MDK 9.1 resets user premission

[Noob-MDK91]

Hi everyone,

 

I just installed Mandrake 9.1 from the 3 cd's I downloaded.

Installed it on a old DELL/POWEREDGE by doing so:

 

on a installed Mandrake 8.1 server

 

copy all disks to /home/me-user (me-user = myname)

 

made a hd.rdz disk for installing.

Eveything went fine I dicided to upgrade to Mandrake 9.1 BAMBOO

 

setting everything and then it says install complete.

 

Okay then reboot

Ohh now what got an KERNEL PANIC no init found

after searching the net and looking into some forms I couldn't figure it out.

so I did a fresh install of MDK9.1 formatting all disks exept /dev/sda8 because there is the Mandrake/base located.

 

After selecting all packages I want to install everything went great.

 

So now I can start my MDK9.1 worked fine but can't login as root.

I can login as my-name witch I created in the SETUP and then do "su - root" witch works. (I'll be looking into the root problem later)

 

HERE'S THE PROBLEM

 

Got Apache 2.0 running and enabled public_html

in the directory /home I have two users with the premissions set as followed

example:

 

/home/user1 drwx------

/home/user2` drwx------

 

now when I access //mydomain.com/~user1

 

It says Forbidden.

 

so I do:

 

chmod -c 755 user1

 

and now it has premission

 

/home/user1 drwxr-xr-x

 

and /mydomain.com/~user works but just for a while and then

the directory has premission is:

 

/home/user1 drwx------

 

how is this happend??

 

I also chmod public_html and changed the owner and group to apache

public_html has DRWXR-XR-X and that is okay. Right?

 

why does mandrake restores the premission on /home/*

 

Any help would be nice.

 

Thanks in advance,

 

Vincent Stans

[Michel]

I don't know which security-level you are running, but if you have level 4, you have this bheviour indeed.

 

You can change the level on the commandline using:

 

msec <level>

 

you could try

msec 3

 

to lower it. Personnaly I like level 4. But you can make some personal adjustments.

 

Level 4:

 

you cannot login as root directley

home users cannot access eachother directories

 

and what I changed...:

I couldn't access /proc.

 

There is a script that runs every X time that resets this permissions if changed.

 

So, all weel .. but how do you change it.

 

The root- thing: haven't figured taht out, but like that option personnaly..and don't have to time to find out now..but hopefully someone else will.

 

For the permissions:

The script searches for which permissions have to apply in the /usr/share/msec-directory.

 

If you open the file perm>.<your level: I would try 4 or higher for you first>

 

you'll see the permissions the appropriate directories/files(I suppose) have to have:

just change the users/group/permissions ..

 

If you have to change alot, I suppose it's possible to create your custom-file.

 

I think you can adjust the root-behaviour in the level.<your level> file. (I want to know how you can do this without msec.)

 

 

To apply the changes while running: msec <your desired level>

Edited November 23, 2003 by Michel

[Noob-MDK91]

Thanks Michel for the fast response

 

I looked into "/usr/share/msec/prem.3" and there I found it:

 

/home/ root.root 755

/home/* current 711

 

but as you said I first looked into "prem.4" and there i found this:

 

/home/ root.adm 751

home/* current 700

 

so I changed the "700" to "755" and did not do

 

msec 4

 

on the command line because I thought the cron job will do that later if not I can still do "msec 4" to do the job.

 

QUESTION:

 

If I change to "msec 3" will there be any service that quits.

 

from 1 to 1000 :) jump

 

all way off topic: isn't "shorewall" the same as "iptables" cause if I start shorewall it looks like iptables is also started that would mean that shorewall is just a EXTRA service that's running.

I'm using pentium so every USELESS service should be stopped.

 

of course I can be wrong here.

 

Thanks for any help