title> <link rel="stylesheet" href="images/mdk-doc.css" type="text/css"> <meta name="generator" content="DocBook XSL Stylesheets V1.73.2"> <link rel="start" href="index.html" title="Mastering Mandriva Linux"> <link rel="up" href="mcc-security.html" title="Chapter 14. “Security” Section"> <link rel="prev" href="draksec.html" title="1. Securing your Machine with DrakSec"> <link rel="next" href="tinyfirewall.html" title="3. Securing your Internet Access via DrakFirewall"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> <div class="navheader"> <table width="100%" summary="Navigation header"> <tr> <th colspan="3" align="center">2. Controlling File Permissions with DrakPerm </th> </tr> <tr> <td width="20%" align="left"><a accesskey="p" href="draksec.html">Prev</a> </td> <th width="60%" align="center">Chapter 14. “<span class="quote">Security</span>” Section </th> <td width="20%" align="right"> <a accesskey="n" href="tinyfirewall.html">Next</a></td> </tr> </table> <hr> </div> <div class="section" lang="en"> <div class="titlepage"> <div> <div> <h2 class="title" style="clear: both"><a name="drakperm"></a>2. Controlling File Permissions with DrakPerm </h2> </div> </div> </div> <p><a name="BId-drakperm-pa2"></a><span class="inlinemediaobject"><img src="images/drakperm-icon.png"></span> <a class="indexterm" name="BIdNEW-drakperm-it5"></a> <a class="indexterm" name="BId-drakperm-it1"></a> <a class="indexterm" name="BId-drakperm-it2"></a> <span class="application">drakperm</span> allows you to customize the permissions which should be associated with each file and directory in your system: configuration files, personal files, applications, etc. If the owners and permissions listed here don't match the actual permissions of the system's files, then <a class="indexterm" name="BId-drakperm-it3"></a> <a class="indexterm" name="BId-drakperm-it4"></a> <span class="application">msec</span> (which stands for <em class="citetitle"><a name="BIdNEW-drakperm-ct1"></a>Mandriva Linux Security Tool</em>) will change them during its hourly checks. These modifications can help prevent possible security holes or intrusions. </p> <div class="figure"><a name="drakperm-main"></a><p class="title"><b>Figure 14.4. Configuring File-Permission Checks</b></p> <div class="figure-contents"> <div class="mediaobject" align="center"><img src="images/drakperm-main.png" align="middle" alt="Configuring File-Permission Checks"></div> </div> </div><br class="figure-break"> <p><a name="BId-drakperm-pa3"></a>The list of files and directories which appears depends on the current system's security level as set by <span class="application">msec</span>, along with their expected permissions for that security level. For each entry (<span class="guilabel">Path</span>) exists a corresponding owner (<span class="guilabel">User</span>), owner group (<span class="guilabel">Group</span>) and <span class="guilabel">Permissions</span>. In the drop-down menu, you can choose to display only <span class="application">msec</span> rules (<span class="guilabel">System settings</span>), your own user-defined rules (<span class="guilabel">Custom settings</span>) or both as in the example shown in <a class="xref" href="drakperm.html#drakperm-main" title="Figure 14.4. Configuring File-Permission Checks">Figure 14.4, “Configuring File-Permission Checks”</a>. </p> <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> <table border="0" summary="Note"> <tr> <td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td> <th align="left">Note</th> </tr> <tr> <td align="left" valign="top"> <p><a name="BId-drakperm-pa4"></a>You cannot edit system rules, as stated by the “<span class="quote">Do not enter</span>” (<span class="inlinemediaobject"><img src="images/non-editable.png"></span>) sign on the left. However you can override them by adding custom rules. </p> </td> </tr> </table> </div> <p> <b>Create Your Own Rules. </b> If you wish to add your own rules for specific files or modify the default behavior, display the <span class="guilabel">Custom settings</span> list and click on the <span class="guibutton">Add a rule</span> button. </p> <div class="figure"><a name="drakperm-add"></a><p class="title"><b>Figure 14.5. Adding a File-Permissions Rule</b></p> <div class="figure-contents"> <div class="mediaobject" align="center"><img src="images/drakperm-add.png" align="middle" alt="Adding a File-Permissions Rule"></div> </div> </div><br class="figure-break"> <div class="procedure"><a name="d5e8972"></a><p class="title"><b>Procedure 14.1. Customize Your Home Directory Permissions</b></p> <ol type="1"> <li> <p><a name="BId-drakperm-pa6"></a>Let's imagine your current security level is set to <code class="literal">3</code> (high). This means that only the owners of the home directories can browse them. If you wish to share the content of Queen's home directory with other users, you need to modify the permissions of the <code class="filename">/home/queen/</code> directory. </p> </li> <li> <p><a name="BIdNEW-drakperm-pa12"></a><span class="application">msec</span> only changes file permissions that are more permissive than the one required by a certain security level. That means that for the change above, the permissions must be changed by hand. </p> <p><a name="BIdNEW-drakperm-pa13"></a>You can do this in <span class="application">Konqueror</span> by modifying the permission properties of your home directory, and checking the <span class="guilabel">Apply changes to all sub-folders and their contents</span> option. </p> </li> <li> <p><a name="BId-drakperm-pa9"></a>If you create more rules, you can change their priorities by moving them up and down the rules list: use the <span class="guibutton">Up</span> and <span class="guibutton">Down</span> buttons on your custom rules to have more control over your system's permissions. </p> </li> </ol> </div> </div> <div class="navfooter"> <hr> <table width="100%" summary="Navigation footer"> <tr> <td width="40%" align="left"><a accesskey="p" href="draksec.html">Prev</a> </td> <td width="20%" align="center"><a accesskey="u" href="mcc-security.html">Up</a></td> <td width="40%" align="right"> <a accesskey="n" href="tinyfirewall.html">Next</a></td> </tr> <tr> <td width="40%" align="left" valign="top">1. Securing your Machine with DrakSec </td> <td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td> <td width="40%" align="right" valign="top"> 3. Securing your Internet Access via DrakFirewall </td> </tr> </table> </div> </body> </html>