/mnt permissions

[Urza9814]

I have all my music stored on a windoze drive, so instead of copying it all over, I just run it straight from /mnt/winE. But after a while (half hour to an hour I believe), the permissions on /mnt get reset, and it says it can't find the files until I do a 'chmod 777 /mnt'

Anyone know how to make it stop resetting the permissions? I have permission to everything under the winE folder and stuff, but I need read permission for /mnt too, which won't stay.

 

[moved from Software by spinynorman]

[tyme]

what's the line in your /etc/fstab for the win partition look like?

[Urza9814]

/dev/hda6 /mnt/winE vfat umask=0022,user,codepage=850,iocharset=iso8859-1 0 0

 

I don't think it's a problem with the partition...I don't have to mess with that at all, I just have to chmod /mnt....but hey, of course I dunno what's wrong, that's why I'm asking you :P

[tyme]

what msec are you running at?

[Urza9814]

well...I dunno what msec is...I googled it, found this:

http://linux.about.com/cs/linux101/g/msec.htm

 

so I'm assuming you mean what security level did I choose during the install....I kinda thought that might be a problem..um....I did 'paranoid'...because I am paranoid, and that's what I always choose and it's never been a problem...I did notice the message saying you wouldn't be able to access windows drives, but the only setting that didn't have that was 'standard', and I didn't wanna go that low (I do run several servers off my computer sometimes, so....)

[aioshin]

the resetting of that permission was due to MSEC, msec runs a cron job that change thus world writable files back to its default, so to ovecome that, you may try to change some settings there.. you can lunch as root in your console draksec and change something there..

[Urza9814]

ah, that's quite helpful. Thanks :)

[ianw1974]

My lines in fstab for Windows based partitions read:

 

/dev/hda1 /mnt/windows ntfs umask=0

 

whilst this is for ntfs, the umask=0 would most likely do the trick. If I change this to someone else, I have problems accessing as a normal user. There is more after the umask=0, but I've truncated it, as the rest wasn't relevant. Just the umask bit I wanted to show.

[Urza9814]

Well, umask 0 is write access, which I don't need. 0022 is read-only, but it should still work....

I still have to play around with the MSEC settings to see if I can get it working...since I have to wait an hour to see if it works, it's going quite slow...heh

If nothing else I can disable the hourly checks, but I'm trying to get it working without that.

[lavaeolus]

paranoid is a bit high if you're not using your system as a server (higher and paranoid are indeed intended for use on servers), it is better to use a lower basic security setting and set those things that you need up to a higher level, basically high is enough for a normal workstation, from there you can set some additional permissions with drakperm, so you can tailor the system much more to your needs (it is easier to add some bricks to a wall than to tear holes in it)

Edited July 22, 2006 by lavaeolus

[arctic]

Msec 2 (= normal) has been enough on my workstations. WIth some extra-configuration you will have a very secure system without the need for the "paranoid" settings. Voluntary penetration attempts on my boxes failed miserably with Msec 2 in place.

[lavaeolus]

yes, even 2 should suffice, just make sure that mandi (the firewall) is active when you connect to the internet and you'll be fine, testing on www.pcflank.com showed all my ports as stealthed, so nothing to worry

 

if you are running server-programs from time-to-time you should consider using different network profiles (e. g. an internet profile and a server profile)

Edited July 22, 2006 by lavaeolus

[Urza9814]

My computer is in my router's DMZ (port forwarding never works right) and I'm running webmin, apache, and sometimes ProFTPD.

And I used to have 4 different firewalls on this computer. I'm paranoid.

[tyme]

you're paranoid but you're using FTP? :unsure:

 

FTP = username and password sent in clear text. no encoded. very bad. you should setup ssh so you can use sftp.

[scarecrow]

Normally, the firewall of a good router is enough- no need for shorewalls etc (and after all, most router firmwares are nothing more than a minimalistic Linux distro, which acts like a firewall/dhcp server/ gateway, and is administered via a web ui).

I agree that traditional ftp is highly insecure, and ftp via ssl more secure, but resourcess-hungry.

Since ssh/sftp is available by only installing the openssh binaries, why not use that one instead- way more secure than ftp, and way less demanding than ftp over ssl. Windoze users can do their sftp job perfectly well using a bunch of free/opensource apps (Filezilla, PuTTy, WinSCP...).

Edited July 24, 2006 by scarecrow