Hi,
I installed Gnome2.4 on my Mandrake9.1-system with Garnome. Everything went well, but every time I boot my computer something changes my self-made session script in /etc/X11/gdm/Sessions/ from an executable file into a non-executable, thus it is not showed on the gdm graphical sessionmenu. This happens during the boot-process, so if I want to start Garnome, I have to log in and chmod it into an executable, log out and log in into Garnome... Searching, I found these from syslogs:

gdmgreeter[1743]: Wrong permissions on /etc/X11/gdm/Sessions//Garnome. Should be readable/executable for all.
gconfd (abuser-2048): Resolved address "xml:readonly:/usr/share/garnome/etc/gconf/gconf.xml.mandatory" to a read-only config source at position 0
gconfd (abuser-2048): Resolved address "xml:readonly:/usr/share/garnome/etc/gconf/gconf.xml.defaults" to a read-only config source at position 2 !

What changes the permissions and how can I stop it??

Since it's Mandrake, you're probably running into msec which is a security lock-down program for Mandrake. The settings are stored in /usr/share/msec (IIRC), but you should in theory be able to modify them through the Mandrake Control Panel.

Basically it's a set of file and resource permissions, and session settings that are checked at set intervals and "corrected" if they aren't what the database says they should be. msec is actually a very useful tool, but it can be very confusing if you don't realize it's running or how to configure it.

Thanks for the reply.
I found msec and altered the local config(I did it through terminal, but it's possible do it via the control panel, also).
After adding the rule for my Garnome-script, I ran msec 3 to test if it works, and it did!! Then I booted my pc and something still changed the script into a non-executable >( . I even tried to change the contents of my GNOME-script in the Sessions folder in order to make it boot Garnome, but when I booted something changed the contents back to the original....
What is it that keeps changing them back??
Or how could I start msec during boot, so that it would change the permissions again?

Are you sure your msec level is configured as 3? It's possible you're configured for a higher security level.

Yes, I am quite sure it is set on level 3(at least that's what the Control Panel tells me). But that shouldn't matter, because I understood from the man-pages that msec takes the user-defined filerules from a separate file(if I remember right the name of the file was /etc/security/msec/local.perm) and those rules overwrite all the other rules for the files mentioned. I checked the file and it did contain the files I defined, and by running msec, I saw that they worked.
I also tried changing msec into the lowest security level, but it didn't help..

msec is not in the services-to-be-started-during-boot -list. Could I add it there? If it was there I could change my permissions back to the right ones, before gdm fires up. It would be a lazy solution, though. Something would still be changing the file permissions against my will, msec would just be there to counter-spell it

msec is really cramping my style.

Despite the custom settings i add (i.e., making usre my movie/audio players can access /dev/mixer-dsp-midi), msec just ignores them--and i'm on security level ONE! i'm tempted to just go to Security level 0...but not sure if that's a good idea...i need help!

when i try to access the file /usr/share/msec/perm.1 the terminal window freezes up...

There's got to be a better way without shutting msec down!

I'm happy now. msec is not troubling me anymore, because I switched to Gentoo . In Gentoo I ran into a same kind of problem that you have Quasaur. The solution was to change pam -policies. see man pam for more info.

Basically I just removed one line in the configuration file(console.perms, I don't remember where it was.. somewhere under /etc anyway) and chmodded the /dev/dir I needed(which was for the nvidia-card) into 0660

To LameKain:

Thanks...i'm going to try your advice--but tell me: why do i need both pam AND msec? Are they doing the same job or taking care of different aspects of the security on my system? What would happen to msec if i uninstalled pam...or vice-versa?

what if i got rid of both of them?...or just msec?

If you want to get rid of pam, I suggest reading this http://www.kernel.org/pub/linux/libs...-html/pam.html . Although I believe pam is quite integrated into the heart of mandrake, so I wouldn't remove it..

Msec is useful to have around, I guess. It keeps your system a bit more safe, but also "cramps your style" if you don't know how to adjust it. IMHO and experience you shouldn't remove any components you haven't chosen as extra during install, or components you haven't installed yourself.

To LameKain:

Wonderful advice...but how do i resolve my issue???
Even changing to Security Level 0 doesnt help...this is rediculous.

Another post said that there's a bug in msec...?

ok.. have you tried executing msec after you set the custom permissions? On my ex-mandrake I found out that by setting the permissions, and then running msec in the terminal window, I got the permissions right. BUT when I rebooted something changed my permissions into the wrong ones again.

IF your permissions change to the correct ones after you run msec, you can be quite sure that there is something else screwing with your permissions during boot time(so msec is probably not the one to blame). You also know that your msec-permissions-file is working.

IF it doesn't work then you should try to open the perm-file in text-mode and see if it has the needed customizations done with drakperm in it (I never trusted the mandrake-control-panel progs... e.g the hard-disk partitioner claims to be able to create ext3-filesystems, but in my case it only f*cked up my partitions. problem was solved by using good'ol commandline mke2fs )

This is a odd and irritating problem. I even sent a question to the mandrake support forum a month ago, and no reply...