Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I have Mandrake 10.0 running KDE on an emachines laptop w/ AMD 2500XP-M. So far everything is great except for this problem:
I have a 60GB hard disk with three partitions: one NTFS partition (contains Windows OS), one FAT32 partition (for sharing data between Windows and Linux, like mp3's, DivX and so forth), and one Linux partition. The FAT32 shows up as /mnt/win_d and it always shows up. I initially had to to go the configuration utility and enter the root password to give admin users write permissions on that drive, but that was fine. A couple of days ago, I started losing permissions to even ACCESS the drive /mnt/win_d, in the middle of my session! If I logout and login I still can't access it, but if I do a restart then I'm fine. Does anybody have any suggestions? I am a 1-week newbie. What could I be doing that makes this happen?
msec is a process that runs in MDK to check security features. Perhaps it changes something it does not like. See your system log for msec messages:
#cat /var/log/messages|grep msec|less
Originally posted by johngcarlsson I see the following lines:
Jul 16 22:01:01 localhost msec: changed mode of /mnt/win_d from 777
to 700
Jul 16 22:01:01 localhost msec: chown /mnt/win_d 3: [Errno 1] Operat
ion not permitted: '/mnt/win_d'
Jul 16 22:01:01 localhost msec: chgrp /mnt/win_d 4: [Errno 1] Operat
ion not permitted: '/mnt/win_d'
does that mean anything?
Yes. msec is trying to change the ownership and permissions for /mnt/win_d .
ls -l /
ls -l /mnt
Will show the current ownership and group and permissions.
See man msec and msec levels .
The behaviour your system exhibits is consistent with "set_root_umask" for msec 5. Are you paranoid? Perhaps you set permissions for normal user access to /mnt/win_d and offended msec. You could try msec 4 if you are not paranoid...
Yes, I did in fact change permissions for/mnt/win_d. I did this through Mandrake Control Center > Security > Permissions. I reckon I did indeed "offend" msec. However I am rather paranoid. What is a good general level to leave msec at?
Also, I don't understand the relationship between msec and the programs accessed in Control Center > Security. The program Control Center > Security > Levels and Checks says that my security level is "Standard," but as you said my computer behaviour suggests that I am at msec level 5 (the highest, right?). Are these two programs totally disparate?
Thanks!
Hi,
According to Control Center, my current security level is 2, and "Levels and Checks" in the Security Control center says that my security level is "Standard." If I login as root and type
#msec
then I get
msec: chown /mnt/win_d 3: [Errno 1] Operation not permitted: '/mnt/win_d'
So I guess this means that something doesn't like the fact that msec wants to change permissions. Is that right? What could that 'something' be?
Thanks!
Is the filesystem that you want to mount on /mnt/win_d mounted? What is in /etc/fstab?
cat /etc/fstab
mount
ls -l /mnt
ls -l /mnt/win_d
FAT32 does not have the concept of ownership and permissions. Perhaps that is the problem. Are you getting any additional messages in /var/log/messages?
#less /var/log/messages will let you search through.
should I put a 'user' in there somewhere? I had assumed that this line was sufficient to mount the drive. Is that incorrect?
Thanks for all your help!
msec wants umask=022 according to http://www.geek-cave.com/tutorials/msec/levels which gives files and directories rwx r-x r-x permissions. Your msec seems to want umask-077 which is the paranoid-5 level. I wonder if there is something wrong with your msec configuration.
You might also add dmask=022 for directories and fmask for files.
umask=0 gives everyone rwx permissions which is dangerous. A malicious user/process could plant some malware, or delete something. That would freak out msec. You would have to customize msec if you really wanted that.
After you have examined this stuff and still cannot get it to work, it would be time to report the problem up the foodchain.
There seems to be some variability about the security levels. I think the only way to know for sure what you have is to examine the .conf files for msec. The GUI operates by passing information to scripts. If there is an error in one of the scripts or the GUI, you are one level further away from understanding the problem.
Hi,
Thank you very kindly for all of your help. I read the man pages for msec and mseclib but it appears to me that these are functioning appropriately. My /var/lib/msec/security.conf looks correct, from what I have read:
and /etc/security/msec/security.conf is an empty file. At first I thought "ah-hah! It must be that I should override /var/lib/msec/security.conf here by telling it to open up permissions to the windows drive!" But then after reading the man page for msec I see that the proper place for this is the file /etc/security/msec/perm.local, which does in fact contain the line
/mnt/win_d adm.adm 700
as desired. My /etc/security/msec/level.local is also empty. Would this be the correct place to put in a line that says
But then after reading the man page for msec I see that the proper place for this is the file /etc/security/msec/perm.local, which does in fact contain the line
/mnt/win_d adm.adm 700
The 700 means owner group other
rwx - - - - - -
This code is binary/octal with each digit formed from three bits for read write execute
If you want ordinary users (others) to be able to read the stuff use 744 for readonly or 766 for read/write and 777 for everyone to read/write/execute (shudder!)
Hello,
Actually, I think I have found the problem. It seems that a lot of Linux newbies have this problem, because FAT32 doesn't have the same permissions structure that Linux-formatted drives do, and that confuses dumb people like me. It sounds as though you have to change /etc/fstab (which you suggested before, and I didn't understand it as well as I thought I did, but now it makes more sense)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
