LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-13-2003, 05:47 AM   #1
lamekain
LQ Newbie
 
Registered: Apr 2003
Location: Finland
Distribution: Mandrake 9.1
Posts: 14

Rep: Reputation: 0
What is changing my file permissions?


Hi,
I installed Gnome2.4 on my Mandrake9.1-system with Garnome. Everything went well, but every time I boot my computer something changes my self-made session script in /etc/X11/gdm/Sessions/ from an executable file into a non-executable, thus it is not showed on the gdm graphical sessionmenu. This happens during the boot-process, so if I want to start Garnome, I have to log in and chmod it into an executable, log out and log in into Garnome... Searching, I found these from syslogs:

gdmgreeter[1743]: Wrong permissions on /etc/X11/gdm/Sessions//Garnome. Should be readable/executable for all.
gconfd (abuser-2048): Resolved address "xml:readonly:/usr/share/garnome/etc/gconf/gconf.xml.mandatory" to a read-only config source at position 0
gconfd (abuser-2048): Resolved address "xml:readonly:/usr/share/garnome/etc/gconf/gconf.xml.defaults" to a read-only config source at position 2 !


What changes the permissions and how can I stop it??
 
Old 11-13-2003, 10:19 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 75
Since it's Mandrake, you're probably running into msec which is a security lock-down program for Mandrake. The settings are stored in /usr/share/msec (IIRC), but you should in theory be able to modify them through the Mandrake Control Panel.

Basically it's a set of file and resource permissions, and session settings that are checked at set intervals and "corrected" if they aren't what the database says they should be. msec is actually a very useful tool, but it can be very confusing if you don't realize it's running or how to configure it.
 
Old 11-19-2003, 07:48 AM   #3
lamekain
LQ Newbie
 
Registered: Apr 2003
Location: Finland
Distribution: Mandrake 9.1
Posts: 14

Original Poster
Rep: Reputation: 0
Unhappy Changed msec, but still doesn't work!

Thanks for the reply.
I found msec and altered the local config(I did it through terminal, but it's possible do it via the control panel, also).
After adding the rule for my Garnome-script, I ran msec 3 to test if it works, and it did!! Then I booted my pc and something still changed the script into a non-executable >( . I even tried to change the contents of my GNOME-script in the Sessions folder in order to make it boot Garnome, but when I booted something changed the contents back to the original....
What is it that keeps changing them back??
Or how could I start msec during boot, so that it would change the permissions again?
 
Old 11-19-2003, 06:15 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 75
Are you sure your msec level is configured as 3? It's possible you're configured for a higher security level.
 
Old 11-20-2003, 03:02 AM   #5
lamekain
LQ Newbie
 
Registered: Apr 2003
Location: Finland
Distribution: Mandrake 9.1
Posts: 14

Original Poster
Rep: Reputation: 0
Yes, I am quite sure it is set on level 3(at least that's what the Control Panel tells me). But that shouldn't matter, because I understood from the man-pages that msec takes the user-defined filerules from a separate file(if I remember right the name of the file was /etc/security/msec/local.perm) and those rules overwrite all the other rules for the files mentioned. I checked the file and it did contain the files I defined, and by running msec, I saw that they worked.
I also tried changing msec into the lowest security level, but it didn't help..

msec is not in the services-to-be-started-during-boot -list. Could I add it there? If it was there I could change my permissions back to the right ones, before gdm fires up. It would be a lazy solution, though. Something would still be changing the file permissions against my will, msec would just be there to counter-spell it

Last edited by lamekain; 11-20-2003 at 03:04 AM.
 
Old 12-02-2003, 01:09 AM   #6
Quasaur
Member
 
Registered: Nov 2003
Location: Gastonia, NC
Distribution: Fedora 15
Posts: 36

Rep: Reputation: 15
msec is really cramping my style.

