Originally posted by gmusser
I'm running into a similar problem. In my case, msec is ignoring my perm.local file. I'm running at security level 4. Help!
Here is what you'll find abut overriding msec:
If you want to override some permissions, you can do this with the /etc/security/msec/perm.local file. Each level has it's own set of different file permissions for some certain files. If you want to take a look at the defaults for each level, look at the /usr/share/msec/perm.* files. They contain the file name (or directory), the user/group that should own it, and the numeric permissions for the file or directory. Let's say, for example, that you are using level 4 but don't want to have /boot with only 700 permissions, which is the default in level 4. You would create your /etc/security/msec/perm.local file and write in it the following:
/boot/ root.root 755
Then you would execute msec (just type "msec" at the command prompt as root), and if you look at the permissions of the /boot directory now, you will see it is 755, so normal users can look in there.
It seems you may have neglected to run msec after changing perm.local...