[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chmod of generated grub.cfg

From: Vladimir 'phcoder' Serbinenko
Subject: Re: chmod of generated grub.cfg
Date: Sun, 6 Sep 2009 19:22:36 +0200

On Sun, Sep 6, 2009 at 3:38 PM, Colin Watson<address@hidden> wrote:
> On Sun, Sep 06, 2009 at 02:29:03PM +0200, Felix Zielcke wrote:
>> Currently grub-mkconfig uses chmod 444 on the newly generated grub.cfg
>> Wouldn't it be better to use 400 now that we have plaintext password
>> support?
>> Or should we add support for a GRUB_CHMOD variable so users can override
>> this setting as they please?
> I'd prefer to see this done only if they set a password. A GRUB_CHMOD
> variable seems overkill, though.
Is there a reason a non-root would like to look at grub.cfg on
production system? Developers can always override chmod. If there is
no real reason for non-root to look into grub.cfg I would follow the
best friend in security considerations called "paranoia" and just use
mode 400
>> Else I'd need to add a /etc/grub.d/999_chmod file in grub-installer
>> which changes the mode of if the user wants to have a
>> password.
> I think it'd be more sensible to do this in grub-mkconfig itself - it
> doesn't really fit well into the /etc/grub.d/ hook system, which is
> really just for generating output.

> --
> Colin Watson                                       address@hidden
> _______________________________________________
> Grub-devel mailing list
> address@hidden

Vladimir 'phcoder' Serbinenko

Personal git repository:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]