Despite the custom settings i add (i.e., making usre my movie/audio players can access /dev/mixer-dsp-midi), msec just ignores them--and i'm on security level ONE! i'm tempted to just go to Security level 0...but not sure if that's a good idea...i need help!

when i try to access the file /usr/share/msec/perm.1 the terminal window freezes up...

There's got to be a better way without shutting msec down!
 
Old 12-02-2003, 02:47 AM   #7
lamekain
LQ Newbie
 
Registered: Apr 2003
Location: Finland
Distribution: Mandrake 9.1
Posts: 14

Original Poster
Rep: Reputation: 0
I'm happy now. msec is not troubling me anymore, because I switched to Gentoo . In Gentoo I ran into a same kind of problem that you have Quasaur. The solution was to change pam -policies. see man pam for more info.

Basically I just removed one line in the configuration file(console.perms, I don't remember where it was.. somewhere under /etc anyway) and chmodded the /dev/dir I needed(which was for the nvidia-card) into 0660
 
Old 12-05-2003, 10:31 PM   #8
Quasaur
Member
 
Registered: Nov 2003
Location: Gastonia, NC
Distribution: Fedora 15
Posts: 36

Rep: Reputation: 15
To LameKain:

Thanks...i'm going to try your advice--but tell me: why do i need both pam AND msec? Are they doing the same job or taking care of different aspects of the security on my system? What would happen to msec if i uninstalled pam...or vice-versa?

what if i got rid of both of them?...or just msec?
 
Old 12-07-2003, 03:01 PM   #9
lamekain
LQ Newbie
 
Registered: Apr 2003
Location: Finland
Distribution: Mandrake 9.1
Posts: 14

Original Poster
Rep: Reputation: 0
If you want to get rid of pam, I suggest reading this http://www.kernel.org/pub/linux/libs...-html/pam.html . Although I believe pam is quite integrated into the heart of mandrake, so I wouldn't remove it..

Msec is useful to have around, I guess. It keeps your system a bit more safe, but also "cramps your style" if you don't know how to adjust it. IMHO and experience you shouldn't remove any components you haven't chosen as extra during install, or components you haven't installed yourself.
 
Old 12-07-2003, 03:26 PM   #10
Quasaur
Member
 
Registered: Nov 2003
Location: Gastonia, NC
Distribution: Fedora 15
Posts: 36

Rep: Reputation: 15
To LameKain:

Wonderful advice...but how do i resolve my issue???
Even changing to Security Level 0 doesnt help...this is rediculous.

Another post said that there's a bug in msec...?
 
Old 12-08-2003, 04:22 AM   #11
lamekain
LQ Newbie
 
Registered: Apr 2003
Location: Finland
Distribution: Mandrake 9.1
Posts: 14

Original Poster
Rep: Reputation: 0
ok.. have you tried executing msec after you set the custom permissions? On my ex-mandrake I found out that by setting the permissions, and then running msec in the terminal window, I got the permissions right. BUT when I rebooted something changed my permissions into the wrong ones again.

IF your permissions change to the correct ones after you run msec, you can be quite sure that there is something else screwing with your permissions during boot time(so msec is probably not the one to blame). You also know that your msec-permissions-file is working.

IF it doesn't work then you should try to open the perm-file in text-mode and see if it has the needed customizations done with drakperm in it (I never trusted the mandrake-control-panel progs... e.g the hard-disk partitioner claims to be able to create ext3-filesystems, but in my case it only f*cked up my partitions. problem was solved by using good'ol commandline mke2fs )

This is a odd and irritating problem. I even sent a question to the mandrake support forum a month ago, and no reply...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
file permissions are changing on me viniosity Linux - General 2 10-12-2004 08:13 PM
Changing file permissions on upload guix Linux - General 2 07-05-2004 08:58 AM
Changing file permissions and attributes lectraplayer Linux - Newbie 2 06-22-2003 09:10 PM
Changing File Permissions? bmann Linux - Networking 3 04-10-2003 08:22 PM
Changing file permissions on a SAMBA file share apenney Linux - Software 0 02-11-2002 04:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration