DrakPerm: Control File Permissions

Abstract

In the section called “DrakSec: Securing your Machine”, we have seen how to change your system's security level and customize the security checks associated to those levels.

drakperm allows you to customize the permissions that should be associated with each file and directory in the system: configuration, personal files, applications, etc. If the owners and permissions listed here do not match the actual permissions of the files in the system, then msec (which stands for Mandrakelinux Security Tool) will change them during its hourly checks. Those modifications can help prevent possible security holes or a possible intrusion.

Figure 18.3. Configuring File Permission Checks

Configuring File Permission Checks

The list of files and directories that appears will depend on the current system's security level as set by msec and their expected permissions for that security level. For each entry (Path) there is the corresponding owner (User), owner group (Group) and Permissions. In the drop-down menu at the top of the list, you can choose to display only msec rules (System settings), your own user-defined rules (Custom settings) or both of them as in the example shown in Figure 18.3, “Configuring File Permission Checks”.

[Note]Note

You cannot edit system rules, as stated by the “Do not enter” sign on the left. However, you can override them by adding custom rules.

If you wish to add your own rules for specific files, or modify the default behavior, display the Custom settings list, and click on the Add a rule button.

Figure 18.4. Adding a File Permissions Rule

Adding a File Permissions Rule

Let us imagine your current security level is set to 3 (high). This means that only the owners of the home directories will be able to browse them. If you wish to share the content of Queen's home directory with others, you will need to modify the /home/queen/ directory permissions.

Filling the new rule dialog as seen in Figure 18.4, “Adding a File Permissions Rule” accomplishes this.

If you create more rules, you can change their priorities by moving them up and down the rules list: use the Up and Down buttons on your custom rules to have more control over your system's permissions.

When you are satisfied with your settings, do not forget to save your changes by clicking on the OK button.